CN114760038A - Identity authentication method and device - Google Patents

Abstract

Translated fromChinese

本申请公开了一种身份鉴别方法，包括：鉴别接入控制器AAC接收请求设备REQ发送的身份密文消息，其包括REQ利用加密证书的公钥对包括REQ的身份信息和第一身份密钥在内的信息加密生成的第一身份信息密文，AAC向第一鉴别服务器发送包括第一身份信息密文和AAC的身份鉴别码的第一鉴别请求消息，第一鉴别服务器根据AAC的身份鉴别码对AAC身份合法性进行验证生成第一鉴别结果信息，第二鉴别服务器根据REQ的数字证书对REQ身份合法性进行验证生成第二鉴别结果信息，REQ和AAC分别获取对端的鉴别结果信息，实现双向身份鉴别，并且实体敏感信息以密文形式传输，保障了实体安全。

The present application discloses an identity authentication method, which includes: an authentication access controller AAC receives an identity ciphertext message sent by a requesting device REQ, which includes the REQ using a public key of an encryption certificate to pair the identity information including REQ and a first identity key The first identity information ciphertext generated by the encryption of the information including the AAC sends a first authentication request message including the first identity information ciphertext and the identity authentication code of the AAC to the first authentication server, and the first authentication server authenticates according to the identity of the AAC. The code verifies the legitimacy of the AAC's identity to generate the first authentication result information, the second authentication server verifies the legitimacy of the REQ's identity according to the REQ's digital certificate, and generates the second authentication result information. Two-way identity authentication, and the sensitive information of the entity is transmitted in the form of cipher text, which ensures the security of the entity.

Description

Translated fromChinese

一种身份鉴别方法和装置A kind of identity authentication method and device

技术领域technical field

本申请涉及网络通信安全技术领域，特别是涉及一种身份鉴别方法和装置。The present application relates to the technical field of network communication security, and in particular, to an identity authentication method and device.

背景技术Background technique

目前，通信网络通常要求在用户和网络接入点之间执行双向身份鉴别，确保合法用户访问合法网络，在已有的实体鉴别方案中，实体的身份要么统一采用数字证书，要么实体之间采用预共享密钥的形式，但在实际应用中某些场景下，面临一端采用数字证书作为身份凭证、另一端采用预共享密钥作为身份凭证的情况，这对实体身份鉴别机制提出了挑战。At present, communication networks usually require two-way identity authentication between users and network access points to ensure that legitimate users can access legitimate networks. The form of pre-shared key, but in some scenarios in practical applications, one end uses a digital certificate as an identity credential, and the other end uses a pre-shared key as an identity credential, which poses a challenge to the entity identity authentication mechanism.

另外，在身份鉴别过程中，直接暴露实体的身份信息，而某些时候，实体的身份信息包含了实体的若干私密或敏感信息，譬如身份证号、家庭住址、银行卡信息等，若被攻击者截获继而被其利用从事非法活动，后果将不堪设想，如何在不暴露身份敏感信息的前提下完成实体身份鉴别成为当务之急。In addition, in the process of identity authentication, the identity information of the entity is directly exposed, and sometimes, the identity information of the entity contains some private or sensitive information of the entity, such as ID number, home address, bank card information, etc. If someone intercepted and then used it to engage in illegal activities, the consequences would be unimaginable. How to complete entity identification without exposing sensitive identity information has become a top priority.

发明内容SUMMARY OF THE INVENTION

为了解决上述技术问题，本申请提供了一种身份鉴别方法和装置，能够实现在请求设备采用数字证书、鉴别接入控制器采用预共享密钥作为身份凭证的情况下实体双向身份鉴别以及实体的身份保护。In order to solve the above-mentioned technical problems, the present application provides an identity authentication method and device, which can realize the two-way identity authentication of the entity and the identification of the entity in the case that the requesting device adopts a digital certificate and the authentication access controller adopts a pre-shared key as the identity credential. Identity protection.

有鉴于此，本申请第一方面提供了一种身份鉴别方法，包括：In view of this, the first aspect of the present application provides an identity authentication method, including:

鉴别接入控制器接收请求设备发送的身份密文消息，所述身份密文消息包括第一身份信息密文；所述第一身份信息密文是所述请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的；所述请求设备的身份信息包括所述请求设备的数字证书；所述第一身份密钥包括第二密钥；The authentication access controller receives the identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the first identity information ciphertext; the first identity information ciphertext is the public key pair of the encryption certificate used by the requesting device, including The identity information of the requesting device and the information including the first identity key of the requesting device are encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key includes the second key;

所述鉴别接入控制器向其信任的第一鉴别服务器发送第一鉴别请求消息，所述第一鉴别请求消息中包括所述第一身份信息密文和所述鉴别接入控制器的身份鉴别码；所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的；The authentication access controller sends a first authentication request message to its trusted first authentication server, where the first authentication request message includes the ciphertext of the first identity information and the identity authentication of the authentication access controller The identity authentication code of the authentication access controller is that the authentication access controller uses the pre-shared key with the first authentication server, and adopts the cryptographic algorithm agreed with the first authentication server to pair all data including It is calculated and generated from the information including the ciphertext of the first identity information;

所述鉴别接入控制器接收所述第一鉴别服务器发送的第一鉴别响应消息，所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名，所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的，所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果，所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥，采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的；The authentication access controller receives a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first number of the second authentication server trusted by the requesting device signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first authentication result information The digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair including the second authentication result information. The information including the authentication result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first message authentication code of the first authentication server. An authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;

所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法验证所述第一鉴别服务器的第一消息鉴别码，若验证通过，向所述请求设备发送第三鉴别响应消息，所述第三鉴别响应消息中包括身份鉴别结果信息密文，所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和所述第一数字签名在内的加密数据加密生成的；The authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server. If the verification passes , send a third authentication response message to the requesting device, the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication access controller using a message encryption key Generated by encrypting the encrypted data including the first authentication result information and the first digital signature;

所述请求设备利用所述消息加密密钥解密所述身份鉴别结果信息密文得到所述第一鉴别结果信息和所述第一数字签名；The requesting device decrypts the ciphertext of the identity authentication result information by using the message encryption key to obtain the first authentication result information and the first digital signature;

所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证，若验证通过，则所述请求设备根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；当所述请求设备确定所述鉴别接入控制器的身份鉴别结果为合法时，向所述鉴别接入控制器发送第四鉴别响应消息；或者，The requesting device verifies the first digital signature by using the public key of the second authentication server, and if the verification is passed, the requesting device determines the first digital signature according to the first verification result in the first authentication result information. The identity authentication result of the authentication access controller; when the requesting device determines that the identity authentication result of the authentication access controller is legal, it sends a fourth authentication response message to the authentication access controller; or,

所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证，若验证通过，则所述请求设备向所述鉴别接入控制器发送第四鉴别响应消息以及根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；或者，The requesting device verifies the first digital signature by using the public key of the second authentication server, and if the verification is passed, the requesting device sends a fourth authentication response message to the authentication access controller and sends a fourth authentication response message to the authentication access controller. The first verification result in the first authentication result information determines the identity authentication result of the authentication access controller; or,

所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证；若所述第一数字签名验证通过，则所述请求设备根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；所述请求设备向所述鉴别接入控制器发送第四鉴别响应消息；The requesting device verifies the first digital signature by using the public key of the second authentication server; if the verification of the first digital signature passes, the requesting device verifies the first digital signature according to the first authentication result information. A verification result determines the identity authentication result of the authentication access controller; the requesting device sends a fourth authentication response message to the authentication access controller;

其中，所述第四鉴别响应消息包括第二密钥密文，所述第二密钥密文是利用所述消息加密密钥对包括所述第二密钥在内的信息加密生成的；Wherein, the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by encrypting information including the second key by using the message encryption key;

所述鉴别接入控制器接收到所述第四鉴别响应消息后，利用所述消息加密密钥解密所述第二密钥密文得到第二密钥，利用所述第二密钥对所述第二鉴别结果信息密文进行解密得到第二鉴别结果信息，根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。After receiving the fourth authentication response message, the authentication access controller decrypts the second key ciphertext by using the message encryption key to obtain a second key, and uses the second key to encrypt the second key. The ciphertext of the second authentication result information is decrypted to obtain second authentication result information, and the identity authentication result of the requesting device is determined according to the second verification result in the second authentication result information.

本申请第二方面提供了一种请求设备，包括：A second aspect of the present application provides a requesting device, including:

加密模块，用于利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成第一身份信息密文，所述请求设备的身份信息包括所述请求设备的数字证书，所述第一身份密钥包括第二密钥；An encryption module, configured to encrypt the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate to generate a ciphertext of the first identity information, the identity of the requesting device the information includes a digital certificate for the requesting device, and the first identity key includes a second key;

发送模块，用于向鉴别接入控制器发送身份密文消息，所述身份密文消息包括所述第一身份信息密文；a sending module, configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the first identity information ciphertext;

接收模块，用于接收所述鉴别接入控制器发送的第三鉴别响应消息，所述第三鉴别响应消息中包括身份鉴别结果信息密文，所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和第一数字签名在内的加密数据加密生成的；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述请求设备信任的第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名；The receiving module is configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication access controller. The incoming controller encrypts the encrypted data including the first authentication result information and the first digital signature by using the message encryption key; the first authentication result information includes the first verification of the authentication access controller. As a result, the first digital signature is a digital signature calculated and generated by the second authentication server trusted by the requesting device on the signature data including the first authentication result information;

解密模块，用于利用所述消息加密密钥解密所述身份鉴别结果信息密文得到所述第一鉴别结果信息和所述第一数字签名；A decryption module for decrypting the ciphertext of the identity authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature;

验证模块，用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证，若验证通过，则确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；当所述确定模块确定所述鉴别接入控制器的身份鉴别结果为合法时，所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息；或者，A verification module, configured to use the public key of the second authentication server to verify the first digital signature, and if the verification is passed, the determination module determines the authentication according to the first verification result in the first authentication result information The identity authentication result of the access controller; when the determining module determines that the identity authentication result of the authentication access controller is valid, the sending module sends a fourth authentication response message to the authentication access controller; or ,

用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证，若验证通过，则所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息以及确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；或者，For using the public key of the second authentication server to verify the first digital signature, if the verification is passed, the sending module sends a fourth authentication response message to the authentication access controller and the determination module is based on the The first verification result in the first authentication result information determines the identity authentication result of the authentication access controller; or,

用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证；若所述第一数字签名验证通过，则确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息；for verifying the first digital signature by using the public key of the second authentication server; if the first digital signature is verified, the determination module determines according to the first verification result in the first authentication result information the identity authentication result of the authentication access controller; the sending module sends a fourth authentication response message to the authentication access controller;

其中，所述第四鉴别响应消息包括第二密钥密文，所述第二密钥密文是所述加密模块利用消息加密密钥对包括所述第二密钥在内的信息加密生成的。Wherein, the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by the encryption module using a message encryption key to encrypt information including the second key .

本申请第三方面提供了一种鉴别接入控制器，包括：A third aspect of the present application provides an authentication access controller, including:

接收模块，用于接收请求设备发送的身份密文消息，所述身份密文消息包括第一身份信息密文；所述第一身份信息密文是所述请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的；所述请求设备的身份信息包括所述请求设备的数字证书；所述第一身份密钥包括第二密钥；A receiving module, configured to receive an identity ciphertext message sent by a requesting device, where the identity ciphertext message includes a first identity information ciphertext; the first identity information ciphertext is a public key pair that the requesting device utilizes an encryption certificate to include: The identity information of the requesting device and the information including the first identity key of the requesting device are encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key includes the second key;

发送模块，用于向所述鉴别接入控制器信任的第一鉴别服务器发送第一鉴别请求消息，所述第一鉴别请求消息中包括所述第一身份信息密文和所述鉴别接入控制器的身份鉴别码；所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的；A sending module, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the authentication access control The identity authentication code of the authentication access controller; the authentication access controller's identity authentication code is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the password agreed with the first authentication server. The algorithm calculates and generates the information including the ciphertext of the first identity information;

所述接收模块还用于接收所述第一鉴别服务器发送的第一鉴别响应消息，所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名，所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的，所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果，所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥，采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的；The receiving module is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first number of the second authentication server trusted by the requesting device signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first authentication result information The digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair including the second authentication result information. The information including the authentication result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first message authentication code of the first authentication server. An authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;

验证模块，用于利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法验证所述第一鉴别服务器的第一消息鉴别码；a verification module, configured to use the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting a cryptographic algorithm agreed with the first authentication server;

所述发送模块，还用于若验证通过，向所述请求设备发送第三鉴别响应消息，所述第三鉴别响应消息中包括身份鉴别结果信息密文，所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和所述第一数字签名在内的加密数据加密生成的；The sending module is further configured to send a third authentication response message to the requesting device if the verification is passed, where the third authentication response message includes the ciphertext of the identity authentication result information, and the ciphertext of the identity authentication result information is the The authentication access controller uses a message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature;

所述接收模块，还用于接收所述请求设备发送的第四鉴别响应消息，所述第四鉴别响应消息包括第二密钥密文，所述第二密钥密文是利用所述消息加密密钥对包括所述第二密钥在内的信息加密生成的；The receiving module is further configured to receive a fourth authentication response message sent by the requesting device, where the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is encrypted by using the message The key is generated by encrypting the information including the second key;

解密模块，用于利用所述消息加密密钥解密所述第二密钥密文得到第二密钥，利用所述第二密钥对所述第二鉴别结果信息密文进行解密得到第二鉴别结果信息；A decryption module, configured to decrypt the second key ciphertext by using the message encryption key to obtain a second key, and use the second key to decrypt the second authentication result information ciphertext to obtain a second authentication result information;

确定模块，用于根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。A determination module, configured to determine the identity authentication result of the requesting device according to the second verification result in the second authentication result information.

本申请第四方面提供了一种第一鉴别服务器，包括：A fourth aspect of the present application provides a first authentication server, including:

接收模块，用于接收鉴别接入控制器发送的第一鉴别请求消息，所述第一鉴别请求消息中包括第一身份信息密文和所述鉴别接入控制器的身份鉴别码，所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的，所述请求设备的身份信息包括所述请求设备的数字证书，所述第一身份密钥包括第二密钥，所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的；The receiving module is configured to receive the first authentication request message sent by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the identity authentication code of the authentication access controller, the first authentication request message An identity information ciphertext is generated by the requesting device by encrypting the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate, and the identity information of the requesting device includes The digital certificate of the requesting device, the first identity key includes a second key, and the identity authentication code of the authentication access controller is the authentication access controller using the pre-preset with the first authentication server. a shared key, which is calculated and generated from the information including the ciphertext of the first identity information by using the cryptographic algorithm agreed with the first authentication server;

发送模块，用于向所述鉴别接入控制器发送第一鉴别响应消息，所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名，所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的，所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果，所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥，采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的。A sending module, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information, the first digital signature of the second authentication server trusted by the requesting device, The ciphertext of the second authentication result information and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first digital signature is a digital signature generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result The information including the information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code. The server uses the pre-shared key with the authentication access controller, and uses the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information.

本申请第五方面提供了一种第二鉴别服务器，包括：A fifth aspect of the present application provides a second authentication server, including:

接收模块，用于接收第一鉴别服务器发送的第二鉴别请求消息，所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二数字签名或所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二消息鉴别码；其中，所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的，所述请求设备的身份信息包括所述请求设备的数字证书，所述第一身份密钥包括第二密钥；所述第二数字签名是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成的或所述第二消息鉴别码是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成的；A receiving module, configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second digital signature or the second authentication The request message includes the first authentication result information, the ciphertext of the first identity information and the second message authentication code; wherein, the ciphertext of the first identity information is the identity of the requesting device that is used by the requesting device using the public key of the encryption certificate information and information including the first identity key of the requesting device are encrypted and generated, the identity information of the requesting device includes the digital certificate of the requesting device, and the first identity key includes the second key; the The second digital signature is calculated and generated by the first authentication server on the signature data including the first authentication result information and the ciphertext of the first identity information, or the second message authentication code is the first authentication code. An authentication server calculates and generates the information including the first authentication result information and the ciphertext of the first identity information;

验证模块，用于利用所述第一鉴别服务器的公钥验证所述第二数字签名或利用与所述第一鉴别服务器的预共享密钥验证所述第二消息鉴别码，若验证通过，则利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥，对所述请求设备的数字证书进行合法性验证得到第二验证结果；A verification module, configured to verify the second digital signature using the public key of the first verification server or verify the second message verification code using the pre-shared key with the first verification server, if the verification is passed, then Decrypt the ciphertext of the first identity information with the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the second key, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;

生成模块，用于根据包括所述第二验证结果在内的信息生成所述第二鉴别结果信息，利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文，对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名，对包括所述第二鉴别结果信息密文在内的签名数据计算生成第三数字签名或对包括所述第二鉴别结果信息密文在内的信息计算生成第三消息鉴别码；A generating module, configured to generate the second authentication result information according to the information including the second authentication result, and use the second key to encrypt the information including the second authentication result information to generate the second authentication result Information ciphertext, calculating the signature data including the first authentication result information to generate a first digital signature, calculating the signature data including the second authentication result information ciphertext to generate a third digital signature or The information including the ciphertext of the second authentication result information is calculated to generate a third message authentication code;

发送模块，用于向所述第一鉴别服务器发送的第二鉴别响应消息，所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三消息鉴别码。A sending module, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result The ciphertext of the information and the third digital signature or the second authentication response message includes the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the third message Authentication code.

由上可知：在本申请提供的一种身份鉴别方法中，请求设备采用数字证书作为其身份凭证，鉴别接入控制器采用预共享密钥作为其身份凭证，在身份鉴别过程中，请求设备先向鉴别接入控制器发送身份密文消息，该身份密文消息中包括第一身份信息密文，即请求设备利用加密证书的公钥对包括请求设备的身份信息和请求设备的第一身份密钥在内的信息加密生成的密文，其中，请求设备的身份信息包括其数字证书，第一身份密钥包括第二密钥，鉴别接入控制器利用与其信任的第一鉴别服务器的预共享密钥和约定的密码算法对包括第一身份信息密文在内的信息计算生成鉴别接入控制器的身份鉴别码，并向第一鉴别服务器发送携带有第一身份信息密文和鉴别接入控制器的身份鉴别码的第一鉴别请求消息，由请求设备信任的第二鉴别服务器对请求设备的数字证书的合法性进行验证，由所述第一鉴别服务器对鉴别接入控制器的身份鉴别码进行验证，完成验证后，第一鉴别服务器向鉴别接入控制器发送第一鉴别响应消息，第一鉴别响应消息中包括第一鉴别结果信息、第二鉴别服务器的第一数字签名、第二鉴别结果信息密文及第一鉴别服务器的第一消息鉴别码，然后鉴别接入控制器利用与第一鉴别服务器的预共享密钥和约定的密码算法验证第一鉴别服务器的第一消息鉴别码，验证通过后，向请求设备发送携带身份鉴别结果信息密文的第三鉴别响应消息，请求设备利用消息加密密钥解密身份鉴别结果信息密文得到第一鉴别结果信息，并从中获得鉴别接入控制器的验证结果，当确定鉴别接入控制器身份合法时，向鉴别接入控制器发送包括第二密钥密文的第四鉴别响应消息，鉴别接入控制器利用消息加密密钥解密第二密钥密文得到第二密钥，利用第二密钥对第二鉴别结果信息密文解密得到第二鉴别结果信息，从第二鉴别结果信息中获取请求设备的验证结果，从而实现请求设备和鉴别接入控制器的双向身份鉴别，为保证只有合法用户才能访问合法网络奠定基础。并且，实体的身份信息和/或身份鉴别结果信息以密文形式传输，保障私密信息在传输过程中的安全性，实现实体的身份保护。It can be seen from the above: in an identity authentication method provided by this application, the requesting device uses a digital certificate as its identity credential, and the authentication access controller uses a pre-shared key as its identity credential. Send an identity ciphertext message to the authentication access controller, the identity ciphertext message includes the first identity information ciphertext, that is, the requesting device uses the public key of the encryption certificate to pair the identity information of the requesting device and the first identity secret of the requesting device. The ciphertext generated by the encryption of the information including the key, wherein the identity information of the requesting device includes its digital certificate, the first identity key includes the second key, and the authentication access controller utilizes the pre-sharing with the first authentication server it trusts. The key and the agreed cryptographic algorithm calculate the information including the first identity information ciphertext to generate an identity authentication code that authenticates the access controller, and send the ciphertext carrying the first identity information and the authentication access controller to the first authentication server. The first authentication request message of the identity authentication code of the controller, the second authentication server trusted by the requesting device verifies the legality of the digital certificate of the requesting device, and the first authentication server authenticates the identity of the authentication access controller. After the verification is completed, the first authentication server sends a first authentication response message to the authentication access controller. The first authentication response message includes the first authentication result information, the first digital signature of the second authentication server, the second authentication response The ciphertext of the authentication result information and the first message authentication code of the first authentication server, and then the authentication access controller uses the pre-shared key with the first authentication server and the agreed cryptographic algorithm to verify the first message authentication code of the first authentication server , after the verification is passed, send the third authentication response message carrying the ciphertext of the identity authentication result information to the requesting device, and the requesting device uses the message encryption key to decrypt the ciphertext of the identity authentication result information to obtain the first authentication result information, and obtains the authentication access from it. The authentication result of the controller, when it is determined that the identity of the authentication access controller is valid, the authentication access controller sends a fourth authentication response message including the ciphertext of the second key to the authentication access controller, and the authentication access controller uses the message encryption key to decrypt the first authentication response message. The second key is obtained from the two-key ciphertext, and the second authentication result information ciphertext is decrypted with the second key to obtain the second authentication result information, and the verification result of the requesting device is obtained from the second authentication result information, so as to realize the requesting device. The two-way identity authentication of the access controller and the authentication access controller lays the foundation for ensuring that only legitimate users can access the legitimate network. In addition, the entity's identity information and/or identity authentication result information is transmitted in the form of cipher text, which ensures the security of private information during the transmission process and realizes the entity's identity protection.

附图说明Description of drawings

为了更清楚地说明本申请实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅是本申请的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动性的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that are used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments of the present application, and for those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.

图1为本申请实施例提供的一种身份鉴别方法的示意图；1 is a schematic diagram of an identity authentication method provided by an embodiment of the present application;

图2为本申请实施例提供的一种请求设备REQ和鉴别接入控制器AAC协商消息加密密钥的方法的示意图；2 is a schematic diagram of a method for requesting a device REQ and an authentication access controller AAC to negotiate a message encryption key according to an embodiment of the present application;

图3为本申请实施例提供的一种身份鉴别方法的示意图，其中“*”表示可选的字段或可选的操作；3 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;

图4为本申请实施例提供的一种身份鉴别方法的示意图，其中“*”表示可选的字段或可选的操作；4 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;

图5为本申请实施例提供的一种身份鉴别方法的示意图，其中“*”表示可选的字段或可选的操作；5 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;

图6为本申请实施例提供的一种身份鉴别方法的示意图，其中“*”表示可选的字段或可选的操作；6 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;

图7为本申请实施例提供的一种请求设备REQ的结构框图；7 is a structural block diagram of a requesting device REQ provided by an embodiment of the present application;

图8为本申请实施例提供的一种鉴别接入控制器AAC的结构框图；FIG. 8 is a structural block diagram of an authentication access controller AAC according to an embodiment of the present application;

图9为本申请实施例提供的一种第一鉴别服务器AS-AAC的结构框图；FIG. 9 is a structural block diagram of a first authentication server AS-AAC according to an embodiment of the present application;

图10为本申请实施例提供的一种第二鉴别服务器AS-REQ的结构框图。FIG. 10 is a structural block diagram of a second authentication server AS-REQ according to an embodiment of the present application.

具体实施方式Detailed ways

在通信网络中，请求设备可以通过鉴别接入控制器访问网络，为了确保访问网络的请求设备属于合法用户，以及请求设备访问的网络为合法网络，鉴别接入控制器和请求设备之间需要进行双向身份鉴别(Mutual Identity Authentication，简称MIA)。In a communication network, the requesting device can access the network through the authentication access controller. In order to ensure that the requesting device accessing the network belongs to a legitimate user and the network that the requesting device accesses is a legitimate network, the authentication between the access controller and the requesting device needs to be performed. Mutual Identity Authentication (MIA for short).

以目前的无线通信和移动通信场景为例，在请求设备通过鉴别接入控制器接入无线网络的场景下，请求设备可以为手机、个人数字助理(Personal Digital Assitant，简称PDA)、平板电脑等终端设备，鉴别接入控制器可以是无线接入点、无线路由器等网络侧设备。在请求设备通过鉴别接入控制器接入有线网络的场景下，请求设备可以为台式机、笔记本电脑等终端设备，鉴别接入控制器可以是交换机或路由器等网络侧设备。在请求设备通过鉴别接入控制器接入第四/五代移动通信技术(the 4th/5th Generation mobilecommunication technology，简称4G/5G)网络的场景下，请求设备可以为手机、平板电脑等终端设备，鉴别接入控制器可以为基站等网络侧设备。当然，本申请同样适用于其他有线网络、近距离通信网络等各种数据通信场景。Taking the current wireless communication and mobile communication scenarios as an example, in the scenario where the requesting device accesses the wireless network through the authentication access controller, the requesting device may be a mobile phone, a personal digital assistant (PDA), a tablet computer, etc. The terminal device, the authentication access controller can be a network side device such as a wireless access point and a wireless router. In the scenario where the requesting device accesses the wired network through the authentication access controller, the requesting device may be a terminal device such as a desktop computer or a notebook computer, and the authentication access controller may be a network-side device such as a switch or a router. In the scenario where the requesting device accesses the 4th/5th Generation mobile communication technology (4G/5G) network through the authentication access controller, the requesting device may be a terminal device such as a mobile phone and a tablet computer. The access controller may be a network side device such as a base station. Of course, the present application is also applicable to various data communication scenarios such as other wired networks and short-range communication networks.

然而，在目前已有的实体鉴别方案中，实体的身份凭证要么统一采用数字证书的形式，要么统一采用预共享密钥的形式，而针对实际应用中一端采用数字证书作为身份凭证、另一端采用预共享密钥作为身份凭证的情况，并没有提出简洁、有效的身份鉴别机制。并且在身份鉴别消息的传输过程中，直接暴露实体的身份信息，导致其安全性无法得到保障。However, in the existing entity authentication scheme, the identity certificate of the entity is either in the form of a digital certificate or a pre-shared key. When the pre-shared key is used as an identity certificate, no concise and effective authentication mechanism is proposed. In addition, in the transmission process of the identity authentication message, the identity information of the entity is directly exposed, so that its security cannot be guaranteed.

为了解决上述技术问题，本申请实施例提供了一种身份鉴别方法，针对请求设备采用数字证书，鉴别接入控制器采用预共享密钥的鉴别方式的应用场景，由鉴别接入控制器信任的第一鉴别服务器验证鉴别接入控制器的身份鉴别码得到第一验证结果，由请求设备信任的第二鉴别服务器验证请求设备数字证书的合法性得到第二验证结果，请求设备和鉴别接入控制器分别依据对方实体所对应的验证结果来确定对方实体是否合法，实现鉴别接入控制器与请求设备之间的双向身份鉴别，从而为确保只有合法用户才能与合法网络通信奠定基础。并且实体的私密信息如身份标识、鉴别结果信息等以密文形式传输，保障了私密信息在传输过程中的安全性，实现实体的身份保护。In order to solve the above technical problem, an embodiment of the present application provides an identity authentication method. For the application scenario in which the requesting device adopts a digital certificate and the authentication access controller adopts the pre-shared key authentication method, the authentication access controller trusts the application scenario. The first authentication server verifies the identity authentication code of the authentication access controller to obtain the first verification result, and the second authentication server trusted by the requesting device verifies the legality of the digital certificate of the requesting device to obtain the second verification result, and the requesting device and the authentication access control The device determines whether the other entity is legal according to the corresponding verification results of the counterpart entity, and realizes the two-way identity authentication between the authentication access controller and the requesting device, thus laying the foundation for ensuring that only legal users can communicate with the legal network. In addition, the private information of the entity, such as identity identification, authentication result information, etc., is transmitted in the form of cipher text, which ensures the security of the private information during the transmission process and realizes the identity protection of the entity.

为便于介绍，在本申请实施例中，将以请求设备(REQuester，简称REQ)、鉴别接入控制器(Authentication Access Controller，简称AAC)和鉴别服务器(AuthenticationServer，简称AS)为例对本申请的身份鉴别方法进行介绍。For ease of introduction, in the embodiments of the present application, a requesting device (REQuester, REQ for short), an Authentication Access Controller (AAC for short), and an Authentication Server (AS for short) will be used as examples to describe the identity of the present application. The identification method is introduced.

其中，AAC信任的AS称为第一鉴别服务器AS-AAC，REQ信任的AS称为第二鉴别服务器AS-REQ。AS-REQ持有符合ISO/IEC 9594-8/ITU X.509、其他标准或其他技术体系规定的数字证书和数字证书对应的私钥，AS-AAC能够验证AAC的身份合法性，AS-REQ能够验证REQ的数字证书的合法性。AS-AAC和AS-REQ可以是同一AS也可以是不同的AS，当AS-AAC与AS-REQ相同时，即非漫游情况；当AS-AAC与AS-REQ不相同时，即漫游情况，此时AS-AAC与AS-REQ之间具有有效的预共享密钥，或者，当AS-AAC持有符合ISO/IEC9594-8/ITU X.509、其他标准或其他技术体系规定的数字证书和数字证书对应的私钥时，AS-AAC与AS-REQ相互信任，且知晓对方的数字证书或数字证书中的公钥。证书解密服务器(Certificate Sever-Decrypt，简称CS-DEC)持有符合ISO/IEC 9594-8/ITU X.509、其他标准或其他技术体系规定的加密证书和加密证书对应的私钥，其加密证书可以有一张也可以有多张，CS-DEC可以是独立的服务器，也可以驻留在AS-AAC和/或AS-REQ中。The AS trusted by AAC is called the first authentication server AS-AAC, and the AS trusted by REQ is called the second authentication server AS-REQ. AS-REQ holds digital certificates and private keys corresponding to digital certificates that comply with ISO/IEC 9594-8/ITU X.509, other standards or other technical systems. AS-AAC can verify the legitimacy of AAC's identity. AS-REQ Can verify the legitimacy of REQ's digital certificate. AS-AAC and AS-REQ can be the same AS or different ASs. When AS-AAC is the same as AS-REQ, it is a non-roaming situation; when AS-AAC is different from AS-REQ, it is a roaming situation. At this time, there is a valid pre-shared key between AS-AAC and AS-REQ, or, when AS-AAC holds a digital certificate that complies with ISO/IEC9594-8/ITU X.509, other standards or other technical systems and When the private key corresponding to the digital certificate is used, AS-AAC and AS-REQ trust each other and know each other's digital certificate or the public key in the digital certificate. The certificate decryption server (Certificate Sever-Decrypt, CS-DEC for short) holds the encryption certificate and the private key corresponding to the encryption certificate in accordance with ISO/IEC 9594-8/ITU X.509, other standards or other technical systems, and its encryption certificate There can be one or more, and the CS-DEC can be a standalone server or reside in AS-AAC and/or AS-REQ.

REQ可以是参与身份鉴别过程的一个端点，与AAC建立连接，访问AAC提供的服务，且通过AAC访问AS，REQ持有符合ISO/IEC 9594-8/ITU X.509、其他标准或其他技术体系规定的数字证书和数字证书对应的私钥，REQ知晓AS-REQ的数字证书或数字证书中的公钥，并知晓CS-DEC的加密证书或加密证书中的公钥。AAC可以是参与身份鉴别过程的另一个端点，与REQ建立连接，提供服务，并与REQ通信，且可直接访问AS-AAC，AAC与AS-AAC之间具有预共享密钥，且在某些情况下知晓CS-DEC的加密证书或加密证书中的公钥。REQ can be an endpoint participating in the authentication process, establish a connection with AAC, access services provided by AAC, and access AS through AAC, REQ holds ISO/IEC 9594-8/ITU X.509, other standards or other technical systems For the specified digital certificate and the private key corresponding to the digital certificate, REQ knows the digital certificate of AS-REQ or the public key in the digital certificate, and knows the encryption certificate of CS-DEC or the public key in the encryption certificate. The AAC can be another endpoint that participates in the authentication process, establishes a connection with the REQ, provides services, communicates with the REQ, and can directly access the AS-AAC, with a pre-shared key between the AAC and the AS-AAC, and in some If you know the encryption certificate of CS-DEC or the public key in the encryption certificate.

下面结合图1，说明本申请实施例提供的一种身份鉴别方法，该方法包括：1, an identity authentication method provided by the embodiment of the present application is described, and the method includes:

S101、AAC接收REQ发送的身份密文消息REQInit。S101. The AAC receives the identity ciphertext message REQInit sent by the REQ.

所述REQInit中包括第一身份信息密文EncPub_{AS_REQ}。其中，EncPub_{AS_REQ}是REQ利用加密证书的公钥对包括REQ的身份信息和REQ的第一身份密钥在内的加密数据加密生成的；REQ的身份信息包括REQ的数字证书Cert_REQ，第一身份密钥包括第二密钥Nonce_REQPub。The REQInit includes the first identity information ciphertext EncPub_{AS_REQ} . Wherein, EncPub_{AS_REQ} is generated by REQ using the public key of the encrypted certificate to encrypt the encrypted data including the identity information of REQ and the first identity key of REQ; the identity information of REQ includes the digital certificate Cert_REQ of REQ, the first identity The keys include the second key Nonce_REQPub .

S102、AAC向其信任的AS-AAC发送第一鉴别请求消息AACVeri。S102. The AAC sends a first authentication request message AACVeri to the AS-AAC it trusts.

所述AACVeri中包括EncPub_{AS_REQ}和AAC的身份鉴别码MIC_AAC。其中，MIC_AAC是AAC利用与AS-AAC的预共享密钥K_{AAC_AS}，采用与AS-AAC约定的密码算法对包括EncPub_{AS_REQ}在内的信息计算生成的。作为一个示例，AAC与AS-AAC约定的密码算法可以是杂凑算法，通过利用所述K_{AAC_AS}，结合杂凑算法对包括AACVeri中MIC_AAC字段之前的其他字段，如包括EncPub_{AS_REQ}在内的信息，进行杂凑运算得到杂凑值，将该杂凑值作为AAC的身份鉴别码MIC_AAC。如此，由AS-AAC对MIC_AAC进行验证得到第一验证结果Res_AAC，由REQ信任的AS-REQ对解密EncPub_{AS_REQ}得到的Cert_REQ进行验证得到第二验证结果Res_REQ。The AACVeri includes the identification code MIC_AAC of EncPub_{AS_REQ} and AAC. The MIC_AAC is calculated and generated by the AAC using the pre-shared key K_{AAC_AS} with the AS-AAC and the cryptographic algorithm agreed with the AS-AAC on the information including the EncPub_{AS_REQ} . As an example, the cryptographic algorithm agreed by AAC and AS-AAC may be a hash algorithm. By using the K_{AAC_AS} , combined with the hash algorithm, other fields including the MIC_AAC field in AACVeri, such as the information including EncPub_{AS_REQ} , are processed A hash value is obtained by the hash operation, and the hash value is used as the identification code MIC AAC of the_AAC . In this way, the AS-AAC verifies the MIC_AAC to obtain the first verification result Res_AAC , and the AS-REQ trusted by the REQ verifies the Cert_REQ obtained by decrypting the EncPub_{AS_REQ} to obtain the second verification result Res_REQ .

需要说明的是，当AAC信任的AS-AAC和REQ信任的AS-REQ为同一个鉴别服务器时，REQ和AAC共同信任的鉴别服务器可以用AS-AAC(当然也可以用AS-REQ)来表示。此情形下，可以由AS-AAC(也可以表示为AS-REQ)对所述MIC_AAC进行验证得到Res_AAC，对解密EncPub_{AS_REQ}得到的所述Cert_REQ进行合法性验证得到Res_REQ。其中，对EncPub_{AS_REQ}的解密操作可以由证书解密服务器CS-DEC执行，CS-DEC利用所述加密证书对应的私钥解密EncPub_{AS_REQ}，AS-AAC(也可以表示为AS-REQ)从CS-DEC获取解密得到的Cert_REQ；或者，AS-AAC(也可以表示为AS-REQ)利用驻留在AS-AAC(也可以表示为AS-REQ)中的CS-DEC的加密证书对应的私钥解密EncPub_{AS_REQ}得到Cert_REQ。在验证所述MIC_AAC时，AS-AAC(也可以表示为AS-REQ)先确定与AAC的预共享密钥K_{AAC_AS}和约定的密码算法，再利用所述K_{AAC_AS}，采用所述密码算法对包括AACVeri中MIC_AAC字段之前的其他字段，如包括EncPub_{AS_REQ}在内的信息，在本地计算生成MIC_AAC，然后将计算出的MIC_AAC与接收到的MIC_AAC进行比较，从而完成对MIC_AAC的验证。AS-AAC在确定所述K_{AAC_AS}和密码算法时，可以预先确知与AAC具有的有效的预共享密钥K_{AAC_AS}和密码算法；此外，AACVeri中还可以携带AAC的身份标识ID_AAC，AS-AAC可以根据ID_AAC确定与AAC具有的有效的预共享密钥K_{AAC_AS}和密码算法。It should be noted that when the AS-AAC trusted by AAC and the AS-REQ trusted by REQ are the same authentication server, the authentication server trusted by REQ and AAC can be represented by AS-AAC (of course, AS-REQ can also be used) . In this case, the MIC_AAC can be verified by AS-AAC (which can also be expressed as AS-REQ) to obtain Res_AAC , and the Cert_REQ obtained by decrypting the EncPub_{AS_REQ} can be verified to obtain Res_REQ . Wherein, the decryption operation of EncPub_{AS_REQ} can be performed by the certificate decryption server CS-DEC, CS-DEC decrypts EncPub_{AS_REQ} by using the private key corresponding to the encrypted certificate, and AS-AAC (also can be expressed as AS-REQ) from CS-DEC Obtain the Cert_REQ that decryption obtains; Or, AS-AAC (also can be expressed as AS-REQ) utilizes the private key corresponding to the encryption certificate of CS-DEC residing in AS-AAC (also can be expressed as AS-REQ) to decrypt EncPub_{AS_REQ} get Cert_REQ . When verifying the MIC_AAC , AS-AAC (which can also be expressed as AS-REQ) first determines the pre-shared key K_{AAC_AS} with AAC and the agreed cryptographic algorithm, and then uses the K_{AAC_AS} to use the cryptographic algorithm to Include other fields before the MIC_AAC field in AACVeri, such as information including EncPub_{AS_REQ} , calculate the MIC_AAC locally, and then compare the calculated MIC_AAC with the received MIC_AAC to complete the verification of the MIC_AAC . When the AS-_AAC determines the K_{AAC_AS} and the cryptographic algorithm, it can pre-determine the effective pre-shared key K_{AAC_AS} and the cryptographic algorithm with the AAC; The AAC can determine the valid pre-shared key K_{AAC_AS} and the cryptographic algorithm it has with the AAC according to the ID_AAC .

接着，AS-AAC(也可以表示为AS-REQ)根据包括所述Res_AAC在内的信息生成第一鉴别结果信息Pub_AAC，根据包括所述Res_REQ在内的信息生成第二鉴别结果信息Pub_REQ，利用解密EncPub_{AS_REQ}得到的Nonce_REQPub对包括Pub_REQ在内的信息加密得到第二鉴别结果信息密文(例如，可以将Nonce_REQPub与Pub_REQ进行异或运算生成第二鉴别结果信息密文即Pub_REQ⊕Nonce_REQPub)，并利用所述K_{AAC_AS}，采用所述密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成AS-AAC的第一消息鉴别码MIC_{AS_AAC}(也可以表示为AS-REQ的第一消息鉴别码MIC_{AS_REQ})，对包括所述Pub_AAC在内的签名数据计算生成第一数字签名Sig_{AS_AAC1}(也可以表示为Sig_{AS_REQ1})，根据包括所述Pub_AAC、所述Sig_{AS_AAC1}(也可以表示为Sig_{AS_REQ1})、所述第二鉴别结果信息密文和所述MIC_{AS_AAC}(也可以表示为MIC_{AS_REQ})在内的信息生成第一鉴别响应消息ASVeri。Next, AS-AAC (may also be expressed as AS-REQ) generates first authentication result information Pub_AAC according to the information including the Res_AAC , and generates second authentication result information Pub according to the information including the Res_REQREQ , use the Nonce_REQPub obtained by decrypting EncPub_{AS_REQ} to encrypt the information including Pub_REQ to obtain the second authentication result information ciphertext (for example, the Nonce_REQPub and Pub_REQ can be XORed to generate the second authentication result information ciphertext i.e. Pub_REQ ⊕ Nonce_REQPub ), and use the K_{AAC_AS} to calculate and generate the first message authentication code MIC_{AS_AAC} of AS-AAC by using the cryptographic algorithm on the information including the ciphertext of the second authentication result information (you can also Expressed as the first message authentication code MIC_{AS_REQ} of AS-REQ), calculate and generate the first digital signature Sig_{AS_AAC1} (also can be expressed as Sig_{AS_REQ1} ) for the signature data including the Pub_AAC , according to including the Pub_AAC , The information including the Sig_{AS_AAC1} (which may also be expressed as Sig_{AS_REQ1} ), the ciphertext of the second authentication result information, and the MIC_{AS_AAC} (which may also be expressed as MIC_{AS_REQ} ) generates a first authentication response message ASVeri.

当AAC信任的AS-AAC和REQ信任的AS-REQ为两个不同的鉴别服务器时，此情形下，由AS-AAC验证所述MIC_AAC得到Res_AAC，由AS-REQ对解密EncPub_{AS_REQ}得到的Cert_REQ进行合法性验证得到Res_REQ。When the AS-AAC trusted by AAC and the AS-REQ trusted by REQ are two different authentication servers, in this case, the AS-AAC verifies the MIC_AAC to obtain the Res_AAC , and the AS-REQ decrypts the EncPub_{AS_REQ} to obtain the Res AAC. The validity of Cert_REQ is verified to obtain Res_REQ .

具体地，AS-AAC利用与AAC的预共享密钥K_{AAC_AS}，采用与AAC约定的密码算法对所述MIC_AAC进行验证得到Res_AAC，根据包括所述Res_AAC在内的信息生成第一鉴别结果信息Pub_AAC，对包括所述Pub_AAC和所述EncPub_{AS_REQ}在内的签名数据计算生成第二数字签名Sig_{AS_AAC2}，并向AS-REQ发送第二鉴别请求消息AS-AACVeri，所述AS-AACVeri中包括所述Pub_AAC、所述EncPub_{AS_REQ}和所述Sig_{AS_AAC2}。其中，Sig_{AS_AAC2}可替换为MIC_{AS_AAC2}，MIC_{AS_AAC2}是AS-AAC利用与AS-REQ的预共享密钥，采用与AS-REQ约定的密码算法对包括所述Pub_AAC、所述EncPub_{AS_REQ}在内的信息计算生成的第二消息鉴别码。Specifically, AS-AAC uses the pre-shared key K_{AAC_AS} with the AAC, uses the cryptographic algorithm agreed with the AAC to verify the MIC_AAC to obtain Res_AAC , and generates the first authentication result according to the information including the Res_AAC Information Pub_AAC , calculate and generate a second digital signature Sig_{AS_AAC2} for the signature data including the Pub_AAC and the EncPub_{AS_REQ} , and send the second authentication request message AS-AACVeri to AS-REQ, in the AS-AACVeri Including the Pub_AAC , the EncPub_{AS_REQ} and the Sig_{AS_AAC2} . Wherein, Sig_{AS_AAC2} can be replaced by MIC_{AS_AAC2} , MIC_{AS_AAC2} is that AS-AAC utilizes the pre-shared key with AS-REQ, adopts the cryptographic algorithm agreed with AS-REQ to pair the Pub_AAC and EncPub_{AS_REQ} . The message calculates the generated second message authentication code.

然后，AS-REQ利用AS-AAC的公钥验证Sig_{AS_AAC2}或者利用与AS-AAC的预共享密钥采用与AS-AAC约定的密码算法验证MIC_{AS_AAC2}，验证通过后，由AS-REQ对解密所述EncPub_{AS_REQ}得到的Cert_REQ进行合法性验证得到Res_REQ，再根据包括Res_REQ在内的信息生成第二鉴别结果信息Pub_REQ，利用解密所述EncPub_{AS_REQ}得到的Nonce_REQPub对包括Pub_REQ在内的信息加密生成第二鉴别结果信息密文，并对包括所述Pub_AAC在内的签名数据计算生成第一数字签名Sig_{AS_REQ1}，对包括所述第二鉴别结果信息密文在内的签名数据计算生成第三数字签名Sig_{AS_REQ3}，并向AS-AAC发送第二鉴别响应消息AS-REQVeri，所述AS-REQVeri中包括所述Pub_AAC、所述Sig_{AS_REQ1}、所述第二鉴别结果信息密文和所述Sig_{AS_REQ3}。其中，Sig_{AS_REQ3}可替换为MIC_{AS_REQ3}，MIC_{AS_REQ3}是AS-REQ利用与AS-AAC的预共享密钥，采用与AS-AAC约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的第三消息鉴别码。Then, AS-REQ uses the public key of AS-AAC to verify Sig_{AS_AAC2} or uses the pre-shared key with AS-AAC to verify MIC_{AS_AAC2} using the cryptographic algorithm agreed with AS-AAC. The Cert_REQ obtained by the described EncPub_{AS_REQ} is verified for validity to obtain the Res_REQ , and then the second authentication result information Pub_REQ is generated according to the information including the Res_REQ , and the Nonce_REQPub obtained by decrypting the described EncPub_{AS_REQ} is used to decipher the information including the Pub_REQ . The information is encrypted to generate the second authentication result information ciphertext, and the first digital signature Sig_{AS_REQ1} is calculated and generated for the signature data including the Pub_AAC , and the signature data including the second authentication result information ciphertext is calculated and generated. The third digital signature Sig_{AS_REQ3} , and sends a second authentication response message AS-REQVeri to AS-AAC, the AS-REQVeri includes the Pub_AAC , the Sig_{AS_REQ1} , the second authentication result information ciphertext and all Sig_{AS_REQ3} described above. Wherein, Sig_{AS_REQ3} can be replaced with MIC_{AS_REQ3} , and MIC_{AS_REQ3} is that AS-REQ uses the pre-shared key with AS-AAC, and adopts the cryptographic algorithm agreed with AS-AAC to pair the ciphertext including the second authentication result information. The information calculates the generated third message authentication code.

AS-AAC利用AS-REQ的公钥验证所述Sig_{AS_REQ3}，或者利用与AS-REQ的预共享密钥采用与AS-REQ约定的密码算法验证MIC_{AS_REQ3}，验证通过后，由AS-AAC利用所述K_{AAC_AS}，采用与AAC约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成AS-AAC的第一消息鉴别码MIC_{AS_AAC}，并根据包括所述Pub_AAC、所述Sig_{AS_REQ1}、所述第二鉴别结果信息密文和所述MIC_{AS_AAC}在内的信息生成所述第一鉴别响应消息ASVeri。AS-AAC uses the public key of AS-REQ to verify the Sig_{AS_REQ3} , or uses the pre-shared key with AS-REQ to verify the MIC_{AS_REQ3} using the cryptographic algorithm agreed with AS-REQ. Describe K_{AAC_AS} , adopt the cryptographic algorithm agreed with AAC to calculate and generate the first message authentication code MIC_{AS_AAC} of AS-AAC on the information including the ciphertext of the second authentication result information, and according to including the Pub_AAC , the described Information including Sig_{AS_REQ1} , the ciphertext of the second authentication result information, and the MIC_{AS_AAC} generates the first authentication response message ASVeri.

S103、AAC接收AS-AAC发送的第一鉴别响应消息ASVeri。S103. The AAC receives the first authentication response message ASVeri sent by the AS-AAC.

所述ASVeri中包括第一鉴别结果信息、第一数字签名Sig_{AS_REQ1}、第二鉴别结果信息密文和AS-AAC的第一消息鉴别码MIC_{AS_AAC}。The ASVeri includes the first authentication result information, the first digital signature Sig_{AS_REQ1} , the ciphertext of the second authentication result information and the first message authentication code MIC_{AS_AAC} of the AS-AAC.

S104、AAC利用与AS-AAC的预共享密钥，采用与AS-AAC约定的密码算法验证所述MIC_{AS_AAC}。S104, the AAC uses the pre-shared key with the AS-AAC, and uses the cryptographic algorithm agreed with the AS-AAC to verify the MIC_{AS_AAC} .

若验证通过，则执行S105。其中，AAC利用与AS-AAC的预共享密钥K_{AAC_AS}采用与AS-AAC约定的密码算法对包括第二鉴别结果信息密文在内的信息计算生成MIC_{AS_AAC}，将计算出的MIC_{AS_AAC}与接收到的MIC_{AS_AAC}进行比较，若一致，则MIC_{AS_AAC}验证通过，若不一致，则丢弃ASVeri。If the verification is passed, execute S105. Wherein, AAC utilizes the pre-shared key K_{AAC_AS} with AS-AAC and adopts the cryptographic algorithm agreed with AS-AAC to calculate and generate MIC_{AS_AAC} for the information including the ciphertext of the second authentication result information, and compare the calculated MIC_{AS_AAC} with the received MIC AS_AAC . The received MIC_{AS_AACs} are compared. If they are consistent, the MIC_{AS_AAC} verification is passed. If they are inconsistent, the ASVeri is discarded.

S105、AAC向REQ发送第三鉴别响应消息AACAuth。S105, AAC sends a third authentication response message AACAuth to REQ.

所述AACAuth中包括身份鉴别结果信息密文EncData_AAC。其中，EncData_AAC是AAC利用消息加密密钥对包括第一鉴别结果信息和第一数字签名Sig_{AS_REQ1}在内的加密数据加密生成的。本申请中，将被加密的对象称为加密数据。The AACAuth includes the ciphertext EncData_AAC of the identity authentication result information. The EncData_AAC is generated by the AAC encrypting the encrypted data including the first authentication result information and the first digital signature Sig_{AS_REQ1} by using the message encryption key. In this application, the encrypted object is called encrypted data.

S106、REQ利用消息加密密钥解密EncData_AAC得到第一鉴别结果信息和Sig_{AS_REQ1}。S106, REQ decrypts the EncData_AAC by using the message encryption key to obtain the first authentication result information and Sig_{AS_REQ1} .

S107、REQ利用AS-REQ的公钥验证所述Sig_{AS_REQ1}。S107, REQ verifies the Sig_{AS_REQ1} by using the public key of AS-REQ.

S108、REQ根据第一鉴别结果信息中的Res_AAC确定AAC的身份鉴别结果。S108. The REQ determines the identity authentication result of the AAC according to the Res_AAC in the first authentication result information.

由于Res_AAC可以反映出AAC是否合法，因此REQ可以根据第一鉴别结果信息中的Res_AAC确定AAC是否合法。Since the Res_AAC can reflect whether the AAC is legal, the REQ can determine whether the AAC is legal according to the Res_AAC in the first authentication result information.

S109、REQ向AAC发送第四鉴别响应消息REQAuth。S109, REQ sends a fourth authentication response message REQAuth to the AAC.

所述REQAuth中包括第二密钥密文EncData_REQ。其中，EncData_REQ是REQ利用消息加密密钥对包括Nonce_REQPub在内的信息加密生成的。The REQAuth includes the second key ciphertext EncData_REQ . Among them, EncData_REQ is generated by REQ encrypting information including Nonce_REQPub by using a message encryption key.

需要说明的是：S107至S109的执行顺序并不影响本申请的具体实现，在实际应用中，可根据需求设定S107至S109的执行顺序。优选建议，先执行S107，当REQ对所述Sig_{AS_REQ1}验证不通过，则丢弃AACAuth，当REQ对所述Sig_{AS_REQ1}验证通过后，再执行S108，当REQ确定AAC为合法时，再执行S109，当REQ确定AAC为不合法时，则REQ根据本地策略选择是否执行S109，考虑到效率，优选方案为不执行并结束本次鉴别过程。It should be noted that the execution order of S107 to S109 does not affect the specific implementation of the present application. In practical applications, the execution order of S107 to S109 can be set according to requirements. Preferably, it is recommended to execute S107 first, and discard AACAuth when REQ fails to verify the Sig_{AS_REQ1} , and then execute S108 after the REQ has passed the Sig_{AS_REQ1} verification. When the REQ determines that AAC is legal, execute S109 again. When the REQ determines that the AAC is illegal, the REQ selects whether to execute S109 according to the local policy. Considering the efficiency, the preferred solution is not to execute and end the current authentication process.

S110、AAC利用消息加密密钥解密所述EncData_REQ得到Nonce_REQPub，利用Nonce_REQPub对第二鉴别结果信息密文解密得到第二鉴别结果信息，根据第二鉴别结果信息中的Res_REQ确定REQ的身份鉴别结果。S110, AAC uses the message encryption key to decrypt the EncData_REQ to obtain the Nonce_REQPub , uses the Nonce_REQPub to decrypt the ciphertext of the second authentication result information to obtain the second authentication result information, and determines the identity of the REQ according to the Res_REQ in the second authentication result information Identification results.

由于Res_REQ可以反映出REQ是否合法，因此AAC可以根据第二鉴别结果信息中的Res_REQ确定REQ是否合法。Since the Res_REQ can reflect whether the REQ is legal, the AAC can determine whether the REQ is legal according to the Res_REQ in the second authentication result information.

由上述技术方案可以看出，在对请求设备和鉴别接入控制器进行双向身份鉴别时，针对请求设备采用数字证书，鉴别接入控制器采用预共享密钥的鉴别方式的应用场景，由鉴别接入控制信任的第一鉴别服务器利用与鉴别接入控制器约定的预共享密钥对鉴别接入控制器的身份鉴别码进行验证得到第一验证结果，由请求设备信任的第二鉴别服务器对请求设备的数字证书进行验证得到第二验证结果，请求设备和鉴别接入控制器分别获取对方实体所对应的验证结果，可以确定对方实体是否合法，实现鉴别接入控制器与请求设备之间的双向身份鉴别，为确保只有合法用户才能访问合法网络奠定基础。并且实体的私密信息如身份标识、鉴别结果信息等以密文形式传输，保障私密信息在传输过程中的安全性，实现实体的身份保护。It can be seen from the above technical solutions that when performing bidirectional identity authentication between the requesting device and the authentication access controller, the application scenario in which a digital certificate is used for the requesting device and the pre-shared key authentication method is used for the authentication access controller. The first authentication server trusted by the access control uses the pre-shared key agreed with the authentication access controller to verify the identity authentication code of the authentication access controller to obtain a first verification result, which is verified by the second authentication server trusted by the requesting device. The digital certificate of the requesting device is verified to obtain the second verification result, and the requesting device and the authentication access controller obtain the verification results corresponding to the counterpart entity respectively, so as to determine whether the counterpart entity is legal, and realize the authentication between the access controller and the requesting device. Two-way authentication lays the foundation for ensuring that only legitimate users can access legitimate networks. In addition, the private information of the entity, such as identity identification, authentication result information, etc., is transmitted in the form of cipher text, which ensures the security of the private information during the transmission process and realizes the identity protection of the entity.

为保障鉴别结果的可靠性，AAC可以生成消息完整性校验码。例如，S105的AACAuth中还可以包括第一消息完整性校验码MacTag_AAC，MacTag_AAC是AAC利用消息完整性校验密钥对包括AACAuth中除MacTag_AAC外的其他字段计算生成的；则在REQ确定AAC的身份鉴别结果之前，REQ可以利用消息完整性校验密钥验证MacTag_AAC，验证通过后再确定AAC的身份鉴别结果。其中，REQ验证MacTag_AAC时，应利用所述消息完整性校验密钥对包括AACAuth中除MacTag_AAC外的其他字段在本地计算生成MacTag_AAC，并对比本地计算的MacTag_AAC与接收到的AACAuth中的MacTag_AAC是否一致，若一致，则验证通过，若不一致，则验证不通过。To ensure the reliability of the authentication result, AAC can generate a message integrity check code. For example, the AACAuth of S105 may also include the first message integrity check code MacTag_AAC , and MacTag_AAC is calculated and generated by AAC using the message integrity check key to include other fields in AACAuth except MacTag_AAC ; then in REQ Before determining the identity authentication result of the AAC, REQ can use the message integrity check key to verify the MacTag_AAC , and then determine the identity authentication result of the AAC after the verification is passed. Wherein, when REQ verifies MacTag_AAC , it should use the message integrity check key pair to include other fields in AACAuth except MacTag_AAC to generate MacTag_AAC locally, and compare the locally calculated MacTag_AAC with the received AACAuth Whether the_MacTag AACs are consistent. If they are consistent, the verification passes. If they are inconsistent, the verification fails.

同样的，REQ也可以生成消息完整性校验码。例如，S109的REQAuth中还可以包括第二消息完整性校验码MacTag_REQ，MacTag_REQ是REQ利用消息完整性校验密钥对包括REQAuth中除MacTag_REQ外的其他字段计算生成的。相应的，在AAC确定REQ的身份鉴别结果之前，AAC可以利用消息完整性校验密钥验证MacTag_REQ，验证通过后再确定REQ的身份鉴别结果。其中，AAC验证MacTag_REQ时，应利用所述消息完整性校验密钥对包括REQAuth中除MacTag_REQ外的其他字段在本地计算生成MacTag_REQ，并对比本地计算的MacTag_REQ与接收到的REQAuth中的MacTag_REQ是否一致，若一致，则验证通过，若不一致，则验证不通过。Similarly, REQ can also generate message integrity check codes. For example, the REQAuth of S109 may further include the second message integrity check code MacTag_REQ , where MacTag_REQ is calculated and generated by REQ using the message integrity check key to include other fields in REQAuth except MacTag_REQ . Correspondingly, before the AAC determines the identity authentication result of the REQ, the AAC can use the message integrity check key to verify the MacTag_REQ , and then determine the identity authentication result of the REQ after the verification is passed. Wherein, when the AAC verifies the MacTag_REQ , it should use the message integrity check key pair to include other fields in REQAuth except the MacTag_REQ to generate the MacTag_REQ locally, and compare the locally calculated MacTag_REQ with the received REQAuth. Whether the MacTag_REQs are consistent, if they are consistent, the verification is passed; if they are inconsistent, the verification fails.

需要说明的是，REQ和AAC利用的消息完整性校验密钥的生成方式在下一实施例中介绍。It should be noted that the generation method of the message integrity check key used by REQ and AAC is introduced in the next embodiment.

请参考图1，S101的REQInit中还可以包括REQ的数字签名Sig_REQ，Sig_REQ的签名数据包括REQInit中Sig_REQ之前的其他字段，则在AAC确定REQ的身份鉴别结果之前，AAC还要确定Sig_REQ是否验证通过，若确定Sig_REQ验证通过，则再根据所述第二鉴别结果信息中的Res_REQ确定REQ的身份鉴别结果。本申请中，将被签名的对象称为签名数据。其中，AAC确定Sig_REQ是否验证通过包括以下方式：Please refer to FIG. 1, REQInit of S101 may also include the digital signature Sig_REQ of REQ, and the signature data of Sig_REQ includes other fields before Sig_REQ in REQInit, then before AAC determines the identity authentication result of REQ, AAC also needs to determine Sig REQ Whether the_REQ has passed the verification, and if it is determined that the Sig_REQ has passed the verification, the identity verification result of the REQ is then determined according to the Res_REQ in the second verification result information. In this application, the object to be signed is called signature data. Among them, AAC determines whether the Sig_REQ is verified through the following methods:

一种实现方式为，当所述第二鉴别结果信息中还包括Cert_REQ时，AAC利用所述第二鉴别结果信息中的Cert_REQ验证所述Sig_REQ，根据验证结果确定Sig_REQ是否验证通过。另一种实现方式为，AS-REQ利用解密所述EncPub_{AS_REQ}得到的Cert_REQ验证所述Sig_REQ，若验证通过，则继续执行后续操作，并向AAC发送第一鉴别响应消息ASVeri，若验证不通过，则不会向AAC发送第一鉴别响应消息ASVeri；因此，若AAC能够接收到ASVeri，则AAC确定所述Sig_REQ已验证通过。An implementation manner is that when the second authentication result information further includes Cert_REQ , the AAC uses the Cert_REQ in the second authentication result information to verify the Sig_REQ , and determines whether the Sig_REQ is verified according to the verification result. Another implementation is that AS-REQ uses the Cert_REQ obtained by decrypting the EncPub_{AS_REQ} to verify the Sig_REQ , if the verification is passed, then continue to perform subsequent operations, and send the first authentication response message ASVeri to the AAC, if the verification fails If passed, the first authentication response message ASVeri will not be sent to the AAC; therefore, if the AAC can receive the ASVeri, the AAC determines that the Sig_REQ has passed the verification.

需要说明的是，请求设备和/或鉴别接入控制器产生的随机数、身份标识等信息可以在身份鉴别过程交互的消息中进行传递。正常情况下，接收的消息中携带的随机数和/或身份标识与发送的消息中携带的随机数和/或身份标识应该相同，但在遇到网络抖动或攻击等情况时，可能造成消息中参数信息的丢失或篡改。因此在一些实施例中，还可以通过比较收发消息中的随机数和/或身份标识是否一致来保障鉴别结果的可靠性。It should be noted that information such as random numbers and identity identifiers generated by the requesting device and/or the authentication access controller may be transmitted in messages exchanged in the identity authentication process. Under normal circumstances, the random number and/or ID carried in the received message should be the same as the random number and/or ID carried in the sent message. Loss or tampering of parameter information. Therefore, in some embodiments, the reliability of the authentication result can also be ensured by comparing whether the random numbers and/or identity identifiers in the received and received messages are consistent.

请参考图1，S102的AACVeri中还可以包括AAC的身份标识ID_AAC和/或AAC生成的第一随机数Nonce_AAC，相应地，S103的ASVeri中还包括ID_AAC和/或Nonce_AAC；则在S105之前，AAC可以对ASVeri中的ID_AAC和AAC自身的身份标识ID_AAC(也就是AAC通过AACVeri发出去的ID_AAC)的一致性进行验证，和/或，对ASVeri中的Nonce_AAC和AAC生成的Nonce_AAC(也就是AAC通过AACVeri发出去的Nonce_AAC)的一致性进行验证，若验证通过，则AAC再执行S105。Please refer to Fig. 1, the AACVeri of S102 may also include the first random number Nonce AAC generated by the ID_AAC and/or AAC of the_AAC , correspondingly, the ASVeri of S103 also includes ID_AAC and/or Nonce_AAC ; then in Before S105, the AAC can verify the consistency of the ID_AAC in ASVeri and the ID_AAC of the AAC itself (that is, the ID_AAC sent by AAC through AACVeri), and/or, generate the Nonce_AAC and AAC in ASVeri The consistency of the Nonce_AAC (that is, the Nonce_AAC sent by the AAC through the AACVeri) is verified, and if the verification is passed, the AAC executes S105 again.

在另一些实施例中，所述第一鉴别结果信息中还可以包括ID_AAC，S105的AACAuth中的EncData_AAC的加密数据还包括ID_AAC，则在REQ确定AAC的身份鉴别结果之前，REQ还要对所述第一鉴别结果信息中的ID_AAC和解密EncData_AAC得到的ID_AAC的一致性进行验证，若验证通过，则REQ再根据所述第一鉴别结果信息中的Res_AAC确定AAC的身份鉴别结果。In other embodiments, the first authentication result information may further include ID_AAC , and the encrypted data of EncData_AAC in AACAuth of S105 also includes ID_AAC , then before REQ determines the identity authentication result of AAC, REQ also needs to Verify the consistency of the ID_AAC in the first authentication result information and the ID_AAC obtained by decrypting the EncData_AAC , if the verification is passed, then REQ determines the identity authentication of the AAC according to the Res_AAC in the first authentication result information result.

当然，为了保障鉴别结果的可靠性，REQ也可以对REQ生成的第二随机数Nonce_REQ和/或REQ的身份标识ID_REQ进行一致性验证。Of course, in order to ensure the reliability of the authentication result, the REQ may also perform consistency verification on the second random number Nonce REQ generated by the_REQ and/or the identity ID_REQ of the REQ.

请参考图1，在S101中，REQ的身份信息还可以包括ID_REQ，第一身份密钥还可以包括第三密钥Nonce_REQID，则第一身份信息密文EncPub_{AS_REQ}的加密数据不仅包括Cert_REQ和Nonce_REQPub，还可以包括ID_REQ和Nonce_REQID。相应的，在生成第二鉴别结果信息密文时，还可以利用Nonce_REQID对包括ID_REQ在内的信息加密生成REQ的身份标识密文(简单的，REQ的身份标识密文可以为Nonce_REQID与ID_REQ进行异或运算生成的即ID_REQ⊕Nonce_REQID)，则S103的ASVeri中还包括REQ的身份标识密文，S105的AACAuth中的EncData_AAC的加密数据还包括REQ的身份标识密文；相应地，在REQ确定AAC的身份鉴别结果之前，REQ还需要根据自身的身份标识ID_REQ和所述Nonce_REQID对解密EncData_AAC得到的REQ的身份标识密文进行验证，具体验证包括：REQ利用所述Nonce_REQID对包括REQ自身的身份标识ID_REQ在内的信息加密生成REQ的身份标识密文，并将生成的REQ的身份标识密文与解密EncData_AAC得到的REQ的身份标识密文进行一致性验证；或者，REQ利用Nonce_REQID解密REQ的身份标识密文得到ID_REQ，将解密得到的ID_REQ与REQ自身的身份标识ID_REQ进行一致性验证；若验证通过，则REQ再根据第一鉴别结果信息中的Res_AAC确定AAC的身份鉴别结果。Please refer to FIG. 1 , in S101, the identity information of REQ may also include ID_REQ , the first identity key may also include a third key Nonce_REQID , then the encrypted data of the first identity information ciphertext EncPub_{AS_REQ} not only includes Cert_REQ and Nonce_REQPub , can also include ID_REQ and Nonce_REQID . Correspondingly, when generating the second authentication result information ciphertext, it is also possible to use Nonce_REQID to encrypt the information including ID_REQ to generate the identity ciphertext of REQ (simple, the identity ciphertext of REQ can be Nonce_REQID and ID REQ). ID_REQ is generated by XOR operation, namely ID_REQ ⊕ Nonce_REQID ), then the ASVeri of S103 also includes the identity ciphertext of REQ, and the encrypted data of EncData_AAC in the AACAuth of S105 also includes the identity ciphertext of REQ; correspondingly Ground, before REQ determines the identity authentication result of AAC, REQ also needs to verify the identity ciphertext of the REQ obtained by decrypting EncData_AAC according to its own identity ID_REQ and the Nonce_REQID , and the specific verification includes: REQ utilizes the described Nonce REQ ID. Nonce_REQID encrypts the information including REQ's own identity ID_REQ to generate REQ's identity ciphertext, and performs consistency verification between the generated REQ's identity ciphertext and the REQ's identity ciphertext obtained by decrypting EncData_AAC Or, REQ utilizes Nonce_REQID to decrypt the identity ciphertext of REQ to obtain ID_REQ , and the ID REQ obtained by decryption and the identity ID_REQ of_REQ itself carry out consistency verification; If verification is passed, then REQ then according to the first discrimination result information The Res_AAC in the AAC determines the identity authentication result of the AAC.

当然，S101的REQInit中还可以包括Nonce_REQ，相应地，S102的AACVeri和S103的ASVeri中还可以包括Nonce_REQ，S105的AACAuth中的EncData_AAC的加密数据还包括Nonce_REQ。相应地，在REQ确定AAC的身份鉴别结果之前，REQ需要将解密EncData_AAC得到的Nonce_REQ与REQ生成的Nonce_REQ的一致性进行验证，若验证通过，则REQ再根据第一鉴别结果信息中的Res_AAC确定AAC的身份鉴别结果。Of course, the REQInit of S101 may also include Nonce_REQ , correspondingly, the AACVeri of S102 and the ASVeri of S103 may also include Nonce_REQ , and the encrypted data of EncData_AAC in AACAuth of S105 also includes Nonce_REQ . Correspondingly, before REQ determines the identity authentication result of AAC, REQ needs to verify the consistency between the Nonce_REQ obtained by decrypting the EncData_AAC and the Nonce_REQ generated by REQ. Res_AAC determines the identity authentication result of AAC.

在上述实施例中，AAC的身份标识ID_AAC、第一鉴别结果信息等是以明文形式传输的，考虑到AAC敏感信息的安全性，还可以采用密文形式传输上述信息。In the above embodiment, the identity ID_AAC of the AAC, the first authentication result information, etc. are transmitted in plain text. Considering the security of AAC sensitive information, the above information can also be transmitted in cipher text.

请参考图1，在一些实施例中，S102的AACVeri中还可以包括第二身份信息密文EncPub_{AS_AAC}，所述EncPub_{AS_AAC}是AAC利用加密证书的公钥对包括ID_AAC和AAC的第二身份密钥在内的信息加密生成的，第二身份密钥包括第四密钥Nonce_AACPub和第五密钥Nonce_AACID。相应的，S103的ASVeri中包括第一鉴别结果信息、Sig_{AS_REQ1}、AAC的身份标识密文、第二鉴别结果信息密文和MIC_{AS_AAC}。其中，第一鉴别结果信息以密文形式存在(例如用所述Nonce_AACPub对包括Pub_AAC在内的信息加密生成的，简单的，可以为异或运算生成的即Pub_AAC⊕Nonce_AACPub)；AAC的身份标识密文是AS-AAC利用所述Nonce_AACID对包括所述ID_AAC在内的信息加密生成的(简单的，可以为异或运算生成的即ID_AAC⊕Nonce_AACID)。Referring to FIG. 1 , in some embodiments, the AACVeri of S102 may further include the second identity information ciphertext EncPub_{AS_AAC} , where the EncPub_{AS_AAC} is a pair of the second identity secret including ID_AAC and AAC using the public key of the encryption certificate by AAC The second identity key includes the fourth key Nonce_AACPub and the fifth key Nonce_AACID . Correspondingly, the ASVeri of S103 includes the first authentication result information, Sig_{AS_REQ1} , the ciphertext of the identity identification of AAC, the ciphertext of the second authentication result information, and MIC_{AS_AAC} . Wherein, the first authentication result information exists in the form of cipher text (for example, the Nonce_AACPub is used to encrypt and generate information including Pub_AAC , or simply, it can be generated for the exclusive OR operation, namely Pub_AAC ⊕_{Nonce AACPub} ); AAC The ciphertext of the identity identifier is generated by AS-AAC by using the Nonce_AACID to encrypt the information including the ID_AAC (simple, it can be generated for the XOR operation, that is, ID_AAC ⊕_{Nonce AACID} ).

基于此，AAC在接收到S103的ASVeri后，可以根据AAC自身的身份标识ID_AAC和所述第五密钥Nonce_AACID对AAC的身份标识密文进行验证，具体验证包括：AAC利用所述Nonce_AACID对包括AAC自身的身份标识ID_AAC在内的信息加密生成AAC的身份标识密文，并将生成的AAC的身份标识密文与接收到S103的ASVeri中的AAC的身份标识密文进行一致性验证；或者，AAC利用Nonce_AACID解密AAC的身份标识密文得到ID_AAC，并将解密得到的ID_AAC与AAC自身的身份标识ID_AAC的一致性进行验证，验证通过后，再向REQ发送AACAuth。其中，S105的AACAuth中的EncData_AAC的加密数据还包括所述Nonce_AACPub；相应地，在REQ确定AAC的身份鉴别结果之前，REQ可以利用解密EncData_AAC得到的Nonce_AACPub对第一鉴别结果信息解密得到第一验证结果Res_AAC，再根据第一验证结果Res_AAC确定AAC的身份鉴别结果。Based on this, after receiving the ASVeri of S103, the AAC can verify the ciphertext of the AAC's identity according to the AAC's own identity ID_AAC and the fifth key Nonce_AACID . The specific verification includes: AAC uses the Nonce_AACID Encrypt the information including the AAC's own identity ID_AAC to generate the AAC's identity ciphertext, and perform consistency verification between the generated AAC's identity ciphertext and the AAC's identity ciphertext received in the ASVeri of S103 Or, AAC uses Nonce_{AACID to} decrypt AAC's identity ciphertext to obtain ID_AAC , and verifies the consistency between the decrypted ID_AAC and AAC's own identity ID_AAC , and sends AACAuth to REQ after the verification is passed. Wherein, the encrypted data of the EncData_AAC in the AACAuth of S105 also includes the Nonce_AACPub ; Correspondingly, before REQ determines the identity authentication result of AAC, REQ can utilize the Nonce_AACPub obtained by decrypting the EncData_AAC to decrypt the first authentication result information and obtain The first verification result Res_AAC , and then the identity authentication result of the AAC is determined according to the first verification result Res_AAC .

以上实施例中，REQ与AAC使用的消息加密密钥可以是二者协商得到的也可以是预先共享的，因此本实施例还提供一种REQ和AAC协商消息加密密钥的方法，参见图2，所述方法包括：In the above embodiment, the message encryption key used by REQ and AAC can be obtained through negotiation or shared in advance. Therefore, this embodiment also provides a method for REQ and AAC to negotiate a message encryption key, see FIG. 2 , the method includes:

S201、AAC向REQ发送密钥请求消息AACInit。S201. The AAC sends a key request message AACInit to the REQ.

所述AACInit中包括AAC的密钥交换参数KeyInfo_AAC，KeyInfo_AAC包括AAC的临时公钥，其中，密钥交换是指如迪菲·赫尔曼(Diffie-Hellman，简称DH)等密钥交换算法。所述AACInit中还可以包括AAC生成的第一随机数Nonce_AAC。The AACInit includes the key exchange parameter KeyInfo_AAC of the AAC, and the KeyInfo_AAC includes the temporary public key of the AAC, wherein the key exchange refers to a key exchange algorithm such as Diffie-Hellman (DH for short) . The AACInit may also include the first random number Nonce AAC generated by_AAC .

所述AACInit中还可以包括Security capabilities_AAC，Securitycapabilities_AAC表示AAC支持的安全能力参数信息，包括AAC支持的身份鉴别套件(身份鉴别套件中包含一种或多种身份鉴别方法)、对称加密算法、完整性校验算法和/或密钥导出算法等，以供REQ选择使用的特定安全策略，则REQ可以根据Security capabilities_AAC选择REQ使用的特定安全策略Security capabilities_REQ。Security capabilities_REQ表示REQ相应确定使用的身份鉴别方法、对称加密算法、完整性校验算法和/或密钥导出算法等。The AACInit can also include Security capabilities_AAC , Securitycapabilities_AAC represents the security capability parameter information supported by AAC, including the identity authentication suite supported by AAC (the identity authentication suite includes one or more identity authentication methods), symmetric encryption algorithm, complete Security capabilities_REQ can be selected by REQ according to Security capabilities_AAC . Security capabilities_REQ means that REQ determines the identity authentication method, symmetric encryption algorithm, integrity check algorithm and/or key derivation algorithm to be used accordingly.

S202、REQ根据包括REQ的密钥交换参数KeyInfo_REQ对应的临时私钥和KeyInfo_AAC所包括的临时公钥进行密钥交换计算生成第一密钥，根据包括所述第一密钥在内的信息利用密钥导出算法计算消息加密密钥。S202, REQ performs key exchange calculation according to the temporary private key corresponding to the key exchange parameter KeyInfo_REQ including REQ and the temporary public key included in KeyInfo_AAC to generate a first key, and according to the information including the first key The message encryption key is calculated using a key derivation algorithm.

若S201的AACInit中还包括AAC生成的Nonce_AAC，则REQ可以根据包括KeyInfo_REQ对应的临时私钥和KeyInfo_AAC所包括的临时公钥进行密钥交换计算生成第一密钥K1，将K1结合包括Nonce_AAC和REQ生成的第二随机数Nonce_REQ在内的信息，利用协商的或预置的密钥导出算法计算消息加密密钥。协商的密钥导出算法可以是REQ根据AAC发送的Securitycapabilities_AAC而选择使用的密钥导出算法。其中，KeyInfo_REQ是REQ产生的密钥交换参数，包括REQ的临时公钥。KeyInfo_REQ对应的临时私钥是REQ产生的对应于REQ的临时公钥的临时私钥，即所述临时公钥和临时私钥是一对临时公私钥对。If the AACInit of S201 also includes the Nonce AAC generated by the_AAC , the REQ can perform the key exchange calculation according to the temporary private key corresponding to the KeyInfo_REQ and the temporary public key included in the KeyInfo_AAC to generate the first key K1, and combine K1 to include Information including Nonce_AAC and the second random number Nonce_REQ generated by REQ, use the negotiated or preset key derivation algorithm to calculate the message encryption key. The negotiated key derivation algorithm may be the key derivation algorithm selected and used by the REQ according to the Securitycapabilities_AAC sent by the AAC. Among them, KeyInfo_REQ is the key exchange parameter generated by REQ, including the temporary public key of REQ. The temporary private key corresponding to KeyInfo_REQ is a temporary private key generated by REQ and corresponding to the temporary public key of REQ, that is, the temporary public key and the temporary private key are a pair of temporary public and private keys.

S203、REQ向AAC发送身份密文消息REQInit。S203, REQ sends an identity ciphertext message REQInit to the AAC.

所述REQInit中包括KeyInfo_REQ，以便AAC根据包括KeyInfo_AAC对应的临时私钥和KeyInfo_REQ所包括的临时公钥在内的信息计算得到消息加密密钥。其中，KeyInfo_AAC对应的临时私钥是AAC产生的对应于AAC的临时公钥的临时私钥，即所述临时公钥和临时私钥是一对临时公私钥对。The REQInit includes KeyInfo_REQ , so that AAC calculates and obtains the message encryption key according to the information including the temporary private key corresponding to KeyInfo_AAC and the temporary public key included in KeyInfo_REQ . The temporary private key corresponding to the KeyInfo_AAC is a temporary private key generated by the AAC and corresponding to the temporary public key of the AAC, that is, the temporary public key and the temporary private key are a pair of temporary public and private keys.

所述REQInit中还可以包括Security capabilities_REQ。所述REQInit中还可以包括Nonce_REQ，以便AAC根据包括所述KeyInfo_AAC对应的临时私钥、所述KeyInfo_REQ所包括的临时公钥、所述Nonce_AAC和所述Nonce_REQ在内的信息计算得到该消息加密密钥。The REQInit may also include Security capabilities_REQ . The REQInit may also include the Nonce_REQ , so that the AAC can be calculated according to the information including the temporary private key corresponding to the KeyInfo_AAC , the temporary public key included in the KeyInfo_REQ , the Nonce_AAC and the Nonce_REQ . The message encryption key.

所述REQInit中还可以包括Nonce_AAC，进而AAC可以在计算消息加密密钥之前，对REQInit中的Nonce_AAC和AAC生成的Nonce_AAC的一致性进行验证，以确保AAC接收的REQInit是对AACInit的响应消息。The REQInit may also include the Nonce_AAC , and the AAC may verify the consistency of the Nonce_AAC in the REQInit and the Nonce_AAC generated by the AAC before calculating the message encryption key, to ensure that the REQInit received by the AAC is a response to AACInit information.

S204、AAC根据包括KeyInfo_AAC对应的临时私钥和KeyInfo_REQ所包括的临时公钥进行密钥交换计算生成所述第一密钥，根据包括所述第一密钥在内的信息利用所述密钥导出算法计算消息加密密钥。S204. AAC performs key exchange calculation according to the temporary private key corresponding to the KeyInfo_AAC and the temporary public key included in the KeyInfo_REQ to generate the first key, and uses the encrypted key according to the information including the first key. The key derivation algorithm computes the message encryption key.

若所述REQInit中还包括所述Nonce_REQ，则AAC可以根据包括所述KeyInfo_AAC对应的临时私钥和所述KeyInfo_REQ所包括的临时公钥进行密钥交换计算生成所述第一密钥K1，将K1结合包括所述Nonce_AAC和所述Nonce_REQ在内的信息，利用协商的或预置的密钥导出算法计算该消息加密密钥。其中，协商的密钥导出算法可以是AAC根据REQ发送的Securitycapabilities_REQ而选择使用的密钥导出算法。If the REQInit also includes the Nonce_REQ , the AAC may perform key exchange calculation according to the temporary private key corresponding to the KeyInfo_AAC and the temporary public key included in the KeyInfo_REQ to generate the first key K1 , combine K1 with the information including the Nonce_AAC and the Nonce_REQ , and use the negotiated or preset key derivation algorithm to calculate the message encryption key. The negotiated key derivation algorithm may be the key derivation algorithm selected and used by the AAC according to the Securitycapabilities_REQ sent by the REQ.

需要说明的是，在图2实施例中，REQ和AAC也可以生成消息完整性校验密钥。REQ和AAC各自生成消息完整性校验密钥的实施方式与图2实施例中示例的REQ和AAC各自生成消息加密密钥的实施方式相同。例如，AAC可以通过图2实施例的方式利用密钥导出算法导出一串密钥数据，该密钥数据既可以作为消息加密密钥又可以作为消息完整性校验密钥，或者，将该密钥数据中的一部分密钥数据作为消息加密密钥，将另一部分密钥数据作为消息完整性校验密钥；AAC也可以通过图2实施例的方式利用密钥导出算法分次导出两串相同或不同的密钥数据，一串作为消息加密密钥，一串作为消息完整性校验密钥。REQ可以通过图2实施例的方式利用密钥导出算法导出一串密钥数据，该密钥数据既可以作为消息加密密钥又可以作为消息完整性校验密钥，或者，将该密钥数据中的一部分密钥数据作为消息加密密钥，将另一部分密钥数据作为消息完整性校验密钥；REQ也可以通过图2实施例的方式利用密钥导出算法分次导出两串相同或不同的密钥数据，一串作为消息加密密钥，一串作为消息完整性校验密钥。It should be noted that, in the embodiment of FIG. 2, REQ and AAC can also generate a message integrity check key. The implementation manner in which the REQ and the AAC each generate the message integrity check key is the same as the implementation manner in which the REQ and the AAC each generate the message encryption key exemplified in the embodiment of FIG. 2 . For example, AAC can use the key derivation algorithm to derive a string of key data in the manner of the embodiment in FIG. 2, and the key data can be used as both a message encryption key and a message integrity check key, or, the key data can be used as a message encryption key and a message integrity check key. A part of the key data in the key data is used as the message encryption key, and the other part of the key data is used as the message integrity check key; AAC can also use the key derivation algorithm to derive two strings of the same value in stages by using the key derivation algorithm in the embodiment of FIG. 2 Or different key data, one string is used as the message encryption key, and the other string is used as the message integrity check key. REQ can use the key derivation algorithm to derive a string of key data in the manner of the embodiment of FIG. 2, and the key data can be used as both a message encryption key and a message integrity check key, or the key data can be used as A part of the key data is used as the message encryption key, and the other part of the key data is used as the message integrity check key; The key data, one string is used as the message encryption key, and the other string is used as the message integrity check key.

本申请实施例还提供了利用AAC和REQ之间信息交互来确定本次鉴别过程所使用的第一鉴别服务器和/或第二鉴别服务器的方法：The embodiment of the present application also provides a method for determining the first authentication server and/or the second authentication server used in this authentication process by utilizing the information exchange between the AAC and the REQ:

请参考图2，AAC在S201的AACInit中添加AAC信任的至少一个鉴别服务器的身份标识ID_{AS_AAC}，则REQ可以根据所述ID_{AS_AAC}确定自身信任的至少一个鉴别服务器的身份标识ID_{AS_REQ}。具体实现时，REQ从ID_{AS_AAC}中选取至少一个鉴别服务器且是自身信任的鉴别服务器的身份标识作为ID_{AS_REQ}，若选取失败，则REQ将自身信任的至少一个鉴别服务器的身份标识作为ID_{AS_REQ}(其中，选取成功对应非漫游情况，选取失败对应漫游情况)，将该ID_{AS_REQ}添加至S203的REQInit中发送给AAC。进而，AAC可以根据ID_{AS_AAC}和ID_{AS_REQ}确定第一鉴别服务器，例如AAC可以判断ID_{AS_REQ}和ID_{AS_AAC}中是否存在至少一个相同的鉴别服务器的身份标识，若存在，即为非漫游情况，AAC从上述至少一个REQ和AAC共同信任的鉴别服务器的身份标识中，确定参与身份鉴别的第一鉴别服务器；若不存在，则为漫游情况，AAC需要根据ID_{AS_AAC}确定参与身份鉴别的第一鉴别服务器AS-AAC，并将ID_{AS_REQ}发送给AS-AAC，以便AS-AAC根据ID_{AS_REQ}确定第二鉴别服务器AS-REQ。Referring to FIG. 2 , AAC adds the identity ID_{AS_AAC} of at least one authentication server trusted by AAC in AACInit of S201, then REQ can determine the identity ID_{AS_REQ} of at least one authentication server trusted by itself according to the ID_{AS_AAC} . When specifically implemented, REQ selects at least one identification server from ID_{AS_AAC} and is the identification of the identification server trusted by itself as ID_{AS_REQ} , if the selection fails, then REQ uses the identification of at least one identification server trusted by itself as ID_{AS_REQ} (wherein , select the success corresponding to the non-roaming situation, and select the failure corresponding to the roaming situation), add the ID_{AS_REQ} to the REQInit of S203 and send it to the AAC. Further, AAC can determine the first authentication server according to ID_{AS_AAC} and ID_{AS_REQ} . For example, AAC can determine whether there is at least one identical authentication server identity in ID_{AS_REQ} and ID_{AS_AAC} . If there is, it is a non-roaming situation. In the identification of at least one authentication server mutually trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication server AS-AAC participating in identity authentication according to ID_{AS_AAC} . AAC, and sends the ID_{AS_REQ} to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID_{AS_REQ} .

作为另一种实现方式，AAC可以不必向REQ发送ID_{AS_AAC}，而由REQ将自身信任的至少一个鉴别服务器的身份标识ID_{AS_REQ}添加至S203的REQInit中发送给AAC。根据ID_{AS_REQ}和AAC自身信任的至少一个鉴别服务器的身份标识ID_{AS_AAC}确定参与身份鉴别的第一鉴别服务器和/或第二鉴别服务器的具体实现方式如前一种实施方式。As another implementation manner, the AAC may not need to send the ID_{AS_AAC} to the REQ, but the REQ adds the ID_{AS_REQ} of at least one authentication server trusted by itself to the REQInit of S203 and sends it to the AAC. The specific implementation of determining the first authentication server and/or the second authentication server participating in the identity authentication according to the ID_{AS_REQ} and the identity ID_{AS_AAC} of at least one authentication server trusted by the AAC itself is as in the previous embodiment.

由于REQ和AAC信任的鉴别服务器可以相同也可以不同，当REQ和AAC信任的鉴别服务器相同时，即为非漫游情况；当REQ和AAC信任的鉴别服务器不同时，即为漫游的情况。下面结合非漫游和漫游的应用场景，对本申请实施例提供的身份鉴别方法进行介绍：(一)非漫游情况下，REQ身份保护的身份鉴别方法；(二)非漫游情况下，REQ和AAC身份保护的身份鉴别方法；(三)漫游情况下，REQ身份保护的身份鉴别方法；(四)漫游情况下，REQ和AAC身份保护的身份鉴别方法。Since the authentication servers trusted by REQ and AAC can be the same or different, when the authentication servers trusted by REQ and AAC are the same, it is a non-roaming situation; when the authentication servers trusted by REQ and AAC are different, it is a roaming situation. In the following, the identity authentication method provided by the embodiment of the present application will be introduced in combination with the application scenarios of non-roaming and roaming: (1) in the case of non-roaming, the identity authentication method of REQ identity protection; (2) in the case of non-roaming, the identity authentication method of REQ and AAC (3) In the case of roaming, the identity authentication method of REQ identity protection; (4) In the case of roaming, the identity authentication method of REQ and AAC identity protection.

参见图3，为上述(一)情况下一种身份鉴别方法的实施例。其中，可以用AS-AAC表示(当然也可以用AS-REQ表示)REQ和AAC共同信任的鉴别服务器。在该实施例中，REQ和AAC之间的消息加密密钥协商过程被并行地融合到了身份鉴别过程中，更便于工程实施。该身份鉴别方法包括：Referring to FIG. 3, it is an embodiment of an identity authentication method in the above-mentioned (1) case. Among them, AS-AAC can be used to represent (of course, AS-REQ can also be used to represent) an authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient for engineering implementation. The identification method includes:

S301、AAC生成Nonce_AAC和KeyInfo_AAC，根据需要生成Security capabilites_AAC。S301, AAC generates Nonce_AAC and KeyInfo_AAC , and generates Security capabilites_AAC as required.

S302、AAC向REQ发送密钥请求消息AACInit。S302. The AAC sends a key request message AACInit to the REQ.

所述AACInit中包括Nonce_AAC、KeyInfo_AAC和Security capabilites_AAC。其中，Security capabilites_AAC为可选字段，表示AAC支持的安全能力参数信息，包括AAC支持的身份鉴别套件、对称加密算法和/或密钥导出算法等(下文同)。The AACInit includes Nonce_AAC , KeyInfo_AAC and Security capabilites_AAC . Among them, Security capabilites_AAC is an optional field, indicating the security capability parameter information supported by AAC, including the identity authentication suite, symmetric encryption algorithm and/or key derivation algorithm supported by AAC (the same below).

S303、REQ接收到AACInit后，执行下述操作(若无特别说明或逻辑上的关系，本文中以(1)、(2)……编号的动作并不因为有编号而存在必然的先后顺序，全文同)，包括：S303. After REQ receives AACInit, perform the following operations (if there is no special description or logical relationship, the actions numbered in (1), (2)... The same as the full text), including:

(1)、生成Nonce_REQ和KeyInfo_REQ；(1), generate Nonce_REQ and KeyInfo_REQ ;

(2)、根据需要生成Security capabilities_REQ；(2), generate Security capabilities_REQ as needed;

(3)、根据包括KeyInfo_REQ对应的临时私钥和KeyInfo_AAC所包括的临时公钥进行密钥交换计算生成第一密钥K1，将K1结合Nonce_AAC、Nonce_REQ及其他信息(REQ和AAC采用的其他信息是相同的且可选的，譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥；这一步可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行；(3), according to including the temporary private key corresponding to KeyInfo_REQ and the temporary public key included in KeyInfo_AAC , perform key exchange calculation to generate the first key K1, combine K1 with Nonce_AAC , Nonce_REQ and other information (REQ and AAC adopt other information is the same and optional, such as a specific string, etc.) use the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; this step can be moved to the subsequent need Execute when the message encryption key and the message integrity check key are used;

(4)、生成Nonce_REQID和Nonce_REQPub；(4), generate Nonce_REQID and Nonce_REQPub ;

(5)、利用加密证书的公钥计算EncPub_{AS_REQ}；(5), utilize the public key of encryption certificate to calculate EncPub_{AS_REQ} ;

(6)、计算REQ的数字签名Sig_REQ。(6), calculate the digital signature Sig REQ of_REQ .

S304、REQ向AAC发送身份密文消息REQInit。S304, REQ sends an identity ciphertext message REQInit to the AAC.

所述REQInit中包括Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、EncPub_{AS_REQ}及Sig_REQ。其中，Sig_REQ的签名数据包括REQInit中Sig_REQ之前的其他字段，例如包括Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ及EncPub_{AS_REQ}；Nonce_AAC应等于AACInit中的相应字段；EncPub_{AS_REQ}的加密数据包括ID_REQ、Cert_REQ、Nonce_REQID和Nonce_REQPub；Security capabilities_REQ为可选字段，REQ是否生成Security capabilities_REQ取决于AAC向REQ发送的AACInit中是否携带Security capabilities_AAC。Security capabilities_REQ表示REQ根据Security capabilites_AAC作出的特定安全策略的选择，即REQ确定使用的身份鉴别方法、对称加密算法和/或密钥导出算法等(下文同)。The REQInit includes Nonce_AAC , Nonce_REQ , Security capabilities_REQ , KeyInfo_REQ , EncPub_{AS_REQ} and Sig_REQ . Among them, the signature data of Sig_REQ includes other fields before Sig_REQ in REQInit, such as including Nonce_AAC , Nonce_REQ , Security capabilities_REQ , KeyInfo_REQ and EncPub_{AS_REQ} ; Nonce_AAC should be equal to the corresponding field in AACInit; encrypted data of EncPub_{AS_REQ} Including ID_REQ , Cert_REQ , Nonce_REQID and Nonce_REQPub ; Security capabilities_REQ is an optional field, whether REQ generates Security capabilities_REQ depends on whether the AACInit sent by AAC to REQ carries Security capabilities_AAC . Security capabilities_REQ represents the selection of a specific security policy made by REQ according to the Security capabilites_AAC , that is, the identity authentication method, symmetric encryption algorithm and/or key derivation algorithm, etc. determined by REQ (the same below).

S305、AAC接收到REQInit，执行下述操作，包括：S305, AAC receives REQInit, and performs the following operations, including:

(1)、检查REQInit中的Nonce_AAC与AAC生成的Nonce_AAC是否一致，若不一致，则丢弃REQInit；(1) Check whether the Nonce_AAC in REQInit is consistent with the Nonce AAC generated by_AAC , if not, discard REQInit;

(2)、根据包括所述KeyInfo_AAC对应的临时私钥和所述KeyInfo_REQ所包括的临时公钥进行密钥交换计算生成第一密钥K1，将K1结合Nonce_AAC、Nonce_REQ及其他信息(AAC和REQ采用的其他信息是相同的且可选的，譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥；当然，这一步也可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行。(2), according to including the temporary private key corresponding to the KeyInfo_AAC and the temporary public key included in the KeyInfo_REQ , perform key exchange calculation to generate the first key K1, combine K1 with Nonce_AAC , Nonce_REQ and other information ( Other information used by AAC and REQ is the same and optional, such as specific strings, etc.) using the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; of course, this step It can also be moved to the execution when the message encryption key and the message integrity check key need to be used later.

(3)、计算生成MIC_AAC。(3), calculate and generate MIC_AAC .

S306、AAC向AS-AAC发送第一鉴别请求消息AACVeri。S306. The AAC sends a first authentication request message AACVeri to the AS-AAC.

所述AACVeri中包括EncPub_{AS_REQ}、Nonce_REQ、ID_AAC、Nonce_AAC及MIC_AAC。其中，EncPub_{AS_REQ}、Nonce_REQ应分别等于REQInit中的相应字段；ID_AAC、Nonce_AAC是AAC的身份标识ID_AAC和AAC产生的Nonce_AAC；MIC_AAC是AAC利用与AS-AAC的预共享密钥K_{AAC_AS}，采用与AS-AAC约定的杂凑算法对AACVeri中MIC_AAC之前的其他字段在内的信息计算得到的杂凑值。例如，当AACVeri中依次包括EncPub_{AS_REQ}、Nonce_REQ、ID_AAC、Nonce_AAC及MIC_AAC时，AAC利用所述K_{AAC_AS}，采用所述杂凑算法对包括EncPub_{AS_REQ}、Nonce_REQ、ID_AAC和Nonce_AAC在内的信息计算得到MIC_AAC。The AACVeri includes EncPub_{AS_REQ} , Nonce_REQ , ID_AAC , Nonce_AAC and MIC_AAC . Wherein, EncPub_{AS_REQ} , Nonce_REQ should be equal to the corresponding field in REQInit respectively; ID_AAC , Nonce_AAC are the Nonce_AAC that the ID_{AAC of AAC} and AAC produce; MIC_AAC is that AAC utilizes the pre-shared key K with AS-AAC_{AAC_AS} , the hash value obtained by using the hash algorithm agreed with AS-AAC to calculate the information including other fields before the MIC_AAC in AACVeri. For example, when AACVeri includes EncPub_{AS_REQ} , Nonce_REQ , ID_AAC , Nonce_AAC and MIC_AAC in sequence, AAC uses the K_{AAC_AS} and adopts the hash algorithm to include EncPub_{AS_REQ} , Nonce_REQ , ID_AAC and Nonce_AAC The information is calculated to obtain MIC_AAC .

S307、AS-AAC接收到AACVeri后，执行下述操作，包括：S307. After receiving the AACVeri, AS-AAC performs the following operations, including:

(1)、验证MIC_AAC得到Res_AAC，根据包括Res_AAC和ID_AAC在内的信息生成Pub_AAC；(1), verify that MIC_AAC obtains Res_AAC , and generate Pub_AAC according to the information including Res_AAC and ID_AAC ;

其中，AS-AAC根据AACVeri中的ID_AAC确定与AAC的预共享密钥K_{AAC_AS}和杂凑算法，利用所述K_{AAC_AS}，采用所述杂凑算法对AACVeri中MIC_AAC之前的其他字段在本地计算出MIC_AAC，并将其和接收到的MIC_AAC进行比较，若相同，则MIC_AAC验证通过，AS-AAC判定AAC的身份鉴别结果为合法，若不同，则MIC_AAC验证不通过，AS-AAC根据本地策略执行如下操作，包括：丢弃AACVeri，或者判定AAC的身份鉴别结果为不合法等。Wherein, AS-AAC determines the pre-shared key K_{AAC_AS} with AAC and a hash algorithm according to the ID_AAC in AACVeri, uses the K_{AAC_AS} and uses the hash algorithm to locally calculate the MIC for other fields before the MIC_AAC in AACVeri_AAC , and compare it with the received MIC_AAC . If the same, the MIC_AAC verification is passed, and AS-AAC determines that the AAC's identity authentication result is legal. If it is different, the MIC_AAC verification fails. The policy performs the following operations, including: discarding the AACVeri, or determining that the identity authentication result of the AAC is invalid, etc.

(2)、利用加密证书对应的私钥解密EncPub_{AS_REQ}得到ID_REQ、Cert_REQ、Nonce_REQID和Nonce_REQPub，验证Cert_REQ的合法性得到Res_REQ，根据包括Res_REQ和Cert_REQ在内的信息生成Pub_REQ；(2) Decrypt EncPub_{AS_REQ} with the private key corresponding to the encrypted certificate to obtain ID_REQ , Cert_REQ , Nonce_REQID and Nonce_REQPub , verify the legitimacy of Cert_REQ to obtain Res_REQ , and generate Pub according to the information including Res_REQ and Cert_REQREQ ;

(3)、利用Nonce_REQID对ID_REQ进行异或运算得到ID_REQ⊕Nonce_REQID，利用Nonce_REQPub对Pub_REQ进行异或运算得到Pub_REQ⊕Nonce_REQPub；(3), utilize Nonce_REQID to carry out XOR operation to ID_REQ to obtain ID_REQ ⊕Nonce_REQID , utilize Nonce_REQPub to carry out XOR operation to Pub_REQ to obtain Pub_REQ ⊕Nonce_REQPub ;

(4)、计算第一数字签名Sig_{AS_AAC1}，计算AS-AAC的第一消息鉴别码MIC_{AS_AAC}。(4) Calculate the first digital signature Sig_{AS_AAC1} , and calculate the first message authentication code MIC_{AS_AAC} of the AS-AAC.

S308、AS-AAC向AAC发送第一鉴别响应消息ASVeri。S308, the AS-AAC sends the first authentication response message ASVeri to the AAC.

所述ASVeri中包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC、Sig_{AS_AAC1}、ID_AAC、Nonce_AAC、Pub_REQ⊕Nonce_REQPub及MIC_{AS_AAC}。其中，ID_REQ、Nonce_REQ、ID_AAC、Nonce_AAC应分别等于AACVeri中的相应字段；Sig_{AS_AAC1}的签名数据包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC；MIC_{AS_AAC}是AS-AAC利用所述K_{AAC_AS}，采用与AAC约定的杂凑算法对包括ID_AAC、Nonce_AAC和Pub_REQ⊕Nonce_REQPub在内的信息计算生成的。The ASVeri includes ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC , Sig_{AS_AAC1} , ID_AAC , Nonce_AAC , Pub_REQ ⊕ Nonce_REQPub and MIC_{AS_AAC} . Among them, ID_REQ , Nonce_REQ , ID_AAC , and Nonce_AAC should be equal to the corresponding fields in AACVeri respectively; the signature data of Sig_{AS_AAC1} includes ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC ; MIC_{AS_AAC} is that AS-AAC uses the K_{AAC_AS} , which is calculated and generated from information including ID_AAC , Nonce_AAC and Pub_REQ ⊕Nonce_REQPub using the hash algorithm agreed with AAC.

S309、AAC接收到ASVeri后，执行下述操作，包括：S309. After AAC receives ASVeri, it performs the following operations, including:

(1)、检查ASVeri中的ID_AAC、Nonce_AAC是否分别与AAC自身的身份标识ID_AAC、AAC生成的Nonce_AAC相同；若不同，则丢弃ASVeri；(1), check whether ID_AAC and Nonce_AAC in AVSeri are the same as AAC's own identity ID_AAC and Nonce_AAC generated by AAC, respectively; if they are different, discard ASVeri;

(2)、验证MIC_{AS_AAC}；若验证不通过，则丢弃ASVeri；(2), verify the MIC_{AS_AAC} ; if the verification fails, discard the ASVeri;

其中，AAC利用所述K_{AAC_AS}，采用与AS-AAC约定的杂凑算法对包括ID_AAC、Nonce_AAC和Pub_REQ⊕Nonce_REQPub在内的信息在本地计算出MIC_{AS_AAC}，并将其与接收到的MIC_{AS_AAC}进行比较，若相同，则MIC_{AS_AAC}验证通过，若不同，则MIC_{AS_AAC}验证不通过。Wherein, AAC utilizes the K_{AAC_AS} , adopts the hash algorithm agreed with AS-AAC to calculate the MIC_{AS_AAC} locally for the information including ID_AAC , Nonce_AAC and Pub_REQ ⊕ Nonce_REQPub , and compares it with the received MIC_{AS_AAC} is compared. If they are the same, the MIC_{AS_AAC} verification passes. If they are different, the MIC_{AS_AAC} verification fails.

(3)、利用消息加密密钥计算身份鉴别结果信息密文EncData_AAC；(3), utilize the message encryption key to calculate the identity authentication result information ciphertext EncData_AAC ;

(4)、计算第一消息完整性校验码MacTag_AAC。(4) Calculate the first message integrity check code MacTag_AAC .

S310、AAC向REQ发送第三鉴别响应消息AACAuth。S310. AAC sends a third authentication response message AACAuth to REQ.

所述AACAuth中包括Nonce_AAC、Nonce_REQ、EncData_AAC和MacTag_AAC。其中，Nonce_REQ和Nonce_AAC为可选字段，且分别等于REQInit中的Nonce_REQ和AAC生成的Nonce_AAC。EncData_AAC的加密数据包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC、Sig_{AS_AAC1}和ID_AAC，且ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC、Sig_{AS_AAC1}来源于ASVeri，ID_AAC应等于AAC自身的身份标识ID_AAC。MacTag_AAC的计算过程为：利用消息完整性校验密钥采用完整性校验算法对包括AACAuth中除MacTag_AAC外的其他字段在内的信息计算生成MacTag_AAC。The AACAuth includes Nonce_AAC , Nonce_REQ , EncData_AAC and MacTag_AAC . Among them, Nonce_REQ and Nonce_AAC are optional fields and are respectively equal to Nonce_REQ and Nonce_AAC generated by AAC in REQInit. The encrypted data of EncData_AAC includes ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC , Sig_{AS_AAC1} and ID_AAC , and ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC , Sig_{AS_AAC1} comes from ASVeri, and ID_AAC should be equal to AAC's own Identifier ID_AAC . The calculation process of the MacTag_AAC is as follows: using the message integrity check key and the integrity check algorithm to calculate and generate the MacTag_{AAC for the information including other fields in AACAuth except the MacTag AAC.}

S311、REQ接收到AACAuth后，执行下述操作，包括：S311. After receiving the AACAuth, REQ performs the following operations, including:

(1)、若AACAuth中携带Nonce_REQ和/或Nonce_AAC，则检查Nonce_REQ是否与REQ生成的Nonce_REQ相同，和/或，检查Nonce_AAC是否与AACInit中的Nonce_AAC相同；(1) If AACAuth carries Nonce_REQ and/or Nonce_AAC , check whether the Nonce_REQ is the same as the Nonce_REQ generated by REQ, and/or, check whether the Nonce_AAC is the same as the Nonce_AAC in AACInit;

(2)、验证MacTag_AAC；(2), verify MacTag_AAC ;

验证过程为：利用消息完整性校验密钥采用完整性校验算法对包括AACAuth中除MacTag_AAC外的其他字段在内的信息在本地计算MacTag_AAC(该计算方式与AAC计算MacTag_AAC的方式相同)，将计算的MacTag_AAC与接收到的MacTag_AAC比较。The verification process is: use the message integrity check key and use the integrity check algorithm to calculate the MacTag_{AAC locally for the information including the other fields in AACAuth except the MacTag AAC(} this calculation method is the same as the way AAC calculates the MacTag_AAC . ) to compare the calculated MacTag_AAC with the received MacTag_AAC .

(3)、利用消息加密密钥解密EncData_AAC得到ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC、Sig_{AS_AAC1}和ID_AAC；(3), utilize message encryption key to decrypt EncData_AAC to obtain ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC , Sig_{AS_AAC1} and ID_AAC ;

(4)、利用Nonce_REQID对ID_REQ⊕Nonce_REQID进行异或运算恢复ID_REQ，检查ID_REQ、Nonce_REQ是否分别与REQ自身的身份标识ID_REQ、REQ生成的Nonce_REQ相同；(4), use Nonce_REQID to perform XOR operation on ID_REQ ⊕ Nonce_REQID to restore ID_REQ , check whether ID_REQ and Nonce_REQ are the same as the Nonce_REQ generated by REQ's own identity ID_REQ and REQ respectively;

(5)、检查Pub_AAC中的ID_AAC和解密得到的ID_AAC是否一致；(5), check whether the ID_AAC in the Pub_AAC is consistent with the ID_AAC obtained by decryption;

(6)、利用AS-AAC的公钥验证Sig_{AS_AAC1}；(6), utilize the public key of AS-AAC to verify Sig_{AS_AAC1} ;

(7)、若上述检查与验证中任一步不通过，则立即丢弃AACAuth；若上述检查和验证均通过后，根据Pub_AAC中的Res_AAC确定AAC的身份鉴别结果；若AAC为不合法，则结束本次鉴别过程；(7) If any one of the above checks and verifications fails, discard AACAuth immediately; if the above checks and verifications pass, determine the identity authentication result of AAC according to Res_AAC in Pub_AAC ; if AAC is illegal, then end the identification process;

(8)、利用消息加密密钥计算第二密钥密文EncData_REQ；(8), utilize the message encryption key to calculate the second key ciphertext EncData_REQ ;

(9)、计算第二消息完整性校验码MacTag_REQ。(9) Calculate the second message integrity check code MacTag_REQ .

S312、REQ向AAC发送第四鉴别响应消息REQAuth。S312. REQ sends a fourth authentication response message REQAuth to the AAC.

所述REQAuth中包括Nonce_AAC、Nonce_REQ、EncData_REQ及MacTag_REQ。其中，Nonce_REQ和Nonce_AAC为可选字段，且应分别等于REQ生成的Nonce_REQ和AACInit中的Nonce_AAC；EncData_REQ的加密数据包括Nonce_REQPub。MacTag_REQ的计算过程为：利用消息完整性校验密钥采用完整性校验算法对包括REQAuth中除MacTag_REQ外的其他字段在内的信息计算生成MacTag_REQ。The REQAuth includes Nonce_AAC , Nonce_REQ , EncData_REQ and MacTag_REQ . Among them, Nonce_REQ and Nonce_AAC are optional fields, and should be equal to Nonce REQ generated by_REQ and Nonce_AAC in AACInit respectively; the encrypted data of EncData_REQ includes Nonce_REQPub . The calculation process of the MacTag_REQ is as follows: using the message integrity check key and the integrity check algorithm to calculate and generate the MacTag_{REQ for information including other fields in REQAuth except the MacTag REQ.}

S313、AAC接收到REQAuth后，执行下述操作，包括：S313. After receiving the REQAuth, the AAC performs the following operations, including:

(1)、若REQAuth中携带Nonce_REQ和/或Nonce_AAC，则检查Nonce_REQ是否与REQInit中的Nonce_REQ相同，和/或，检查Nonce_AAC是否与AAC生成的Nonce_AAC相同；(1) If the Nonce_REQ and/or Nonce_AAC are carried in REQAuth, check whether the Nonce_REQ is the same as the Nonce_REQ in REQInit, and/or, check whether the Nonce_AAC is the same as the Nonce_AAC generated by AAC;

(2)、验证MacTag_REQ；(2), verify MacTag_REQ ;

验证过程为：利用消息完整性校验密钥采用完整性校验算法对包括REQAuth中除MacTag_REQ外的其他字段在内的信息在本地计算MacTag_REQ(该计算方式与REQ计算MacTag_REQ的方式相同)，并将计算的MacTag_REQ与接收到的MacTag_REQ进行比较。The verification process is: use the message integrity check key and use the integrity check algorithm to calculate the MacTag_{REQ locally for the information including other fields in REQAuth except the MacTag REQ(} this calculation method is the same as the way REQ calculates the MacTag_REQ . ) and compare the calculated MacTag_REQ with the received MacTag_REQ .

(3)、利用消息加密密钥解密EncData_REQ得到Nonce_REQPub；(3), utilize message encryption key to decrypt EncData_REQ to obtain Nonce_REQPub ;

(4)、利用Nonce_REQPub对Pub_REQ⊕Nonce_REQPub进行异或运算恢复Pub_REQ；(4), utilize Nonce_REQPub to carry out XOR operation to Pub_REQ ⊕ Nonce_REQPub to restore Pub_REQ ;

(5)、利用Pub_REQ中的Cert_REQ验证Sig_REQ；(5), utilize the Cert_REQ in the Pub_REQ to verify the Sig_REQ ;

(6)、上述检查及验证均通过，则根据Pub_REQ中的Res_REQ确定REQ的身份鉴别结果；上述检查与验证中任一项不通过，则立即丢弃REQAuth。(6) If the above checks and verifications are all passed, the identity authentication result of REQ is determined according to Res_REQ in Pub_REQ ; if any of the above checks and verifications fail, REQAuth will be discarded immediately.

由此，在S311和S313分别实现对AAC和对REQ的身份鉴别，即实现REQ和AAC的双向身份鉴别，并且REQ的身份标识ID_REQ、数字证书Cert_REQ、鉴别结果等全程以密文形式传输，实现REQ的身份保护。Thus, at S311 and S313, the identification of the AAC and the REQ is realized respectively, that is, the two-way identification of the REQ and the AAC is realized, and the identification ID_REQ of the REQ, the digital certificate Cert_REQ , the identification result, etc. are transmitted in cipher text throughout the process. , to realize the identity protection of REQ.

需要说明的是，S313中验证Sig_REQ的操作也可以改为在S307中先行执行，其中，Sig_REQ可以通过S306的AACVeri传递至AS-AAC，则在S307中，AS-AAC还要利用Cert_REQ验证Sig_REQ，验证通过后再执行后续操作，此情形下，在S313中AAC不再验证Sig_REQ，此时Pub_REQ中可以不包括Cert_REQ。It should be noted that the operation of verifying Sig_REQ in S313 can also be changed to be performed first in S307, where Sig_REQ can be passed to AS-AAC through AACVeri of S306, then in S307, AS-AAC also uses Cert_REQ Verify the Sig_REQ , and perform subsequent operations after the verification is passed. In this case, the AAC does not verify the Sig_REQ in S313, and the Pub_REQ may not include the Cert_REQ in this case.

参见图4，为上述(二)情况下一种身份鉴别方法的实施例。其中，可以用AS-AAC表示(当然也可以用AS-REQ表示)REQ和AAC共同信任的鉴别服务器。在该实施例中，REQ和AAC之间的消息加密密钥协商过程被并行地融合到了身份鉴别过程中，更便于工程实施。该身份鉴别方法包括：Referring to FIG. 4 , it is an embodiment of an identity authentication method in the above-mentioned (2) case. Among them, AS-AAC can be used to represent (of course, AS-REQ can also be used to represent) an authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient for engineering implementation. The identification method includes:

S401、AAC生成Nonce_AAC和KeyInfo_AAC，根据需要生成Security capabilities_AAC。S401, AAC generates Nonce_AAC and KeyInfo_AAC , and generates Security capabilities_AAC as required.

S402、AAC向REQ发送密钥请求消息AACInit。S402. The AAC sends a key request message AACInit to the REQ.

所述AACInit中包括Nonce_AAC、KeyInfo_AAC和Security capabilites_AAC。其中，Security capabilities_AAC为可选字段。The AACInit includes Nonce_AAC , KeyInfo_AAC and Security capabilites_AAC . Among them, Security capabilities_AAC is an optional field.

S403、REQ接收到AACInit后，执行下述操作，包括：S403. After REQ receives AACInit, the following operations are performed, including:

(1)、生成Nonce_REQ和KeyInfo_REQ；(1), generate Nonce_REQ and KeyInfo_REQ ;

(2)、根据需要生成Security capabilities_REQ；(2), generate Security capabilities_REQ as needed;

(3)、根据包括KeyInfo_REQ对应的临时私钥和KeyInfo_AAC所包括的临时公钥进行密钥交换计算生成第一密钥K1，将K1结合Nonce_AAC、Nonce_REQ及其他信息(REQ和AAC采用的其他信息是相同的且可选的，譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥；当然，这一步也可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行；(3), according to including the temporary private key corresponding to KeyInfo_REQ and the temporary public key included in KeyInfo_AAC , perform key exchange calculation to generate the first key K1, combine K1 with Nonce_AAC , Nonce_REQ and other information (REQ and AAC adopt other information is the same and optional, such as specific strings, etc.) use the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; of course, this step can also be moved to Execute when the message encryption key and message integrity check key need to be used later;

(4)、生成Nonce_REQID和Nonce_REQPub；(4), generate Nonce_REQID and Nonce_REQPub ;

(5)、利用加密证书的公钥计算EncPub_{AS_REQ}；(5), utilize the public key of encryption certificate to calculate EncPub_{AS_REQ} ;

(6)、计算Sig_REQ。(6), calculate Sig_REQ .

S404、REQ向AAC发送身份密文消息REQInit。S404, REQ sends an identity ciphertext message REQInit to the AAC.

所述REQInit中包括Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、EncPub_{AS_REQ}及Sig_REQ。其中，EncPub_{AS_REQ}是REQ利用加密证书的公钥对包括ID_REQ、Cert_REQ、Nonce_REQPub和Nonce_REQID在内的加密数据进行加密生成的；Sig_REQ的签名数据包括REQInit中Sig_REQ之前的其他字段，例如包括Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ及EncPub_{AS_REQ}；Security capabilities_REQ为可选字段，REQ是否生成Securitycapabilities_REQ取决于AAC向REQ发送的AACInit中是否携带Security capabilities_AAC。The REQInit includes Nonce_AAC , Nonce_REQ , Security capabilities_REQ , KeyInfo_REQ , EncPub_{AS_REQ} and Sig_REQ . Among them, EncPub_{AS_REQ} is generated by REQ using the public key of the encryption certificate to encrypt the encrypted data including ID_REQ , Cert_REQ , Nonce_REQPub and Nonce_REQID ; the signature data of Sig_REQ includes other fields before Sig_REQ in REQInit, For example, it includes Nonce_AAC , Nonce_REQ , Security capabilities_REQ , KeyInfo_REQ and EncPub_{AS_REQ} ; Security capabilities_REQ is an optional field, and whether REQ generates Securitycapabilities_REQ depends on whether the AACInit sent by AAC to REQ carries Security capabilities_AAC .

S405、AAC接收到REQInit后，执行如下操作，包括：S405. After receiving REQInit, the AAC performs the following operations, including:

(1)、检查REQInit中的Nonce_AAC与AAC生成的Nonce_AAC是否一致，若不一致，则丢弃REQInit；(1) Check whether the Nonce_AAC in REQInit is consistent with the Nonce AAC generated by_AAC , if not, discard REQInit;

(2)、根据包括所述KeyInfo_AAC对应的临时私钥和所述KeyInfo_REQ所包括的临时公钥进行密钥交换计算生成第一密钥K1，将K1结合Nonce_AAC、Nonce_REQ及其他信息(AAC和REQ采用的其他信息是相同的且可选的，譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥；当然，这一步也可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行。(2), according to including the temporary private key corresponding to the KeyInfo_AAC and the temporary public key included in the KeyInfo_REQ , perform key exchange calculation to generate the first key K1, combine K1 with Nonce_AAC , Nonce_REQ and other information ( Other information used by AAC and REQ is the same and optional, such as specific strings, etc.) using the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; of course, this step It can also be moved to the execution when the message encryption key and the message integrity check key need to be used later.

(3)、生成Nonce_AACPub和Nonce_AACID；(3), generate Nonce_AACPub and Nonce_AACID ;

(4)、利用加密证书的公钥计算生成EncPub_{AS_AAC}；(4), utilize the public key calculation of encryption certificate to generate EncPub_{AS_AAC} ;

(5)、计算生成MIC_AAC。(5), calculate and generate MIC_AAC .

S406、AAC向AS-AAC发送第一鉴别请求消息AACVeri。S406. The AAC sends a first authentication request message AACVeri to the AS-AAC.

所述AACVeri中包括EncPub_{AS_REQ}、Nonce_REQ、EncPub_{AS_AAC}、Nonce_AAC及MIC_AAC。其中，Nonce_REQ应等于REQInit中的相应字段，Nonce_AAC应等于AAC生成的Nonce_AAC。EncPub_{AS_AAC}是AAC利用加密证书的公钥对包括ID_AAC、Nonce_AACID、Nonce_AACPub在内的信息加密生成的；MIC_AAC是AAC利用与AS-AAC的预共享密钥K_{AAC_AS}，采用与AS-AAC约定的杂凑算法对AACVeri中MIC_AAC之前的其他字段计算的杂凑值。The AACVeri includes EncPub_{AS_REQ} , Nonce_REQ , EncPub_{AS_AAC} , Nonce_AAC and MIC_AAC . Among them, Nonce_REQ shall be equal to the corresponding field in REQInit, and Nonce_AAC shall be equal to Nonce AAC generated by_AAC . EncPub_{AS_AAC} is generated by AAC using the public key of the encryption certificate to encrypt information including ID_AAC , Nonce_AACID , Nonce_AACPub ; MIC_AAC is AAC using the pre-shared key K_{AAC_AS} with AS-AAC, using the same as AS-AAC The hash value calculated by the agreed hash algorithm for other fields before the MIC_AAC in AACVeri.

S407、AS-AAC接收到AACVeri后，执行下述操作，包括：S407. After receiving the AACVeri, AS-AAC performs the following operations, including:

(1)、利用加密证书对应的私钥解密EncPub_{AS_AAC}得到ID_AAC、Nonce_AACID和Nonce_AACPub；(1), decrypt EncPub_{AS_AAC} with the private key corresponding to the encryption certificate to obtain ID_AAC , Nonce_AACID and Nonce_AACPub ;

(2)、验证MIC_AAC得到Res_AAC，根据包括Res_AAC和ID_AAC在内的信息生成Pub_AAC；(2), verify that MIC_AAC obtains Res_AAC , and generate Pub_AAC according to the information including Res_AAC and ID_AAC ;

其中，AS-AAC根据ID_AAC确定与AAC的预共享密钥K_{AAC_AS}和杂凑算法，利用所述K_{AAC_AS}，采用所述杂凑算法对所述AACVeri中MIC_AAC之前的其他字段在本地计算出MIC_AAC，并将其和接收到的MIC_AAC进行比较，若相同，则MIC_AAC验证通过，AS-AAC判定AAC的身份鉴别结果为合法，若不同，则MIC_AAC验证不通过，AS-AAC根据本地策略执行如下操作，包括：丢弃AACVeri，或者判定AAC的身份鉴别结果为不合法等。Wherein, AS-AAC determines the pre-shared key K_{AAC_AS} with AAC and a hash algorithm according to ID_AAC , and uses the K_{AAC_AS} to calculate the MIC_AAC locally for other fields before the MIC_AAC in the AACVeri by using the hash algorithm , and compare it with the received MIC_AAC . If they are the same, the MIC_AAC verification is passed, and AS-AAC determines that the AAC's identity authentication result is legal. If they are different, the MIC_AAC verification fails. Perform the following operations, including: discarding the AACVeri, or determining that the identity authentication result of the AAC is invalid, etc.

(3)、利用加密证书对应的私钥解密EncPub_{AS_REQ}得到ID_REQ、Cert_REQ、Nonce_REQID和Nonce_REQPub；(3), decrypt EncPub_{AS_REQ} with the private key corresponding to the encryption certificate to obtain ID_REQ , Cert_REQ , Nonce_REQID and Nonce_REQPub ;

(4)、验证Cert_REQ的合法性得到Res_REQ，根据包括Res_REQ和Cert_REQ在内的信息生成Pub_REQ；(4), verify the legitimacy of Cert_REQ to obtain Res_REQ , and generate Pub_REQ according to the information including Res_REQ and Cert_REQ ;

(5)、利用Nonce_REQID对ID_REQ进行异或运算得到REQ的身份标识密文ID_REQ⊕Nonce_REQID，利用Nonce_AACID对ID_AAC进行异或运算得到AAC的身份标识密文ID_AAC⊕Nonce_AACID，利用Nonce_AACPub对Pub_AAC进行异或运算得到Pub_AAC⊕Nonce_AACPub，利用Nonce_REQPub对Pub_REQ进行异或运算得到Pub_REQ⊕Nonce_REQPub；(5), use Nonce_REQID to perform XOR operation on ID_REQ to obtain the identity ciphertext ID_REQ ⊕Nonce_REQID of REQ, and use Nonce_AACID to perform XOR operation on ID_AAC to obtain the identity ciphertext ID_AAC ⊕Nonce_AACID of AAC, Use Nonce_AACPub to perform XOR operation on Pub_AAC to obtain Pub_AAC ⊕Nonce_AACPub , and use Nonce_REQPub to perform XOR operation on Pub_REQ to obtain Pub_REQ ⊕Nonce_REQPub ;

(6)、计算第一数字签名Sig_{AS_AAC1}和AS-AAC的第一消息鉴别码MIC_{AS_AAC}。(6) Calculate the first digital signature Sig_{AS_AAC1} and the first message authentication code MIC_{AS_AAC} of AS-AAC.

S408、AS-AAC向AAC发送第一鉴别响应消息ASVeri。S408, the AS-AAC sends the first authentication response message ASVeri to the AAC.

所述ASVeri中包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、Sig_{AS_AAC1}、ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQ⊕Nonce_REQPub和MIC_{AS_AAC}。其中，ID_REQ、Nonce_REQ、ID_AAC、Nonce_AAC应分别等于AACVeri中的相应字段。Sig_{AS_AAC1}的签名数据包括ID_REQ⊕Nonce_REQID、Nonce_REQ和Pub_AAC⊕Nonce_AACPub；MIC_{AS_AAC}是AS-AAC利用所述K_{AAC_AS}，采用与AAC约定的杂凑算法对包括ID_AAC⊕Nonce_AACID、Nonce_AAC和Pub_REQ⊕Nonce_REQPub在内的信息计算生成的。The ASVeri includes ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC ⊕ Nonce_AACPub , Sig_{AS_AAC1} , ID_AAC ⊕ Nonce_AACID , Nonce_AAC , Pub_REQ ⊕ Nonce_REQPub and MIC_{AS_AAC} . Among them, ID_REQ , Nonce_REQ , ID_AAC , and Nonce_AAC should be respectively equal to the corresponding fields in AACVeri. The signature data of Sig_{AS_AAC1} includes ID_REQ ⊕ Nonce_REQID , Nonce_REQ and Pub_AAC ⊕ Nonce_AACPub ; MIC_{AS_AAC} is that AS-AAC utilizes the K_{AAC_AS} and adopts the hash algorithm pair agreed with AAC including ID_AAC ⊕ Nonce_AACID , Nonce_AAC It is generated by information calculation including Pub_REQ ⊕Nonce_REQPub .

S409、AAC接收到ASVeri后，执行下述操作，包括：S409. After AAC receives ASVeri, it performs the following operations, including:

(1)、利用Nonce_AACID对ID_AAC⊕Nonce_AACID进行异或运算恢复ID_AAC，检查ID_AAC、Nonce_AAC是否分别与AAC自身的身份标识ID_AAC、AAC生成的Nonce_AAC相同；若不同，则丢弃ASVeri；(1), use Nonce_AACID to perform XOR operation on ID_AAC ⊕ Nonce_AACID to restore ID_AAC , check whether ID_AAC and Nonce_AAC are the same as the Nonce_AAC generated by AAC's own identity ID_AAC and AAC respectively; if they are different, discard them ASVeri;

(2)、验证MIC_{AS_AAC}；若验证不通过，则丢弃ASVeri；(2), verify the MIC_{AS_AAC} ; if the verification fails, discard the ASVeri;

其中，AAC利用所述K_{AAC_AS}，采用与AS-AAC约定的杂凑算法对包括ID_AAC⊕Nonce_AACID、Nonce_AAC和Pub_REQ⊕Nonce_REQPub在内的信息在本地计算出MIC_{AS_AAC}，并将其与接收到的MIC_{AS_AAC}进行比较，若相同，则MIC_{AS_AAC}验证通过，若不同，则MIC_{AS_AAC}验证不通过；The AAC uses the K_{AAC_AS} to calculate the MIC_{AS_AAC} locally for the information including ID_AAC ⊕ Nonce_AACID , Nonce_AAC and Pub_REQ ⊕ Nonce_REQPub using the hash algorithm agreed with AS-AAC, and compares it with the receiving The received MIC_{AS_AAC} is compared, if it is the same, the MIC_{AS_AAC} verification passes, if it is different, the MIC_{AS_AAC} verification fails;

(3)、利用消息加密密钥计算生成EncData_AAC；(3), utilize message encryption key to calculate and generate EncData_AAC ;

(4)、计算生成MacTag_AAC。(4), calculate and generate MacTag_AAC .

S410、AAC向REQ发送第三鉴别响应消息AACAuth。S410. AAC sends a third authentication response message AACAuth to REQ.

所述AACAuth中包括Nonce_AAC、Nonce_REQ、EncData_AAC和MacTag_AAC。其中，Nonce_REQ和Nonce_AAC为可选字段，且应分别等于REQInit中Nonce_REQ、AAC生成的Nonce_AAC。EncData_AAC的加密数据包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、Sig_{AS_AAC1}、Nonce_AACPub和ID_AAC，其中，ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、Sig_{AS_AAC1}来源于ASVeri；MacTag_AAC的计算过程如图3实施例中相关描述。The AACAuth includes Nonce_AAC , Nonce_REQ , EncData_AAC and MacTag_AAC . Among them, Nonce_REQ and Nonce_AAC are optional fields, and should be equal to Nonce_REQ and Nonce_AAC generated by AAC in REQInit respectively. The encrypted data of EncData_AAC includes ID_REQ ⊕Nonce_REQID , Nonce_REQ , Pub_AAC ⊕Nonce_AACPub , Sig_{AS_AAC1} , Nonce_AACPub and ID_AAC , where ID_REQ ⊕Nonce_REQID , Nonce_REQ , Pub_AAC ⊕Nonce_AACPub , Sig_{AS_AAC1} source The calculation process of_AAC in ASVeri; MacTag is described in the embodiment of FIG. 3 .

S411、REQ接收到AACAuth后，执行下述操作，包括：S411. After receiving the AACAuth, REQ performs the following operations, including:

(1)、若AACAuth中存在Nonce_REQ和/或Nonce_AAC，则检查Nonce_REQ是否与REQ生成的Nonce_REQ相同，和/或，检查Nonce_AAC是否与AACInit中的Nonce_AAC相同；(1) If there is Nonce_REQ and/or Nonce_AAC in AACAuth, check whether the Nonce_REQ is the same as the Nonce_REQ generated by REQ, and/or, check whether the Nonce_AAC is the same as the Nonce_AAC in AACInit;

(2)、验证MacTag_AAC；验证过程如图3实施例中相关描述；(2), verify MacTag_AAC ; The verification process is described in relation to the embodiment as shown in Figure 3;

(3)、利用消息加密密钥解密EncData_AAC得到ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、Sig_{AS_AAC1}、Nonce_AACPub和ID_AAC；(3), decrypt EncData_AAC with message encryption key to obtain ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC ⊕ Nonce_AACPub , Sig_{AS_AAC1} , Nonce_AACPub and ID_AAC ;

(4)、利用Nonce_REQID对ID_REQ⊕Nonce_REQID进行异或运算恢复ID_REQ，利用Nonce_AACPub对Pub_AAC⊕Nonce_AACPub进行异或运算恢复Pub_AAC；(4), utilize Nonce_REQID to carry out XOR operation to ID_REQ ⊕ Nonce_REQID to restore ID_REQ , and utilize Nonce_AACPub to carry out XOR operation to Pub_AAC ⊕ Nonce_AACPub to restore Pub_AAC ;

(5)、检查ID_REQ、Nonce_REQ是否分别与REQ自身的身份标识ID_REQ、REQ生成的Nonce_REQ是否相同；(5), check whether ID_REQ and Nonce_REQ are the same as the Nonce_REQ generated by REQ's own identity ID_REQ and REQ respectively;

(6)、检查Pub_AAC中的ID_AAC是否与解密得到的ID_AAC一致；(6), check whether the ID_AAC in the Pub_AAC is consistent with the ID_AAC obtained by decryption;

(7)、利用AS-AAC的公钥验证Sig_{AS_AAC1}；(7), utilize the public key of AS-AAC to verify Sig_{AS_AAC1} ;

(8)、若上述检查与验证中任一步不通过，则立即丢弃AACAuth；若上述检查和验证均通过后，根据Pub_AAC中的Res_AAC确定AAC的身份鉴别结果；若确定AAC为不合法，则结束本次鉴别过程；(8) If any one of the above checks and verifications fails, discard AACAuth immediately; if the above checks and verifications pass, determine the identity authentication result of AAC according to Res_AAC in Pub_AAC ; if it is determined that AAC is illegal, then end the identification process;

(9)、利用消息加密密钥计算生成EncData_REQ；(9), utilize message encryption key to calculate and generate EncData_REQ ;

(10)、计算生成MacTag_REQ。(10), calculate and generate MacTag_REQ .

S412、REQ向AAC发送第四鉴别响应消息REQAuth。S412. REQ sends a fourth authentication response message REQAuth to the AAC.

所述REQAuth中包括Nonce_AAC、Nonce_REQ、EncData_REQ和MacTag_REQ。其中，Nonce_REQ和Nonce_AAC为可选字段，且应分别等于REQ生成的Nonce_REQ、AACInit中的Nonce_AAC。EncData_REQ的加密数据包括Nonce_REQPub。MacTag_REQ的计算过程如图3实施例中相关描述。The REQAuth includes Nonce_AAC , Nonce_REQ , EncData_REQ and MacTag_REQ . Among them, Nonce_REQ and Nonce_AAC are optional fields, and should be equal to Nonce_REQ generated by REQ and Nonce_AAC in AACInit respectively. EncData_REQ 's encrypted data includes Nonce_REQPub . The calculation process of the MacTag_REQ is described in relation to the embodiment in FIG. 3 .

S413、AAC接收到REQAuth后，执行下述操作，包括：S413. After receiving REQAuth, AAC performs the following operations, including:

(1)、若REQAuth中携带Nonce_AAC和/或Nonce_REQ，则检查Nonce_AAC和AAC生成的Nonce_AAC是否相同，和/或，检查Nonce_REQ是否与REQInit中的Nonce_REQ相同；(1) If REQAuth carries Nonce_AAC and/or Nonce_REQ , check whether Nonce_AAC and Nonce AAC generated by_AAC are the same, and/or, check whether Nonce_REQ is the same as Nonce_REQ in REQInit;

(2)、验证MacTag_REQ；验证过程如图3实施例中相关描述；(2), verify MacTag_REQ ; The verification process is described in relation to the embodiment as shown in Figure 3;

(3)、利用消息加密密钥解密EncData_REQ得到Nonce_REQPub；(3), utilize message encryption key to decrypt EncData_REQ to obtain Nonce_REQPub ;

(4)、利用Nonce_REQPub对Pub_REQ⊕Nonce_REQPub进行异或运算恢复Pub_REQ；(4), utilize Nonce_REQPub to carry out XOR operation to Pub_REQ ⊕ Nonce_REQPub to restore Pub_REQ ;

(5)、利用Pub_REQ中的Cert_REQ验证Sig_REQ；(5), utilize the Cert_REQ in the Pub_REQ to verify the Sig_REQ ;

(6)、上述检查及验证均通过，则根据Pub_REQ中的Res_REQ确定REQ的身份鉴别结果；上述检查与验证中任一步不通过，则立即丢弃REQAuth。(6) If the above checks and verifications are all passed, the identity authentication result of REQ is determined according to the Res_REQ in the Pub_REQ ; if any step of the above checks and verifications fails, REQAuth is immediately discarded.

由此，在S411和S413分别实现对AAC和对REQ的身份鉴别，即实现REQ和AAC的双向身份鉴别，并且REQ的身份标识ID_REQ、数字证书Cert_REQ、鉴别结果及AAC的身份标识ID_AAC、鉴别结果等全程以密文形式传输，实现REQ和AAC的身份保护。Thus, at S411 and S413, the identification of AAC and REQ is realized respectively, that is, the two-way identification of REQ and AAC is realized, and the identification ID_REQ of REQ, the digital certificate Cert_REQ , the identification result and the identification ID_AAC of AAC are realized. , authentication results, etc. are transmitted in cipher text throughout the process to realize the identity protection of REQ and AAC.

需要说明的是，S413中验证Sig_REQ的操作也可以改为在S407中先行执行，其中，Sig_REQ可以通过S406的AACVeri传递至AS-AAC，则在S407中，AS-AAC还需要验证Sig_REQ，验证通过后再执行后续操作；此情形下，在S413中AAC不再验证Sig_REQ，此时Pub_REQ中可以不包括Cert_REQ。It should be noted that the operation of verifying Sig_REQ in S413 can also be changed to be performed first in S407, where Sig_REQ can be passed to AS-AAC through AACVeri of S406, then in S407, AS-AAC also needs to verify Sig_REQ , and then perform subsequent operations after the verification is passed; in this case, the AAC no longer verifies the Sig_REQ in S413 , and the Pub_REQ may not include the Cert_REQ in this case.

参见图5，为上述(三)情况下一种身份鉴别方法的实施例，在该实施例中，REQ和AAC之间的消息加密密钥协商过程被并行地融合到了身份鉴别过程中，更便于工程实施。该身份鉴别方法包括：Referring to FIG. 5, it is an embodiment of an identity authentication method under the above (3) situation. In this embodiment, the message encryption key negotiation process between REQ and AAC is merged into the identity authentication process in parallel, which is more convenient Project implementation. The identification method includes:

S501、AAC生成Nonce_AAC和KeyInfo_AAC，根据需要生成Security capabilities_AAC。S501, AAC generates Nonce_AAC and KeyInfo_AAC , and generates Security capabilities_AAC as required.

S502、AAC向REQ发送密钥请求消息AACInit。S502. The AAC sends a key request message AACInit to the REQ.

所述AACInit中包括Nonce_AAC、KeyInfo_AAC、Security capabilities_AAC和ID_{AS_AAC}。其中，Security capabilities_AAC和ID_{AS_AAC}为可选字段，且ID_{AS_AAC}表示AAC信任的至少一个鉴别服务器的身份标识，用于使得REQ根据ID_{AS_AAC}确定是否存在共同信任的鉴别服务器(下文同)。The AACInit includes Nonce_AAC , KeyInfo_AAC , Security capabilities_AAC and ID_{AS_AAC} . Among them, Security capabilities_AAC and ID_{AS_AAC} are optional fields, and ID_{AS_AAC} represents the identity of at least one authentication server trusted by AAC, which is used to make REQ determine whether there is a mutually trusted authentication server (the same below) according to ID_{AS_AAC} .

S503、REQ接收到AACInit后，执行下述操作，包括：S503. After receiving the AACInit, the REQ performs the following operations, including:

(1)、生成Nonce_REQ、Nonce_REQID、Nonce_REQPub和KeyInfo_REQ；(1), generate Nonce_REQ , Nonce_REQID , Nonce_REQPub and KeyInfo_REQ ;

(2)、根据需要生成ID_{AS_REQ}和Security capabilities_REQ；(2), generate ID_{AS_REQ} and Security capabilities_REQ as needed;

(3)、根据包括KeyInfo_REQ对应的临时私钥和KeyInfo_AAC所包括的临时公钥进行密钥交换计算生成第一密钥K1，将K1结合Nonce_AAC、Nonce_REQ及其他信息(REQ和AAC采用的其他信息是相同的且可选的，譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥；当然，本步骤也可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行。(3), according to including the temporary private key corresponding to KeyInfo_REQ and the temporary public key included in KeyInfo_AAC , perform key exchange calculation to generate the first key K1, combine K1 with Nonce_AAC , Nonce_REQ and other information (REQ and AAC adopt other information is the same and optional, such as specific strings, etc.) use the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; of course, this step can also be moved to Execute when the message encryption key and message integrity check key need to be used later.

(4)、利用加密证书的公钥计算生成EncPub_{AS_REQ}；(4), utilize the public key calculation of encryption certificate to generate EncPub_{AS_REQ} ;

(5)、计算REQ的数字签名Sig_REQ。(5), calculate the digital signature Sig REQ of_REQ .

S504、REQ向AAC发送身份密文消息REQInit。S504, REQ sends an identity ciphertext message REQInit to the AAC.

所述REQInit中包括Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、ID_{AS_REQ}、EncPub_{AS_REQ}及Sig_REQ。其中，Nonce_AAC应等于AACInit中的相应字段；Sig_REQ的签名数据包括REQInit中Sig_REQ之前的其他字段，例如包括Nonce_AAC、Nonce_REQ、Securitycapabilities_REQ、KeyInfo_REQ、ID_{AS_REQ}及EncPub_{AS_REQ}；EncPub_{AS_REQ}的加密数据包括ID_REQ、Cert_REQ、Nonce_REQID和Nonce_REQPub。Security capabilities_REQ和ID_{AS_REQ}为可选字段，且ID_{AS_REQ}表示REQ信任的至少一个鉴别服务器的身份标识，当AACInit中存在ID_{AS_AAC}时，REQ尽量从其信任的鉴别服务器中选择至少一个与ID_{AS_AAC}中相同的鉴别服务器作为ID_{AS_REQ}，若选择失败，则将自身信任的至少一个鉴别服务器作为ID_{AS_REQ}；当AACInit中不存在ID_{AS_AAC}时，REQ将自身信任的至少一个鉴别服务器作为ID_{AS_REQ}(下文同)。The REQInit includes Nonce_AAC , Nonce_REQ , Security capabilities_REQ , KeyInfo_REQ , ID_{AS_REQ} , EncPub_{AS_REQ} and Sig_REQ . Among them, Nonce_AAC should be equal to the corresponding field in AACInit; the signature data of Sig_REQ includes other fields before Sig_REQ in REQInit, for example including Nonce_AAC , Nonce_REQ , Securitycapabilities_REQ , KeyInfo_REQ , ID_{AS_REQ} and EncPub_{AS_REQ} ; EncPub_{AS_REQ} 's The encrypted data includes ID_REQ , Cert_REQ , Nonce_REQID and Nonce_REQPub . Security capabilities_REQ and ID_{AS_REQ} are optional fields, and ID_{AS_REQ} represents the identity of at least one authentication server trusted by REQ. When ID_{AS_AAC} exists in AACInit, REQ tries to select at least one authentication server from its trusted authentication servers with ID_{AS_AAC} The same authentication server is used as ID_{AS_REQ} . If the selection fails, at least one authentication server trusted by itself is used as ID_{AS_REQ} ; when ID_{AS_AAC} does not exist in AACInit, REQ uses at least one authentication server trusted by itself as ID_{AS_REQ} (the same below) .

S505、AAC接收到REQInit后，执行下述操作，包括：S505. After receiving REQInit, the AAC performs the following operations, including:

(1)、检查REQInit中的Nonce_AAC与AAC生成的Nonce_AAC是否一致，若不一致，则丢弃REQInit；(1) Check whether the Nonce_AAC in REQInit is consistent with the Nonce AAC generated by_AAC , if not, discard REQInit;

(2)、根据包括所述KeyInfo_AAC对应的临时私钥和所述KeyInfo_REQ所包括的临时公钥进行密钥交换计算生成第一密钥K1，将K1结合Nonce_AAC、Nonce_REQ及其他信息(AAC和REQ采用的其他信息是相同的且可选的，譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥；(2), according to including the temporary private key corresponding to the KeyInfo_AAC and the temporary public key included in the KeyInfo_REQ , perform key exchange calculation to generate the first key K1, combine K1 with Nonce_AAC , Nonce_REQ and other information ( Other information used by AAC and REQ is the same and optional, such as a specific character string, etc.) using the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key;

(3)、计算生成MIC_AAC；(3), calculate and generate MIC_AAC ;

(4)、若REQInit中携带ID_{AS_REQ}且AACInit中携带ID_{AS_AAC}，则AAC判断ID_{AS_REQ}和ID_{AS_AAC}是否存在至少一个相同的鉴别服务器的身份标识，若存在，即为非漫游情况，AAC从上述至少一个REQ和AAC共同信任的鉴别服务器的身份标识中，确定参与身份鉴别的第一鉴别服务器；若不存在，则为漫游情况，AAC需要根据ID_{AS_AAC}确定参与身份鉴别的第一鉴别服务器AS-AAC，并将ID_{AS_REQ}发送给AS-AAC，以便AS-AAC根据ID_{AS_REQ}确定第二鉴别服务器AS-REQ；或者，(4) If the ID_{AS_REQ} is carried in REQInit and the ID AS_AAC is carried in_AACInit , then AAC judges whether ID_{AS_REQ} and ID_{AS_AAC} have at least one identical identification server identity. In the identity of an authentication server trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication server AS-AAC participating in identity authentication according to ID_{AS_AAC} , and send the ID_{AS_REQ} to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID_{AS_REQ} ; or,

若REQInit中携带ID_{AS_REQ}但AACInit中不携带ID_{AS_AAC}，则AAC判断ID_{AS_REQ}和AAC所信任的鉴别服务器是否存在至少一个相同的鉴别服务器的身份标识，若存在，即为非漫游情况，AAC从上述至少一个REQ和AAC共同信任的鉴别服务器的身份标识中，确定参与身份鉴别的第一鉴别服务器；若不存在，则为漫游情况，AAC需要根据自身信任的鉴别服务器确定参与身份鉴别的第一鉴别服务器AS-AAC，并将ID_{AS_REQ}发送给AS-AAC，以便AS-AAC根据ID_{AS_REQ}确定第二鉴别服务器AS-REQ；If the ID_{AS_REQ} is carried in REQInit but the ID AS_AAC is not carried in_AACInit , the AAC determines whether the ID_{AS_REQ} and the authentication server trusted by the AAC have at least one identical ID of the authentication server. If so, it is a non-roaming situation. In the identity identifier of at least one authentication server trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication participating in identity authentication according to the authentication server trusted by itself. The server AS-AAC sends the ID_{AS_REQ} to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID_{AS_REQ} ;

需要说明的是，此实施例判断出的结果应为漫游情况。It should be noted that the result determined in this embodiment should be a roaming situation.

S506、AAC向AS-AAC发送第一鉴别请求消息AACVeri。S506. The AAC sends the first authentication request message AACVeri to the AS-AAC.

所述AACVeri中包括Nonce_AAC、Nonce_REQ、ID_{AS_REQ}、EncPub_{AS_REQ}、ID_AAC及MIC_AAC。其中，ID_{AS_REQ}为可选字段；MIC_AAC是AAC利用与AS-AAC的预共享密钥K_{AAC_AS}，采用与AS-AAC约定的杂凑算法对AACVeri中MIC_AAC之前的其他字段在内的信息计算得到的杂凑值。The AACVeri includes Nonce_AAC , Nonce_REQ , ID_{AS_REQ} , EncPub_{AS_REQ} , ID_AAC and MIC_AAC . Among them, ID_{AS_REQ} is an optional field; MIC_AAC is calculated by AAC using the pre-shared key K_{AAC_AS} with AS-AAC and using the hash algorithm agreed with AS-AAC to calculate the information including other fields before MIC_AAC in AACVeri hash value of .

S507、AS-AAC接收到AACVeri后，执行下述操作，包括：S507. After receiving the AACVeri, AS-AAC performs the following operations, including:

(1)、验证MIC_AAC得到Res_AAC，根据包括Res_AAC和ID_AAC在内的信息生成Pub_AAC；验证MIC_AAC的过程参见图3实施例中相关内容；(1), verify MIC_AAC and obtain Res_AAC , generate Pub_AAC according to the information including Res_AAC and ID_AAC ; The process of verifying MIC_AAC refers to relevant content in the embodiment of Fig. 3;

(2)、若AACVeri中存在ID_{AS_REQ}，则AS-AAC根据ID_{AS_REQ}确定第二鉴别服务器AS-REQ；若不存在，则表示AS-AAC已确知AS-REQ；(2), if there is ID_{AS_REQ} in AACVeri, then AS-AAC determines the second authentication server AS-REQ according to ID_{AS_REQ} ; if it does not exist, it means that AS-AAC has confirmed AS-REQ;

(3)、计算生成第二数字签名Sig_{AS_AAC2}。(3), calculate and generate the second digital signature Sig_{AS_AAC2} .

S508、AS-AAC向AS-REQ发送第二鉴别请求消息AS-AACVeri。S508, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.

所述AS-AACVeri中包括Nonce_AAC、Nonce_REQ、EncPub_{AS_REQ}、ID_AAC、Pub_AAC和Sig_{AS_AAC2}。其中，Nonce_AAC、Nonce_REQ、EncPub_{AS_REQ}、ID_AAC应分别等于AACVeri中的相应字段；Sig_{AS_AAC2}的签名数据包括AS-AACVeri中Sig_{AS_AAC2}之前的其他字段。The AS-AACVeri includes Nonce_AAC , Nonce_REQ , EncPub_{AS_REQ} , ID_AAC , Pub_AAC and Sig_{AS_AAC2} . Among them, Nonce_AAC , Nonce_REQ , EncPub_{AS_REQ} , and ID_AAC should be respectively equal to the corresponding fields in AACVeri; the signature data of Sig_{AS_AAC2} includes other fields before Sig_{AS_AAC2} in AS-AACVeri.

S509、AS-REQ接收到AS-AACVeri后，利用AS-AAC的公钥验证Sig_{AS_AAC2}。S509, after AS-REQ receives AS-AACVeri, it uses the public key of AS-AAC to verify Sig_{AS_AAC2} .

若验证通过，则执行S510。If the verification is passed, execute S510.

S510、AS-REQ向CS-DEC发送第一解密请求消息AS-REQReq。S510. The AS-REQ sends the first decryption request message AS-REQReq to the CS-DEC.

所述AS-REQReq中包括EncPub_{AS_REQ}。The AS-REQReq includes EncPub_{AS_REQ} .

S511、CS-DEC利用加密证书对应的私钥解密EncPub_{AS_REQ}得到ID_REQ、Cert_REQ、Nonce_REQID和Nonce_REQPub。S511 , CS-DEC decrypts EncPub_{AS_REQ} by using the private key corresponding to the encrypted certificate to obtain ID_REQ , Cert_REQ , Nonce_REQID and Nonce_REQPub .

S512、CS-DEC向AS-REQ发送第一解密响应消息CS-DECRep。S512. The CS-DEC sends the first decryption response message CS-DECRep to the AS-REQ.

所述CS-DECRep中包括ID_REQ、Cert_REQ、Nonce_REQID和Nonce_REQPub。The CS-DECRep includes ID_REQ , Cert_REQ , Nonce_REQID and Nonce_REQPub .

S513、AS-REQ接收到CS-DECRep后，执行下述操作，包括：S513. After receiving the CS-DECRep, the AS-REQ performs the following operations, including:

(1)、验证Cert_REQ的合法性得到Res_REQ，根据包括Res_REQ和Cert_REQ在内的信息生成Pub_REQ；(1), verify the legitimacy of Cert_REQ to obtain Res_REQ , and generate Pub_REQ according to the information including Res_REQ and Cert_REQ ;

(2)、利用Nonce_REQID对ID_REQ进行异或运算得到ID_REQ⊕Nonce_REQID，利用Nonce_REQPub对Pub_REQ进行异或运算得到Pub_REQ⊕Nonce_REQPub；(2), utilize Nonce_REQID to carry out XOR operation to ID_REQ to obtain ID_REQ ⊕Nonce_REQID , utilize Nonce_REQPub to carry out XOR operation to Pub_REQ to obtain Pub_REQ ⊕Nonce_REQPub ;

(3)、计算第一数字签名Sig_{AS_REQ1}和第三数字签名Sig_{AS_REQ3}。(3) Calculate the first digital signature Sig_{AS_REQ1} and the third digital signature Sig_{AS_REQ3} .

S514、AS-REQ向AS-AAC发送第二鉴别响应消息AS-REQVeri。S514. The AS-REQ sends the second authentication response message AS-REQVeri to the AS-AAC.

所述AS-REQVeri中包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC、Sig_{AS_REQ1}、ID_AAC、Nonce_AAC、Pub_REQ⊕Nonce_REQPub和Sig_{AS_REQ3}。其中，ID_REQ、Nonce_REQID和Nonce_REQPub应分别等于CS-DECRep中的相应字段；Sig_{AS_REQ1}的签名数据包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC；Sig_{AS_REQ3}的签名数据包括ID_AAC、Nonce_AAC、Pub_REQ⊕Nonce_REQPub。The AS-REQVeri includes ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC , Sig_{AS_REQ1} , ID_AAC , Nonce_AAC , Pub_REQ ⊕ Nonce_REQPub and Sig_{AS_REQ3} . Among them, ID_REQ , Nonce_REQID and Nonce_REQPub should be respectively equal to the corresponding fields in CS-DECRep; the signature data of Sig_{AS_REQ1} includes ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC ; the signature data of Sig_{AS_REQ3} includes ID_AAC , Nonce_AAC , Pub_REQ ⊕_{Nonce REQPub} .

S515、AS-AAC接收到AS-REQVeri后，执行下述操作，包括：S515. After the AS-AAC receives the AS-REQVeri, it performs the following operations, including:

(1)、利用AS-REQ的公钥验证Sig_{AS_REQ3}，若验证不通过，则丢弃AS-REQVeri；(1), use the public key of AS-REQ to verify Sig_{AS_REQ3} , if the verification fails, discard AS-REQVeri;

(2)、计算AS-AAC的第一消息鉴别码MIC_{AS_AAC}。(2) Calculate the first message authentication code MIC_{AS_AAC} of the AS-AAC.

S516、AS-AAC向AAC发送第一鉴别响应消息ASVeri。S516. The AS-AAC sends the first authentication response message ASVeri to the AAC.

所述ASVeri中包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC、Sig_{AS_REQ1}、ID_AAC、Nonce_AAC、Pub_REQ⊕Nonce_REQPub和MIC_{AS_AAC}。其中，ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC、Sig_{AS_REQ1}、ID_AAC、Nonce_AAC、Pub_REQ⊕Nonce_REQPub应分别等于AS-REQVeri中的相应字段；MIC_{AS_AAC}是AS-AAC利用所述K_{AAC_AS}，采用与AAC约定的杂凑算法对包括ID_AAC、Nonce_AAC和Pub_REQ⊕Nonce_REQPub在内的信息计算的杂凑值。The ASVeri includes ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC , Sig_{AS_REQ1} , ID_AAC , Nonce_AAC , Pub_REQ ⊕ Nonce_REQPub and MIC_{AS_AAC} . Among them, ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC , Sig_{AS_REQ1} , ID_AAC , Nonce_AAC , Pub_REQ ⊕ Nonce_REQPub should be respectively equal to the corresponding fields in AS-REQVeri; MIC_{AS_AAC} is AS-AAC using the K_{AAC_AS} , the hash value calculated for information including ID_AAC , Nonce_AAC and Pub_REQ ⊕ Nonce_REQPub using the hash algorithm agreed with AAC.

S517、AAC接收到ASVeri后，执行下述操作，包括：S517. After AAC receives ASVeri, it performs the following operations, including:

(1)、检查ASVeri中的ID_AAC、Nonce_AAC是否分别AAC自身的身份标识ID_AAC、AAC生成的Nonce_AAC相同；若不同，则丢弃ASVeri；(1), check whether the ID AAC and Nonce_AAC in the AVSeri are the same as the ID_AAC and the Nonce_AAC generated by the AAC's own identification ID_AAC , respectively; if they are different, discard the ASVeri;

(2)、验证MIC_{AS_AAC}，若验证不通过，则丢弃ASVeri；验证过程参见图3实施例的相关内容；(2), verify the MIC_{AS_AAC} , if the verification fails, then discard ASVeri; the verification process refers to the relevant content of the embodiment of FIG. 3;

(3)、利用消息加密密钥计算EncData_AAC；计算MacTag_AAC。(3), utilize the message encryption key to calculate EncData_AAC ; calculate MacTag_AAC .

S518、AAC向REQ发送第三鉴别响应消息AACAuth。S518, AAC sends a third authentication response message AACAuth to REQ.

所述AACAuth中包括Nonce_AAC、Nonce_REQ、EncData_AAC和MacTag_AAC。其中，Nonce_REQ、Nonce_AAC为可选字段，应分别等于REQInit中的Nonce_REQ、AAC生成的Nonce_AAC；EncData_AAC是AAC利用消息加密密钥，采用对称加密算法对包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC、Sig_{AS_REQ1}和ID_AAC在内的加密数据加密生成的；MacTag_AAC的计算过程参见图3实施例的相关内容。The AACAuth includes Nonce_AAC , Nonce_REQ , EncData_AAC and MacTag_AAC . Among them, Nonce_REQ and Nonce_AAC are optional fields, which should be equal to Nonce_REQ and Nonce_AAC generated by AAC in REQInit respectively; EncData_AAC is that AAC uses a message encryption key, and adopts a symmetric encryption algorithm to include ID_REQ ⊕ Nonce_REQID , Nonce The encrypted data including_REQ , Pub_AAC , Sig_{AS_REQ1} and ID_AAC are encrypted and generated; for the calculation process of MacTag_AAC , refer to the related content of the embodiment in FIG. 3 .

S519、REQ接收到AACAuth后，执行下述操作，包括：S519. After receiving the AACAuth, REQ performs the following operations, including:

(1)、若AACAuth中存在Nonce_REQ和/或Nonce_AAC，则检查Nonce_REQ是否与REQ生成的Nonce_REQ相同，和/或，检查Nonce_AAC是否与AACInit中的Nonce_AAC相同；(1) If there is Nonce_REQ and/or Nonce_AAC in AACAuth, check whether the Nonce_REQ is the same as the Nonce_REQ generated by REQ, and/or, check whether the Nonce_AAC is the same as the Nonce_AAC in AACInit;

(2)、验证MacTag_AAC；验证过程参见图3实施例的相关内容；(2), verify MacTag_AAC ; Verification process is referring to the relevant content of the embodiment of Fig. 3;

(3)、利用消息加密密钥解密EncData_AAC得到ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC、Sig_{AS_REQ1}和ID_AAC；(3), utilize message encryption key to decrypt EncData_AAC to obtain ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC , Sig_{AS_REQ1} and ID_AAC ;

(4)、利用Nonce_REQID对ID_REQ⊕Nonce_REQID进行异或运算恢复ID_REQ；(4), utilize Nonce_REQID to carry out XOR operation to ID_REQ ⊕ Nonce_REQID to restore ID_REQ ;

(5)、检查ID_REQ、Nonce_REQ是否分别与REQ自身的身份标识ID_REQ、REQ生成的Nonce_REQ相同；(5), check whether ID_REQ and Nonce_REQ are the same as the Nonce_REQ generated by REQ's own identity ID_REQ and REQ respectively;

(6)、检查解密得到的ID_AAC和Pub_AAC中的ID_AAC是否一致；(6), check whether the ID AAC in the decrypted ID_AAC and the ID_AAC in the Pub_AAC are consistent;

(7)、利用AS-REQ的公钥验证Sig_{S_REQ1}；(7), utilize the public key of AS-REQ to verify Sig_{S_REQ1} ;

(8)、若上述检查与验证中任一步不通过，则立即丢弃AACAuth；若上述检查和验证均通过后，根据Pub_AAC中的Res_AAC确定AAC的身份鉴别结果；若AAC为不合法，则结束本次鉴别过程；(8) If any one of the above checks and verifications fails, discard AACAuth immediately; if the above checks and verifications pass, determine the identity authentication result of AAC according to Res_AAC in Pub_AAC ; if AAC is illegal, then end the identification process;

(9)、利用消息加密密钥计算EncData_REQ；(9), utilize message encryption key to calculate EncData_REQ ;

(10)、计算MacTag_REQ。(10), calculate MacTag_REQ .

S520、REQ向AAC发送第四鉴别响应消息REQAuth。S520. REQ sends a fourth authentication response message REQAuth to the AAC.

所述REQAuth中包括Nonce_AAC、Nonce_REQ、EncData_REQ和MacTag_REQ。其中，Nonce_REQ和Nonce_AAC为可选字段，应分别等于REQ生成的Nonce_REQ和AACInit中的Nonce_AAC；EncData_REQ的加密数据包括Nonce_REQPub；MacTag_REQ的计算过程参见图3实施例的相关内容。The REQAuth includes Nonce_AAC , Nonce_REQ , EncData_REQ and MacTag_REQ . Wherein, Nonce_REQ and Nonce_AAC are optional fields, should be equal to the Nonce_AAC in the Nonce_REQ and AACInit that REQ generates respectively; The encrypted data of EncData_REQ includes Nonce_REQPub ; The calculation process of MacTag_REQ refers to the relevant content of the embodiment of Fig. 3.

S521、AAC接收到REQAuth后执行下述操作，包括：S521. After receiving REQAuth, AAC performs the following operations, including:

(1)、若REQAuth中存在Nonce_AAC和/或Nonce_REQ，则检查Nonce_AAC是否与AAC生成的Nonce_AAC相同，和/或，检查Nonce_REQ是否与REQInit中的Nonce_REQ相同；(1) If there is Nonce_AAC and/or Nonce_REQ in REQAuth, check whether the Nonce_AAC is the same as the Nonce_AAC generated by AAC, and/or, check whether the Nonce_REQ is the same as the Nonce_REQ in REQInit;

(2)、验证MacTag_REQ；验证过程参见图3实施例的相关内容；(2), verify MacTag_REQ ; Verification process is referring to the relevant content of the embodiment of Fig. 3;

(3)、利用消息加密密钥解密EncData_REQ得到Nonce_REQPub；(3), utilize message encryption key to decrypt EncData_REQ to obtain Nonce_REQPub ;

(4)、利用Nonce_REQPub对Pub_REQ⊕Nonce_REQPub进行异或运算恢复Pub_REQ；(4), utilize Nonce_REQPub to carry out XOR operation to Pub_REQ ⊕ Nonce_REQPub to restore Pub_REQ ;

(5)、利用Pub_REQ中的Cert_REQ验证Sig_REQ；(5), utilize the Cert_REQ in the Pub_REQ to verify the Sig_REQ ;

(6)、上述检查及验证均通过，则根据Pub_REQ中的Res_REQ确定REQ的身份鉴别结果；上述检查与验证中任一步不通过，则立即丢弃REQAuth。(6) If the above checks and verifications are all passed, the identity authentication result of REQ is determined according to the Res_REQ in the Pub_REQ ; if any step of the above checks and verifications fails, REQAuth is immediately discarded.

由此，在S519和S521分别实现漫游情况下对AAC和对REQ的身份鉴别，即实现REQ和AAC的双向身份鉴别，并且REQ的鉴别结果全程以密文传输，实现REQ的身份保护。Therefore, in S519 and S521, the identity authentication of the AAC and the REQ is realized respectively in the case of roaming, that is, the bidirectional identity authentication of the REQ and the AAC is realized, and the authentication result of the REQ is transmitted in cipher text throughout the whole process to realize the identity protection of the REQ.

需要说明的是，(1)、S521中验证Sig_REQ的操作也可以改为在S513中先行执行，其中，Sig_REQ可以通过S506的AACVeri及S508的AS-AACVeri传递至AS-REQ，则在S513中，AS-REQ还要利用Cert_REQ验证Sig_REQ，验证通过后再执行后续操作。此情形下，在S521中AAC不再验证Sig_REQ，此时Pub_REQ中可以不包括Cert_REQ。(2)、S507、S508中的第二数字签名Sig_{AS_AAC2}可以替换为第二消息鉴别码MIC_{AS_AAC2}，其中，MIC_{AS_AAC2}是AS-AAC利用与AS-REQ的预共享密钥，采用与AS-REQ约定的杂凑算法对包括AS-AACVeri中MIC_{AS_AAC2}之前的其他字段计算的杂凑值；则S509中AS-REQ验证Sig_{AS_AAC2}替换为验证MIC_{AS_AAC2}。S513、S514中的第三数字签名Sig_{AS_REQ3}可以替换为第三消息鉴别码MIC_{AS_REQ3}，其中，MIC_{AS_REQ3}是AS-REQ利用与AS-AAC的预共享密钥，采用与AS-AAC约定的杂凑算法对包括AS-REQVeri中的ID_AAC、Nonce_AAC、Pub_REQ⊕Nonce_REQPub在内的字段计算的杂凑值；则S515中AS-AAC验证Sig_{AS_REQ3}替换为验证MIC_{AS_REQ3}。It should be noted that (1), the operation of verifying Sig_REQ in S521 can also be changed to be executed first in S513, wherein Sig_REQ can be passed to AS-REQ through AACVeri of S506 and AS-AACVeri of S508, then in S513 , AS-REQ also uses Cert_REQ to verify Sig_REQ , and then performs subsequent operations after the verification is passed. In this case, the AAC no longer verifies the Sig_REQ in S521, and the Cert_REQ may not be included in the Pub_REQ at this time. (2) The second digital signature Sig_{AS_AAC2} in S507 and S508 can be replaced with the second message authentication code MIC_{AS_AAC2} , wherein MIC_{AS_AAC2} is that AS-AAC utilizes the pre-shared key with AS-REQ, adopts the pre-shared key with AS-REQ The hash value calculated by the agreed hash algorithm for other fields including the MIC_{AS_AAC2} in the AS-AACVeri; then the AS-REQ verification Sig_{AS_AAC2} in S509 is replaced by the verification MIC_{AS_AAC2} . The third digital signature Sig_{AS_REQ3} in S513 and S514 can be replaced with the third message authentication code MIC_{AS_REQ3} , wherein MIC_{AS_REQ3} is the hash algorithm agreed with AS-AAC by AS-REQ using the pre-shared key with AS-AAC The hash value calculated for the fields including ID_AAC , Nonce_AAC , and Pub_REQ ⊕ Nonce_REQPub in AS-REQVeri; then in S515, the AS-AAC verification Sig_{AS_REQ3} is replaced by the verification MIC_{AS_REQ3} .

参见图6，为上述(四)情况下一种身份鉴别方法的实施例，在该实施例中，REQ和AAC之间的消息加密密钥协商过程被并行地融合到了身份鉴别过程中，更便于工程实施。该身份鉴别方法包括：Referring to FIG. 6, it is an embodiment of an identity authentication method in the above-mentioned (4) situation. In this embodiment, the message encryption key negotiation process between REQ and AAC is merged into the identity authentication process in parallel, which is more convenient Project implementation. The identification method includes:

S601、AAC生成Nonce_AAC和KeyInfo_AAC，根据需要生成Security capabilities_AAC。S601, AAC generates Nonce_AAC and KeyInfo_AAC , and generates Security capabilities_AAC as required.

S602、AAC向REQ发送密钥请求消息AACInit。S602. The AAC sends a key request message AACInit to the REQ.

所述AACInit中包括Nonce_AAC、KeyInfo_AAC、Security capabilities_AAC和ID_{AS_AAC}。其中，Security capabilities_AAC和ID_{AS_AAC}为可选字段。The AACInit includes Nonce_AAC , KeyInfo_AAC , Security capabilities_AAC and ID_{AS_AAC} . Among them, Security capabilities_AAC and ID_{AS_AAC} are optional fields.

S603、REQ接收到AACInit后，执行下述操作，包括：S603. After REQ receives AACInit, the following operations are performed, including:

(1)、生成Nonce_REQ、Nonce_REQID、Nonce_REQPub和KeyInfo_REQ；(1), generate Nonce_REQ , Nonce_REQID , Nonce_REQPub and KeyInfo_REQ ;

(2)、根据需要生成ID_{AS_REQ}和Security capabilities_REQ；(2), generate ID_{AS_REQ} and Security capabilities_REQ as needed;

(3)、根据包括KeyInfo_REQ对应的临时私钥和KeyInfo_AAC所包括的临时公钥进行密钥交换计算生成第一密钥K1，将K1结合Nonce_AAC、Nonce_REQ及其他信息(REQ和AAC采用的其他信息是相同的且可选的，譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥；当然，本步骤也可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行；(3), according to including the temporary private key corresponding to KeyInfo_REQ and the temporary public key included in KeyInfo_AAC , perform key exchange calculation to generate the first key K1, combine K1 with Nonce_AAC , Nonce_REQ and other information (REQ and AAC adopt other information is the same and optional, such as specific strings, etc.) use the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; of course, this step can also be moved to Execute when the message encryption key and message integrity check key need to be used later;

(4)、利用加密证书的公钥计算EncPub_{AS_REQ}；(4), utilize the public key of encryption certificate to calculate EncPub_{AS_REQ} ;

(5)、计算REQ的数字签名Sig_REQ。(5), calculate the digital signature Sig REQ of_REQ .

S604、REQ向AAC发送身份密文消息REQInit。S604. REQ sends an identity ciphertext message REQInit to the AAC.

所述REQInit中包括Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、ID_{AS_REQ}、EncPub_{AS_REQ}及Sig_REQ。其中，Nonce_AAC应等于AACInit中的相应字段；Securitycapabilities_REQ和ID_{AS_REQ}为可选字段；EncPub_{AS_REQ}的加密数据包括ID_REQ、Cert_REQ、Nonce_REQID和Nonce_REQPub；Sig_REQ的签名数据包括REQInit中Sig_REQ之前的其他字段，例如包括Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、ID_{AS_REQ}及EncPub_{AS_REQ}。The REQInit includes Nonce_AAC , Nonce_REQ , Security capabilities_REQ , KeyInfo_REQ , ID_{AS_REQ} , EncPub_{AS_REQ} and Sig_REQ . Wherein, Nonce_AAC should be equal to the corresponding field in AACInit; Securitycapabilities_REQ and ID_{AS_REQ} are optional fields; EncPub_{AS_REQ} encrypted data includes ID_REQ , Cert_REQ , Nonce_REQID and Nonce_REQPub ; Sig_REQ signature data includes Sig_REQ in REQInit Other fields before, for example, include Nonce_AAC , Nonce_REQ , Security capabilities_REQ , KeyInfo_REQ , ID_{AS_REQ} and EncPub_{AS_REQ} .

S605、AAC接收到REQInit后，执行下述操作，包括：S605. After receiving REQInit, the AAC performs the following operations, including:

(1)、检查REQInit中的Nonce_AAC与AAC生成的Nonce_AAC是否一致，若不一致，则丢弃REQInit；(1) Check whether the Nonce_AAC in REQInit is consistent with the Nonce AAC generated by_AAC , if not, discard REQInit;

(2)、根据包括所述KeyInfo_AAC对应的临时私钥和所述KeyInfo_REQ所包括的临时公钥进行密钥交换计算生成第一密钥K1，将K1结合Nonce_AAC、Nonce_REQ及其他信息(AAC和REQ采用的其他信息是相同的且可选的，譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥；(2), according to including the temporary private key corresponding to the KeyInfo_AAC and the temporary public key included in the KeyInfo_REQ , perform key exchange calculation to generate the first key K1, combine K1 with Nonce_AAC , Nonce_REQ and other information ( Other information used by AAC and REQ is the same and optional, such as a specific character string, etc.) using the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key;

(3)、利用加密证书的公钥计算EncPub_{AS_AAC}；(3), utilize the public key of encryption certificate to calculate EncPub_{AS_AAC} ;

(4)、计算生成MIC_AAC；(4), calculate and generate MIC_AAC ;

(5)、确定参与身份鉴别的AS-AAC的过程同图5实施例相关内容。(5) The process of determining the AS-AAC participating in the identity authentication is the same as the related content of the embodiment in FIG. 5 .

S606、AAC向AS-AAC发送第一鉴别请求消息AACVeri。S606. The AAC sends a first authentication request message AACVeri to the AS-AAC.

所述AACVeri中包括REQInit、EncPub_{AS_AAC}、Nonce_AAC和MIC_AAC。其中，EncPub_{AS_AAC}是AAC利用加密证书的公钥对包括ID_AAC、Nonce_AACID、Nonce_AACPub在内的信息加密生成的；MIC_AAC是AAC利用与AS-AAC的预共享密钥K_{AAC_AS}，采用与AS-AAC约定的杂凑算法对AACVeri中MIC_AAC之前的其他字段计算的杂凑值。The AACVeri includes REQInit, EncPub_{AS_AAC} , Nonce_AAC and MIC_AAC . Among them, EncPub_{AS_AAC} is generated by AAC using the public key of the encryption certificate to encrypt information including ID_AAC , Nonce_AACID , Nonce_AACPub ; MIC_AAC is AAC using the pre-shared key K_{AAC_AS} with AS-AAC, using the same AS-AAC pre-shared key K AAC_AS. - The hash value calculated by the hash algorithm of the AAC convention for other fields before the MIC_AAC in AACVeri.

S607、AS-AAC向CS-DEC发送第二解密请求消息AS-AACReq。S607. The AS-AAC sends the second decryption request message AS-AACReq to the CS-DEC.

所述AS-AACReq中包括EncPub_{AS_AAC}。The AS-AACReq includes EncPub_{AS_AAC} .

S608、CS-DEC利用加密证书对应的私钥解密EncPub_{AS_AAC}得到ID_AAC、Nonce_AACPub和Nonce_AACID。S608 , CS-DEC decrypts EncPub_{AS_AAC} by using the private key corresponding to the encryption certificate to obtain ID_AAC , Nonce_AACPub and Nonce_AACID .

S609、CS-DEC向AS-AAC发送第二解密响应消息CS-DECRep。S609. The CS-DEC sends the second decryption response message CS-DECRep to the AS-AAC.

所述CS-DECRep中包括ID_AAC、Nonce_AACPub和Nonce_AACID。The CS-DECRep includes ID_AAC , Nonce_AACPub and Nonce_AACID .

S610、AS-AAC接收到CS-DECRep后，执行下述操作，包括：S610. After receiving the CS-DECRep, the AS-AAC performs the following operations, including:

(1)、验证MIC_AAC得到Res_AAC，根据包括Res_AAC和ID_AAC在内的信息生成Pub_AAC；验证过程参见图4实施例中相关内容；(1), verify MIC_AAC to obtain Res_AAC , generate Pub_AAC according to the information including Res_AAC and ID_AAC ; The verification process is referring to the relevant content in the embodiment of Fig. 4;

(2)、利用Nonce_AACID对ID_AAC进行异或运算得到ID_AAC⊕Nonce_AACID，利用Nonce_AACPub对Pub_AAC进行异或运算得到Pub_AAC⊕Nonce_AACPub，(2), use Nonce_AACID to perform XOR operation on ID_AAC to obtain ID_AAC ⊕Nonce_AACID , and use Nonce_AACPub to perform XOR operation on Pub_AAC to obtain Pub_AAC ⊕Nonce_AACPub ,

(3)、计算第二数字签名Sig_{AS_AAC2}。(3), calculate the second digital signature Sig_{AS_AAC2} .

S611、AS-AAC向AS-REQ发送第二鉴别请求消息AS-AACVeri。S611. AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.

所述AS-AACVeri中包括REQInit、ID_AAC⊕Nonce_AACID、Pub_AAC⊕Nonce_AACPub和Sig_{AS_AAC2}。其中，Sig_{AS_AAC2}的签名数据包括AS-AACVeri中Sig_{AS_AAC2}之前的其他字段。The AS-AACVeri includes REQInit, ID_AAC ⊕Nonce_AACID , Pub_AAC ⊕_{Nonce AACPub} and Sig_{AS_AAC2} . The signature data of Sig_{AS_AAC2} includes other fields before Sig_{AS_AAC2} in AS-AACVeri.

S612、AS-REQ接收到AS-AACVeri后，利用AS-AAC的公钥验证Sig_{AS_AAC2}。S612. After receiving the AS-AACVeri, the AS-REQ uses the public key of the AS-AAC to verify the Sig_{AS_AAC2} .

若验证通过，则执行S613。If the verification is passed, execute S613.

S613、AS-REQ向CS-DEC发送第一解密请求消息AS-REQReq。S613. The AS-REQ sends the first decryption request message AS-REQReq to the CS-DEC.

所述AS-REQReq中包括EncPub_{AS_REQ}。The AS-REQReq includes EncPub_{AS_REQ} .

S614、CS-DEC利用加密证书对应的私钥解密EncPub_{AS_REQ}得到ID_REQ、Cert_REQ、Nonce_REQID和Nonce_REQPub。S614, CS-DEC decrypts EncPub_{AS_REQ} by using the private key corresponding to the encrypted certificate to obtain ID_REQ , Cert_REQ , Nonce_REQID and Nonce_REQPub .

S615、CS-DEC向AS-REQ发送第一解密响应消息CS-DECRep。S615. The CS-DEC sends the first decryption response message CS-DECRep to the AS-REQ.

所述CS-DECRep中包括ID_REQ、Cert_REQ、Nonce_REQID和Nonce_REQPub。The CS-DECRep includes ID_REQ , Cert_REQ , Nonce_REQID and Nonce_REQPub .

S616、AS-REQ接收到CS-DECRep后，执行下述操作，包括：S616. After receiving the CS-DECRep, the AS-REQ performs the following operations, including:

(1)、利用Cert_REQ验证Sig_REQ，若验证不通过，则丢弃CS-DECRep；(1), use Cert_REQ to verify Sig_REQ , if the verification fails, then discard CS-DECRep;

(2)、验证Cert_REQ的合法性得到Res_REQ，根据包括Res_REQ在内的信息生成Pub_REQ；(2), verify the legitimacy of Cert_REQ to obtain Res_REQ , and generate Pub_{REQ according to the information including Res REQ;}

(3)、利用Nonce_REQID对ID_REQ进行异或运算得到ID_REQ⊕Nonce_REQID，利用Nonce_REQPub对Pub_REQ进行异或运算得到Pub_REQ⊕Nonce_REQPub；(3), utilize Nonce_REQID to carry out XOR operation to ID_REQ to obtain ID_REQ ⊕Nonce_REQID , utilize Nonce_REQPub to carry out XOR operation to Pub_REQ to obtain Pub_REQ ⊕Nonce_REQPub ;

(4)、计算生成第一数字签名Sig_{AS_REQ1}和第三数字签名Sig_{AS_REQ3}。(4) Calculate and generate the first digital signature Sig_{AS_REQ1} and the third digital signature Sig_{AS_REQ3} .

S617、AS-REQ向AS-AAC发送第二鉴别响应消息AS-REQVeri。S617. The AS-REQ sends the second authentication response message AS-REQVeri to the AS-AAC.

所述AS-REQVeri包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、Sig_{AS_REQ1}、ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQ⊕Nonce_REQPub和Sig_{AS_REQ3}，其中，Sig_{AS_REQ1}的签名数据包括ID_REQ⊕Nonce_REQID、Nonce_REQ和Pub_AAC⊕Nonce_AACPub，Sig_{AS_REQ3}的签名数据包括ID_AAC⊕Nonce_AACID、Nonce_AAC和Pub_REQ⊕Nonce_REQPub。The AS-REQVeri includes ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC ⊕ Nonce_AACPub , Sig_{AS_REQ1} , ID_AAC ⊕ Nonce_AACID , Nonce_AAC , Pub_REQ ⊕ Nonce_REQPub and Sig_{AS_REQ3} , wherein the signature data of Sig_{AS_REQ1} includes ID_REQ ⊕Nonce_REQID , Nonce_REQ and Pub_AAC ⊕Nonce_AACPub , the signature data of Sig_{AS_REQ3} includes ID_AAC ⊕Nonce_AACID , Nonce_AAC and Pub_REQ ⊕Nonce_REQPub .

S618、AS-AAC接收到AS-REQVeri后，执行下述操作，包括：S618. After the AS-AAC receives the AS-REQVeri, it performs the following operations, including:

(1)、利用AS-REQ的公钥验证Sig_{AS_REQ3}；若验证不通过，则丢弃AS-REQVeri；(1), utilize the public key of AS-REQ to verify Sig_{AS_REQ3} ; If the verification fails, then discard AS-REQVeri;

(2)、计算AS-AAC的第一消息鉴别码MIC_{AS_AAC}。(2) Calculate the first message authentication code MIC_{AS_AAC} of the AS-AAC.

S619、AS-AAC向AAC发送第一鉴别响应消息ASVeri。S619. The AS-AAC sends a first authentication response message ASVeri to the AAC.

所述ASVeri中包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、Sig_{AS_REQ1}、ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQ⊕Nonce_REQPub和MIC_{AS_AAC}。其中，ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、Sig_{AS_REQ1}、ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQ⊕Nonce_REQPub应分别等于AS-REQVeri中的相应字段；MIC_{AS_AAC}是AS-AAC利用所述K_{AAC_AS}，采用与AAC约定的杂凑算法对包括ID_AAC⊕Nonce_AACID、Nonce_AAC和Pub_REQ⊕Nonce_REQPub在内的信息计算的杂凑值。The ASVeri includes ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC ⊕ Nonce_AACPub , Sig_{AS_REQ1} , ID_AAC ⊕ Nonce_AACID , Nonce_AAC , Pub_REQ ⊕ Nonce_REQPub and MIC_{AS_AAC} . Among them, ID_REQ ⊕Nonce_REQID , Nonce_REQ , Pub_AAC ⊕Nonce_AACPub , Sig_{AS_REQ1} , ID_AAC ⊕Nonce_AACID , Nonce_AAC , Pub_REQ ⊕Nonce_REQPub should be respectively equal to the corresponding fields in AS-REQVeri; MIC_{AS_AAC} is AS- Using the K_{AAC_AS} , AAC uses the hash algorithm agreed with AAC to calculate a hash value for information including ID_AAC ⊕Nonce_AACID , Nonce_AAC and Pub_REQ ⊕Nonce_REQPub .

S620、AAC接收到ASVeri后，执行下述操作，包括：S620. After AAC receives ASVeri, the following operations are performed, including:

(1)、利用Nonce_AACID对ID_AAC⊕Nonce_AACID进行异或运算恢复ID_AAC，检查ID_AAC、Nonce_AAC是否分别与AAC自身的身份标识ID_AAC、AAC生成的Nonce_AAC相同；若不同，则丢弃ASVeri；(1), use Nonce_AACID to perform XOR operation on ID_AAC ⊕ Nonce_AACID to restore ID_AAC , check whether ID_AAC and Nonce_AAC are the same as the Nonce_AAC generated by AAC's own identity ID_AAC and AAC respectively; if they are different, discard them ASVeri;

(2)、验证MIC_{AS_AAC}；若验证不通过，则丢弃ASVeri；验证过程参见图4实施例中的相关内容；(2), verify MIC_{AS_AAC} ; If verification fails, then discard ASVeri; Verification process refers to the relevant content in the embodiment of Fig. 4;

(3)、利用消息加密密钥计算EncData_AAC；(3), utilize message encryption key to calculate EncData_AAC ;

(4)、计算MacTag_AAC。(4), calculate MacTag_AAC .

S621、AAC向REQ发送第三鉴别响应消息AACAuth。S621. AAC sends a third authentication response message AACAuth to REQ.

所述AACAuth中包括Nonce_AAC、Nonce_REQ、EncData_AAC和MacTag_AAC。其中，Nonce_REQ和Nonce_AAC为可选字段，且应分别等于REQInit中的Nonce_REQ和AAC生成的Nonce_AAC；EncData_AAC是AAC利用消息加密密钥，采用对称加密算法对包括ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、Nonce_AACPub、Sig_{AS_REQ1}和ID_AAC在内的加密数据加密生成的；MacTag_AAC的计算方式如图3实施例中相关描述。The AACAuth includes Nonce_AAC , Nonce_REQ , EncData_AAC and MacTag_AAC . Among them, Nonce_REQ and Nonce_AAC are optional fields, and should be equal to the Nonce AAC generated by Nonce_REQ and_AAC in REQInit respectively; EncData_AAC is AAC using a message encryption key, using a symmetric encryption algorithm to include ID_REQ ⊕ Nonce_REQID , The encrypted data including Nonce_REQ , Pub_AAC ⊕ Nonce_AACPub , Nonce_AACPub , Sig_{AS_REQ1} and ID_AAC are encrypted and generated; the calculation method of MacTag_AAC is described in the embodiment of FIG. 3 .

S622、REQ接收到AACAuth后，执行下述操作，包括：S622. After receiving the AACAuth, REQ performs the following operations, including:

(1)、若AACAuth中存在Nonce_REQ和/或Nonce_AAC，则检查Nonce_REQ是否与REQ生成的Nonce_REQ相同，和/或，检查Nonce_AAC是否与AACInit中的Nonce_AAC相同；(1) If there is Nonce_REQ and/or Nonce_AAC in AACAuth, check whether the Nonce_REQ is the same as the Nonce_REQ generated by REQ, and/or, check whether the Nonce_AAC is the same as the Nonce_AAC in AACInit;

(2)、验证MacTag_AAC；验证过程如图3实施例中相关描述；(2), verify MacTag_AAC ; The verification process is described in the relevant description in the embodiment of Fig. 3;

(3)、利用消息加密密钥解密EncData_AAC得到ID_REQ⊕Nonce_REQID、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、Nonce_AACPub、Sig_{AS_REQ1}和ID_AAC；(3), decrypt EncData_AAC with message encryption key to obtain ID_REQ ⊕ Nonce_REQID , Nonce_REQ , Pub_AAC ⊕ Nonce_AACPub , Nonce_AACPub , Sig_{AS_REQ1} and ID_AAC ;

(4)、利用Nonce_REQID对ID_REQ⊕Nonce_REQID进行异或运算恢复ID_REQ，利用Nonce_AACPub对Pub_AAC⊕Nonce_AACPub进行异或运算恢复Pub_AAC；(4), utilize Nonce_REQID to carry out XOR operation to ID_REQ ⊕ Nonce_REQID to restore ID_REQ , and utilize Nonce_AACPub to carry out XOR operation to Pub_AAC ⊕ Nonce_AACPub to restore Pub_AAC ;

(5)、检查ID_REQ、Nonce_REQ是否分别与REQ自身的身份标识ID_REQ、REQ生成的Nonce_REQ相同；(5), check whether ID_REQ and Nonce_REQ are the same as the Nonce_REQ generated by REQ's own identity ID_REQ and REQ respectively;

(6)、检查Pub_AAC中的ID_AAC是否与解密得到的ID_AAC一致；(6), check whether the ID_AAC in the Pub_AAC is consistent with the ID_AAC obtained by decryption;

(7)、利用AS-REQ的公钥验证Sig_{AS_REQ1}；(7), utilize the public key of AS-REQ to verify Sig_{AS_REQ1} ;

(8)、上述检查与验证中任一步不通过，则立即丢弃AACAuth；上述检查和验证均通过后，根据Pub_AAC中的Res_AAC确定AAC的身份鉴别结果；若AAC为不合法，则结束本次鉴别过程；(8) If any one of the above checks and verifications fails, AACAuth will be discarded immediately; after all the above checks and verifications are passed, the identity authentication result of AAC will be determined according to Res_AAC in Pub_AAC ; secondary identification process;

(9)、利用消息加密密钥计算生成EncData_REQ；计算生成MacTag_REQ。(9), utilize the message encryption key to calculate and generate EncData_REQ ; calculate and generate MacTag_REQ .

S623、REQ向AAC发送第四鉴别响应消息REQAuth。S623. REQ sends a fourth authentication response message REQAuth to the AAC.

所述REQAuth中包括Nonce_AAC、Nonce_REQ、EncData_REQ和MacTag_REQ。其中，Nonce_AAC和Nonce_REQ为可选字段，且应分别等于AACInit中的Nonce_AAC和REQ生成的Nonce_REQ；EncData_REQ的加密数据包括Nonce_REQPub；MacTag_REQ的计算过程如图3实施例中相关描述。The REQAuth includes Nonce_AAC , Nonce_REQ , EncData_REQ and MacTag_REQ . Wherein, Nonce_AAC and Nonce_REQ are optional fields, and should be equal to the Nonce REQ generated by Nonce_AAC and_REQ in AACInit respectively; The encrypted data of EncData_REQ includes Nonce_REQPub ; The calculation process of MacTag_REQ is described in relation to the embodiment as shown in Figure 3 .

S624、AAC接收到REQAuth后，执行下述操作，包括：S624. After receiving REQAuth, AAC performs the following operations, including:

(1)、若REQAuth中存在Nonce_AAC和/或Nonce_REQ，则检查Nonce_AAC和AAC生成的Nonce_AAC是否相同，和/或，检查Nonce_REQ是否与REQInit中的Nonce_REQ相同；(1) If there is Nonce_AAC and/or Nonce_REQ in REQAuth, check whether Nonce_AAC and Nonce AAC generated by_AAC are the same, and/or, check whether Nonce_REQ is the same as Nonce_REQ in REQInit;

(2)、验证MacTag_REQ；验证过程如图3实施例中相关描述；(2), verify MacTag_REQ ; The verification process is described in relation to the embodiment as shown in Figure 3;

(3)、利用消息加密密钥解密EncData_REQ得到Nonce_REQPub；(3), utilize message encryption key to decrypt EncData_REQ to obtain Nonce_REQPub ;

(4)、利用Nonce_REQPub对Pub_REQ⊕Nonce_REQPub进行异或运算恢复Pub_REQ；(4), utilize Nonce_REQPub to carry out XOR operation to Pub_REQ ⊕ Nonce_REQPub to restore Pub_REQ ;

(5)、上述检查及验证均通过，则根据Pub_REQ中的Res_REQ确定REQ的身份鉴别结果；上述检查与验证中任一步不通过，则立即丢弃REQAuth。(5) If the above checks and verifications are all passed, the identity authentication result of REQ is determined according to the Res_REQ in the Pub_REQ ; if any step of the above checks and verifications fails, REQAuth is immediately discarded.

由此，在S622和S624分别实现了漫游情况下对AAC和对REQ的身份鉴别，即实现REQ和AAC的双向身份鉴别，并且REQ和AAC的鉴别结果全程以密文传输，实现了REQ和AAC的身份保护。Thus, in S622 and S624, the identity authentication of the AAC and the REQ in the case of roaming is realized respectively, that is, the bidirectional identity authentication of the REQ and the AAC is realized, and the authentication results of the REQ and AAC are transmitted in cipher text throughout the whole process, realizing the REQ and AAC. identity protection.

需要说明的是，S610、S611中的第二数字签名Sig_{AS_AAC2}可以替换为第二消息鉴别码MIC_{AS_AAC2}，其中，MIC_{AS_AAC2}是AS-AAC利用与AS-REQ的预共享密钥，采用与AS-REQ约定的杂凑算法对包括AS-AACVeri中MIC_{AS_AAC2}之前的其他字段计算的杂凑值；则S612中AS-REQ验证Sig_{AS_AAC2}替换为验证MIC_{AS_AAC2}。S616、S617中的第三数字签名Sig_{AS_REQ3}可以替换为第三消息鉴别码MIC_{AS_REQ3}，其中，MIC_{AS_REQ3}是AS-REQ利用与AS-AAC的预共享密钥，采用与AS-AAC约定的杂凑算法对包括AS-REQVeri中的ID_AAC⊕Nonce_AACID、Nonce_AAC和Pub_REQ⊕Nonce_REQPub在内的字段计算的杂凑值；则S618中AS-AAC验证Sig_{AS_REQ3}替换为验证MIC_{AS_REQ3}。It should be noted that the second digital signature Sig_{AS_AAC2} in S610 and S611 can be replaced with the second message authentication code MIC_{AS_AAC2} , where MIC_{AS_AAC2} is the pre-shared key used by AS-AAC with AS-REQ, and the The hash algorithm agreed by REQ includes the hash value calculated by other fields before MIC_{AS_AAC2} in AS-AACVeri; then the AS-REQ verification Sig_{AS_AAC2} in S612 is replaced by the verification MIC_{AS_AAC2} . The third digital signature Sig_{AS_REQ3} in S616 and S617 can be replaced with a third message authentication code MIC_{AS_REQ3} , wherein MIC_{AS_REQ3} is the hash algorithm agreed with AS-AAC by AS-REQ using the pre-shared key with AS-AAC The hash value calculated for the fields including ID_AAC ⊕ Nonce_AACID , Nonce_AAC and Pub_REQ ⊕ Nonce_REQPub in AS-REQVeri; then in S618 the AS-AAC verification Sig_{AS_REQ3} is replaced by the verification MIC_{AS_REQ3} .

在上述各实施例中，每条消息还可以携带一个杂凑值HASH_{X_Y}，该杂凑值HASH_{X_Y}是该消息的发送方实体X利用杂凑算法对接收到的对端实体Y发送的最新前序消息计算得到的，用于对端实体Y来验证实体X是否接收到完整的最新前序消息。其中，HASH_{REQ_AAC}表示REQ对接收到的AAC发送的最新前序消息计算的杂凑值，HASH_{AAC_REQ}表示AAC对接收到的REQ发送的最新前序消息计算的杂凑值，HASH_{AAC_AS-AAC}表示AAC对接收到的AS-AAC发送的最新前序消息计算的杂凑值，HASH_{AS-AAC_AAC}表示AS-AAC对接收到的AAC发送的最新前序消息计算的杂凑值，HASH_{AS-AAC_AS-REQ}表示AS-AAC对接收到的AS-REQ发送的最新前序消息计算的杂凑值，HASH_{AS-REQ_AS-AAC}表示AS-REQ对接收到的AS-AAC发送的最新前序消息计算的杂凑值。若发送方实体X当前发送的消息为实体X和实体Y之间交互的首条消息，意味着实体X未曾收到对端实体Y发送的前序消息，则该条消息中HASH_{X_Y}可以不存在或者无意义。In each of the above embodiments, each message may also carry a hash value HASH_{X_Y} , and the hash value HASH_{X_Y} is calculated by the sender entity X of the message using the hash algorithm on the latest pre-order message sent by the peer entity Y received. obtained, which is used by the peer entity Y to verify whether the entity X has received the complete latest pre-order message. Among them, HASH_{REQ_AAC} represents the hash value calculated by REQ on the latest pre-order message sent by the received AAC, HASH_{AAC_REQ} represents the hash value calculated by AAC on the latest pre-order message sent by the received REQ, and HASH_{AAC_AS-AAC} represents the hash value calculated by AAC on the received Hash value calculated by the latest pre-order message sent by the received AS-AAC, HASH_{AS-AAC_AAC} represents the hash value calculated by AS-AAC for the latest pre-order message sent by the received AAC, HASH_{AS-AAC_AS-REQ} represents the AS-AAC Hash value calculated for the latest pre-order message sent by AS-REQ received, HASH_{AS-REQ_AS-AAC} indicates the hash value calculated by AS-REQ for the latest pre-order message sent by AS-AAC received. If the message currently sent by the sender entity X is the first message in the interaction between entity X and entity Y, it means that entity X has not received the pre-order message sent by the peer entity Y, then HASH_{X_Y} may not exist in the message or meaningless.

对应的，对端实体Y接收到实体X发送的消息后，若该条消息中包含HASH_{X_Y}，则当实体Y未曾向实体X发送过前序消息时，实体Y忽略HASH_{X_Y}；当实体Y曾向实体X发送过前序消息时，实体Y利用杂凑算法对之前向实体X发送的最新前序消息在本地计算杂凑值，并与接收到的消息中携带的杂凑值HASH_{X_Y}比较，若一致，则执行后续步骤，否则丢弃或者结束本次鉴别过程。Correspondingly, after the peer entity Y receives the message sent by the entity X, if the message contains HASH_{X_Y} , then when the entity Y has not sent the preorder message to the entity X, the entity Y ignores the HASH_{X_Y} ; When sending a pre-order message to entity X, entity Y uses the hash algorithm to calculate the hash value locally for the latest pre-order message previously sent to entity X, and compares it with the hash value HASH_{X_Y} carried in the received message. Then execute the following steps, otherwise discard or end the current authentication process.

本发明中，对实体X而言，对端实体Y向实体X发送的前序消息指的是：实体X向对端实体Y发送消息M之前，接收过的对端实体Y向实体X发送的消息；对端实体Y向实体X发送的最新前序消息指的是：实体X向对端实体Y发送消息M之前，接收的对端实体Y向实体X发送的最新一条消息。若实体X向其对端实体Y发送的消息M是实体X和实体Y之间交互的第一条消息，则实体X向其对端实体Y发送消息M之前，不存在对端实体Y向实体X发送的前序消息。In the present invention, for the entity X, the pre-order message sent by the peer entity Y to the entity X refers to the received message M sent by the peer entity Y to the entity X before the entity X sends the message M to the peer entity Y. Message; the latest pre-order message sent by peer entity Y to entity X refers to the latest message sent by peer entity Y to entity X before entity X sends message M to peer entity Y. If the message M sent by entity X to its peer entity Y is the first message exchanged between entity X and entity Y, then there is no peer entity Y to the entity before entity X sends message M to its peer entity Y The preorder message sent by X.

上述图3至图6所对应实施例中的可选字段和可选操作，在说明书附图的图3至图6中用“*”表示。以上所有实施例涉及的消息中所包括的各个内容不限定顺序，并且在没有特别说明的情况下，不限定消息接收方收到消息后对相关消息的操作顺序以及对消息中所包括的内容进行处理的顺序。The optional fields and optional operations in the embodiments corresponding to FIG. 3 to FIG. 6 are represented by “*” in FIG. 3 to FIG. 6 of the accompanying drawings. The contents included in the messages involved in all the above embodiments are not limited in order, and unless otherwise specified, the order of operations performed by the message receiver on the related messages after receiving the message and the content included in the message are not limited. order of processing.

基于图1至图6所对应的方法实施例，参见图7，本申请实施例还提供了一种请求设备700，包括：Based on the method embodiments corresponding to FIGS. 1 to 6 , and referring to FIG. 7 , an embodiment of the present application further provides a requestingdevice 700 , including:

加密模块710，用于利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成第一身份信息密文，所述请求设备的身份信息包括所述请求设备的数字证书，所述第一身份密钥包括第二密钥；Theencryption module 710 is configured to use the public key of the encryption certificate to encrypt the information including the identity information of the requesting device and the first identity key of the requesting device to generate a ciphertext of the first identity information, the ciphertext of the requesting device. the identity information includes a digital certificate of the requesting device, and the first identity key includes a second key;

发送模块720，用于向鉴别接入控制器发送身份密文消息，所述身份密文消息包括所述第一身份信息密文；A sendingmodule 720, configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the ciphertext of the first identity information;

接收模块730，用于接收所述鉴别接入控制器发送的第三鉴别响应消息，所述第三鉴别响应消息中包括身份鉴别结果信息密文，所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和第一数字签名在内的加密数据加密生成的；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述请求设备信任的第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名；A receivingmodule 730, configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication result information ciphertext. The access controller uses a message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature; the first authentication result information includes the first authentication result information for the authentication access controller. Verification result, the first digital signature is a digital signature calculated and generated by a second authentication server trusted by the requesting device on the signature data including the first authentication result information;

解密模块740，用于利用所述消息加密密钥解密所述身份鉴别结果信息密文得到所述第一鉴别结果信息和所述第一数字签名；Adecryption module 740, configured to decrypt the ciphertext of the identity authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature;

验证模块750，用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证，若验证通过，则确定模块760根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；当确定模块760确定所述鉴别接入控制器的身份鉴别结果为合法时，发送模块720向所述鉴别接入控制器发送第四鉴别响应消息；或者，Theverification module 750 is configured to use the public key of the second authentication server to verify the first digital signature. If the verification is passed, thedetermination module 760 determines the first digital signature according to the first verification result in the first authentication result information. The identity authentication result of the authentication access controller; when thedetermination module 760 determines that the identity authentication result of the authentication access controller is legal, the sendingmodule 720 sends a fourth authentication response message to the authentication access controller; or ,

验证模块750用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证，若验证通过，则发送模块720向所述鉴别接入控制器发送第四鉴别响应消息以及确定模块760根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；或者，Theverification module 750 is configured to use the public key of the second authentication server to verify the first digital signature. If the verification is passed, the sendingmodule 720 sends a fourth authentication response message and a determination module to the authentication access controller. 760 Determine the identity authentication result of the authentication access controller according to the first verification result in the first authentication result information; or,

验证模块750用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证；若所述第一数字签名验证通过，则确定模块760根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；发送模块720向所述鉴别接入控制器发送第四鉴别响应消息；Theverification module 750 is configured to use the public key of the second authentication server to verify the first digital signature; if the verification of the first digital signature is passed, thedetermination module 760 determines the first digital signature according to the first authentication result information. A verification result determines the identity authentication result of the authentication access controller; the sendingmodule 720 sends a fourth authentication response message to the authentication access controller;

其中，所述第四鉴别响应消息包括第二密钥密文，所述第二密钥密文是加密模块710利用消息加密密钥对包括所述第二密钥在内的信息加密生成的。The fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by theencryption module 710 using a message encryption key to encrypt information including the second key.

可选的，接收模块730还用于：在发送模块720发送身份密文消息之前，接收所述鉴别接入控制器发送的密钥请求消息，所述密钥请求消息中包括所述鉴别接入控制器的密钥交换参数；所述请求设备还包括：Optionally, the receivingmodule 730 is further configured to: before the sendingmodule 720 sends the identity ciphertext message, receive a key request message sent by the authentication access controller, where the key request message includes the authentication access controller. key exchange parameters of the controller; the requesting device further includes:

计算模块，用于根据包括所述请求设备的密钥交换参数对应的临时私钥和所述鉴别接入控制器的密钥交换参数所包括的临时公钥进行密钥交换计算生成第一密钥，根据包括所述第一密钥在内的信息利用密钥导出算法计算所述消息加密密钥；A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the requesting device and the temporary public key included in the key exchange parameter of the authentication access controller , calculate the message encryption key by using a key derivation algorithm according to the information including the first key;

则所述身份密文消息中还包括所述请求设备的密钥交换参数。Then, the identity ciphertext message also includes the key exchange parameter of the requesting device.

可选的，所述密钥请求消息中还包括所述鉴别接入控制器生成的第一随机数；则所述计算模块具体用于：根据包括所述第一密钥、所述第一随机数和所述请求设备生成的第二随机数在内的信息计算所述消息加密密钥；对应的，所述身份密文消息中还包括所述第二随机数。Optionally, the key request message further includes a first random number generated by the authentication access controller; then the calculation module is specifically configured to: The message encryption key is calculated using information including the number and the second random number generated by the requesting device; correspondingly, the identity ciphertext message also includes the second random number.

可选的，所述密钥请求消息中还包括所述鉴别接入控制器支持的安全能力参数信息；确定模块760还用于根据所述安全能力参数信息确定所述请求设备使用的特定安全策略；则所述身份密文消息中还包括所述特定安全策略。Optionally, the key request message further includes security capability parameter information supported by the authentication access controller; the determiningmodule 760 is further configured to determine a specific security policy used by the requesting device according to the security capability parameter information ; then the identity ciphertext message also includes the specific security policy.

可选的，所述密钥请求消息中还包括所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识；则确定模块760还用于根据所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识，确定所述请求设备信任的至少一个鉴别服务器的身份标识；则所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识。Optionally, the key request message also includes the identity of at least one authentication server trusted by the authentication access controller; then the determiningmodule 760 is further configured to identify at least one authentication server trusted by the authentication access controller. The identity identifier of the server determines the identity identifier of at least one authentication server trusted by the requesting device; the identity ciphertext message also includes the identity identifier of at least one authentication server trusted by the requesting device.

可选的，发送模块720发送的身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识。Optionally, the identity ciphertext message sent by the sendingmodule 720 further includes the identity identifier of at least one authentication server trusted by the requesting device.

可选的，所述请求设备的身份信息还包括所述请求设备的身份标识；所述第一身份密钥还包括第三密钥；则所述第一鉴别响应消息中还包括所述请求设备的身份标识密文；所述请求设备的身份标识密文是利用所述第三密钥对包括所述请求设备的身份标识在内的信息加密生成的；Optionally, the identity information of the requesting device further includes the identity of the requesting device; the first identity key further includes a third key; then the first authentication response message also includes the requesting device The identity ciphertext of the requesting device; the identity ciphertext of the requesting device is generated by using the third key to encrypt the information including the identity of the requesting device;

所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述请求设备的身份标识密文；所述解密模块解密所述身份鉴别结果信息密文还得到所述请求设备的身份标识密文；The encrypted data of the ciphertext of the identity authentication result information in the third authentication response message also includes the ciphertext of the identity identification of the requesting device; the decryption module decrypts the ciphertext of the identity authentication result information and obtains the ciphertext of the requesting device. ID ciphertext;

则在确定模块760确定所述鉴别接入控制器的身份鉴别结果之前，验证模块750还用于根据所述请求设备自身的身份标识和所述第三密钥对所述请求设备的身份标识密文进行验证。Then, before thedetermination module 760 determines the identity authentication result of the authentication access controller, theverification module 750 is further configured to encrypt the identity of the requesting device according to the identity of the requesting device and the third key. text to verify.

可选的，接收模块730接收的第三鉴别响应消息中还包括第一消息完整性校验码；则在确定模块760确定所述鉴别接入控制器的身份鉴别结果之前，验证模块750还用于利用消息完整性校验密钥对所述第一消息完整性校验码进行验证；其中，所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Optionally, the third authentication response message received by the receivingmodule 730 also includes the first message integrity check code; before thedetermination module 760 determines the identity authentication result of the authentication access controller, theverification module 750 also uses The first message integrity check code is verified by using a message integrity check key; wherein, the message integrity check key and the message encryption key are generated in the same manner.

可选的，发送模块720发送的第四鉴别响应消息中还包括第二消息完整性校验码，所述第二消息完整性校验码是所述请求设备利用消息完整性校验密钥对包括所述第四鉴别响应消息中除所述第二消息完整性校验码外的其他字段计算生成的；其中，所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Optionally, the fourth authentication response message sent by the sendingmodule 720 further includes a second message integrity check code, where the second message integrity check code is the key pair used by the requesting device for message integrity check. Including the calculation and generation of other fields except the second message integrity check code in the fourth authentication response message; wherein, the message integrity check key and the message encryption key are generated in the same manner .

可选的，所述第一鉴别结果信息是利用所述第四密钥对包括所述鉴别接入控制器的第一验证结果在内的信息加密生成的；所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第四密钥；Optionally, the first authentication result information is generated by encrypting the information including the first authentication result of the authentication access controller by using the fourth key; The encrypted data of the ciphertext of the identity authentication result information also includes the fourth key;

则解密模块740解密所述身份鉴别结果信息密文还得到所述第四密钥，解密模块740还用于利用所述第四密钥解密所述第一鉴别结果信息得到第一验证结果。Then, thedecryption module 740 decrypts the ciphertext of the identity authentication result information to obtain the fourth key, and thedecryption module 740 is further configured to use the fourth key to decrypt the first authentication result information to obtain the first verification result.

可选的，所述请求设备向所述鉴别接入控制器发送的消息还包括所述请求设备对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值。Optionally, the message sent by the requesting device to the authentication access controller further includes a hash value calculated by the requesting device on the received latest pre-order message sent by the authentication access controller.

参见图8，本申请实施例还提供了一种鉴别接入控制器800，包括：Referring to FIG. 8, an embodiment of the present application further provides anauthentication access controller 800, including:

接收模块810，用于接收请求设备发送的身份密文消息，所述身份密文消息包括第一身份信息密文；所述第一身份信息密文是所述请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的；所述请求设备的身份信息包括所述请求设备的数字证书；所述第一身份密钥包括第二密钥；The receivingmodule 810 is configured to receive the identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the first identity information ciphertext; the first identity information ciphertext is the public key pair of the encryption certificate used by the requesting device The information including the identity information of the requesting device and the first identity key of the requesting device is encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key including the second key;

发送模块820，用于向所述鉴别接入控制器信任的第一鉴别服务器发送第一鉴别请求消息，所述第一鉴别请求消息中包括所述第一身份信息密文和所述鉴别接入控制器的身份鉴别码；所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的；A sendingmodule 820, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the ciphertext of the first identity information and the authentication access The identity authentication code of the controller; the identity authentication code of the authentication access controller is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the pre-shared key with the first authentication server. The cryptographic algorithm is generated by calculating the information including the ciphertext of the first identity information;

接收模块810还用于接收所述第一鉴别服务器发送的第一鉴别响应消息，所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名，所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的，所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果，所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥，采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的；The receivingmodule 810 is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first digital signature of the second authentication server trusted by the requesting device , the second authentication result information ciphertext and the first message authentication code of the first authentication server; the first authentication result information includes the first authentication result for the authentication access controller, the first number The signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result information. The information including the result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code of the first authentication server. The authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;

验证模块830，用于利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法验证所述第一鉴别服务器的第一消息鉴别码；Averification module 830, configured to use the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting a cryptographic algorithm agreed with the first authentication server;

发送模块820，还用于若验证通过，向所述请求设备发送第三鉴别响应消息，所述第三鉴别响应消息中包括身份鉴别结果信息密文，所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和所述第一数字签名在内的加密数据加密生成的；The sendingmodule 820 is further configured to send a third authentication response message to the requesting device if the verification is passed, where the third authentication response message includes the ciphertext of the identity authentication result information, and the ciphertext of the identity authentication result information is the The authentication access controller encrypts and generates encrypted data including the first authentication result information and the first digital signature by using a message encryption key;

接收模块810，还用于接收所述请求设备发送的第四鉴别响应消息，所述第四鉴别响应消息包括第二密钥密文，所述第二密钥密文是利用所述消息加密密钥对包括所述第二密钥在内的信息加密生成的；The receivingmodule 810 is further configured to receive a fourth authentication response message sent by the requesting device, where the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is encrypted by using the message. The key pair is generated by encrypting the information including the second key;

解密模块840，用于利用所述消息加密密钥解密所述第二密钥密文得到第二密钥，利用所述第二密钥对所述第二鉴别结果信息密文进行解密得到第二鉴别结果信息；Thedecryption module 840 is configured to use the message encryption key to decrypt the second key ciphertext to obtain a second key, and use the second key to decrypt the second authentication result information ciphertext to obtain a second key. Identification result information;

确定模块850，用于根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。The determiningmodule 850 is configured to determine the identity authentication result of the requesting device according to the second verification result in the second authentication result information.

可选的，发送模块820还用于：在接收所述身份密文消息之前，向所述请求设备发送密钥请求消息，所述密钥请求消息中包括所述鉴别接入控制器的密钥交换参数；则所述身份密文消息中还包括所述请求设备的密钥交换参数；所述鉴别接入控制器还包括：Optionally, the sendingmodule 820 is further configured to: before receiving the identity ciphertext message, send a key request message to the requesting device, where the key request message includes the key for authenticating the access controller exchange parameters; then the identity ciphertext message also includes the key exchange parameters of the requesting device; the authentication access controller further includes:

计算模块，用于根据包括所述鉴别接入控制器的密钥交换参数对应的临时私钥和所述请求设备的密钥交换参数所包括的临时公钥进行密钥交换计算生成第一密钥，根据包括所述第一密钥在内的信息利用密钥导出算法计算所述消息加密密钥。A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the authentication access controller and the temporary public key included in the key exchange parameter of the requesting device , and calculate the message encryption key by using a key derivation algorithm according to the information including the first key.

可选的，所述密钥请求消息中还包括所述鉴别接入控制器生成的第一随机数；对应的，所述身份密文消息中还包括所述请求设备生成的第二随机数；所述计算模块具体用于：根据包括所述第一密钥、所述第一随机数和所述第二随机数在内的信息计算所述消息加密密钥。Optionally, the key request message further includes a first random number generated by the authentication access controller; correspondingly, the identity ciphertext message further includes a second random number generated by the requesting device; The calculation module is specifically configured to calculate the message encryption key according to information including the first key, the first random number and the second random number.

可选的，所述身份密文消息中还包括所述第一随机数；在所述计算模块计算所述消息加密密钥之前，验证模块830还用于对所述身份密文消息中的第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证。Optionally, the identity ciphertext message further includes the first random number; before the computing module calculates the message encryption key, theverification module 830 is further configured to verify the first random number in the identity ciphertext message. The consistency of a random number and the first random number generated by the authentication access controller is verified.

可选的，所述密钥请求消息中还包括所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识；对应的，所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识；确定模块850还用于根据所述身份密文消息中所述请求设备信任的至少一个鉴别服务器的身份标识和所述密钥请求消息中所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识，确定所述第一鉴别服务器。Optionally, the key request message further includes an identity identifier of at least one authentication server trusted by the authentication access controller; correspondingly, the identity ciphertext message also includes at least one authentication server trusted by the requesting device. The identity identifier of the authentication server; the determiningmodule 850 is further configured to determine the identity identifier of at least one authentication server trusted by the requesting device in the identity ciphertext message and the authentication access controller trusted by the authentication access controller in the key request message. The identity identifier of at least one authentication server determines the first authentication server.

可选的，所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识；确定模块850还用于根据所述请求设备信任的至少一个鉴别服务器的身份标识和所述鉴别接入控制器信任的鉴别服务器的身份标识，确定所述第一鉴别服务器。Optionally, the identity ciphertext message also includes the identity of the at least one authentication server trusted by the requesting device; the determiningmodule 850 is further configured to determine the identity of the at least one authentication server trusted by the requesting device and the identity of the at least one authentication server trusted by the requesting device. Identify the identity of the authentication server trusted by the access controller, and determine the first authentication server.

可选的，所述第一鉴别请求消息中还包括所述鉴别接入控制器的身份标识和/或所述鉴别接入控制器生成的第一随机数；对应的，所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识和/或所述第一随机数；则验证模块830还用于在发送模块820发送第三鉴别响应消息之前，对所述第一鉴别响应消息中的所述鉴别接入控制器的身份标识和所述鉴别接入控制器自身的身份标识的一致性进行验证；和/或，对所述第一鉴别响应消息中的所述第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证。Optionally, the first authentication request message further includes the identity of the authentication access controller and/or the first random number generated by the authentication access controller; correspondingly, the first authentication response The message also includes the identity of the authentication access controller and/or the first random number; then theverification module 830 is further configured to respond to the first authentication before the sendingmodule 820 sends the third authentication response message verifying the consistency of the identity of the authentication access controller in the message and the identity of the authentication access controller itself; and/or, verifying the first random number in the first authentication response message The consistency of the number and the first random number generated by the authentication access controller is verified.

可选的，所述第一鉴别请求消息中还包括第二身份信息密文，所述第二身份信息密文是所述鉴别接入控制器利用加密证书对包括所述鉴别接入控制器的身份标识和所述鉴别接入控制器的第二身份密钥在内的信息加密生成的，所述第二身份密钥包括第四密钥和第五密钥；Optionally, the first authentication request message further includes a ciphertext of second identity information, where the ciphertext of the second identity information is the authentication access controller using an encrypted certificate to pair the authentication access controller with the ciphertext. The identity identifier and the information including the second identity key for identifying the access controller are encrypted and generated, and the second identity key includes a fourth key and a fifth key;

相应的，所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识密文；所述第一鉴别结果信息是利用所述第四密钥对包括所述鉴别接入控制器的第一验证结果在内的信息加密生成的；所述鉴别接入控制器的身份标识密文是利用所述第五密钥对包括所述鉴别接入控制器的身份标识在内的信息加密生成的；Correspondingly, the first authentication response message further includes the identity ciphertext of the authentication access controller; the first authentication result information includes the authentication access controller using the fourth key pair. The information including the first verification result of the authentication access controller is encrypted and generated; the ciphertext of the identity identification of the authentication access controller is to use the fifth key to encrypt the information including the identification of the authentication access controller. Generated;

验证模块830还用于：根据所述鉴别接入控制器自身的身份标识和所述第五密钥对所述鉴别接入控制器的身份标识密文进行验证；若验证通过，则发送模块820再向所述请求设备发送第三鉴别响应消息；其中，所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第四密钥。Theverification module 830 is further configured to: verify the ciphertext of the identity identification of the identification access controller according to the identification of the identification access controller itself and the fifth key; if the verification is passed, the sendingmodule 820 Then, send a third authentication response message to the requesting device; wherein, the encrypted data of the ciphertext of the identity authentication result information in the third authentication response message further includes the fourth key.

可选的，发送模块820发送的所述第三鉴别响应消息中还包括第一消息完整性校验码，所述第一消息完整性校验码是所述鉴别接入控制器利用消息完整性校验密钥对包括所述第三鉴别响应消息中除所述第一消息完整性校验码外的其他字段计算生成的；其中，所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Optionally, the third authentication response message sent by the sendingmodule 820 further includes a first message integrity check code, and the first message integrity check code is the message integrity used by the authentication access controller. The verification key pair includes the calculation and generation of other fields in the third authentication response message except the first message integrity verification code; wherein, the message integrity verification key is the same as the message encryption key. The keys are generated in the same way.

可选的，接收模块810接收的所述第四鉴别响应消息中还包括第二消息完整性校验码；则在确定模块850确定所述请求设备的身份鉴别结果之前，验证模块830还用于利用消息完整性校验密钥验证所述第二消息完整性校验码；其中，所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Optionally, the fourth authentication response message received by the receivingmodule 810 also includes a second message integrity check code; then before thedetermination module 850 determines the identity authentication result of the requesting device, theverification module 830 is also used for The second message integrity check code is verified using a message integrity check key; wherein the message integrity check key and the message encryption key are generated in the same manner.

可选的，当所述身份密文消息中还包括所述请求设备的数字签名时，确定模块850还用于：在确定所述请求设备的身份鉴别结果之前，确定所述请求设备的数字签名是否验证通过，若确定所述请求设备的数字签名验证通过，则再根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。Optionally, when the identity ciphertext message also includes the digital signature of the requesting device, the determiningmodule 850 is further configured to: before determining the identity authentication result of the requesting device, determine the digital signature of the requesting device. Whether the verification is passed, if it is determined that the digital signature verification of the requesting device is passed, then the identity authentication result of the requesting device is determined according to the second verification result in the second authentication result information.

可选的，确定模块850通过以下方式确定所述请求设备的数字签名是否验证通过：Optionally, the determiningmodule 850 determines whether the digital signature of the requesting device passes the verification in the following manner:

所述第二鉴别服务器利用所述请求设备的数字证书对所述请求设备的数字签名进行验证，若接收模块810接收到所述第一鉴别响应消息，则确定模块850确定所述请求设备的数字签名已验证通过；或者，The second authentication server verifies the digital signature of the requesting device by using the digital certificate of the requesting device. If the receivingmodule 810 receives the first authentication response message, the determiningmodule 850 determines the digital signature of the requesting device. The signature has been verified; or,

当所述第二鉴别结果信息中还包括所述请求设备的数字证书时，由验证模块830利用所述请求设备的数字证书对所述请求设备的数字签名进行验证，确定模块850根据验证结果确定所述请求设备的数字签名是否验证通过。When the second authentication result information also includes the digital certificate of the requesting device, theverification module 830 uses the digital certificate of the requesting device to verify the digital signature of the requesting device, and the determiningmodule 850 determines according to the verification result Whether the digital signature of the requesting device is verified.

可选的，所述鉴别接入控制器向所述请求设备发送的消息还包括所述鉴别接入控制器对接收到的所述请求设备发送的最新前序消息计算的杂凑值；所述鉴别接入控制器向所述第一鉴别服务器发送的消息还包括所述鉴别接入控制器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值。Optionally, the message sent by the authentication access controller to the requesting device further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the requesting device; the authentication The message sent by the access controller to the first authentication server further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the first authentication server.

参见图9，本申请实施例还提供了一种第一鉴别服务器900，包括：Referring to FIG. 9, an embodiment of the present application further provides afirst authentication server 900, including:

接收模块910，用于接收鉴别接入控制器发送的第一鉴别请求消息，所述第一鉴别请求消息中包括第一身份信息密文和所述鉴别接入控制器的身份鉴别码，所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的，所述请求设备的身份信息包括所述请求设备的数字证书，所述第一身份密钥包括第二密钥，所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的；The receivingmodule 910 is configured to receive the first authentication request message sent by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the identity authentication code of the authentication access controller, the The first identity information ciphertext is generated by the requesting device by encrypting the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate, and the identity information of the requesting device is generated. It includes the digital certificate of the requesting device, the first identity key includes a second key, and the authentication code of the authentication access controller is the authentication code that the authentication access controller uses with the first authentication server. a pre-shared key, which is calculated and generated from the information including the ciphertext of the first identity information by using the cryptographic algorithm agreed with the first authentication server;

发送模块920，用于向所述鉴别接入控制器发送第一鉴别响应消息，所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名，所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的，所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果，所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥，采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的。A sendingmodule 920, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information and a first digital signature of a second authentication server trusted by the requesting device , the second authentication result information ciphertext and the first message authentication code of the first authentication server; the first authentication result information includes the first authentication result for the authentication access controller, the first number The signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result information. The information including the result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code of the first authentication server. The authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information.

可选的，所述第一鉴别服务器900还包括：Optionally, thefirst authentication server 900 further includes:

第一验证模块，用于对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果，利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥，对所述请求设备的数字证书进行合法性验证得到第二验证结果；The first verification module is used to verify the identity authentication code of the authentication access controller to obtain a first verification result, and decrypt the ciphertext of the first identity information by using the private key corresponding to the encryption certificate to obtain the digital code of the requesting device. the certificate and the second key, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;

第一生成模块，用于根据包括所述第一验证结果在内的信息生成所述第一鉴别结果信息，根据包括所述第二验证结果在内的信息生成所述第二鉴别结果信息，利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文，对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名，对包括所述第二鉴别结果信息密文在内的信息计算生成第一鉴别服务器的第一消息鉴别码；The first generation module is configured to generate the first identification result information according to the information including the first verification result, generate the second identification result information according to the information including the second verification result, and use the The second key encrypts the information including the second authentication result information to generate the ciphertext of the second authentication result information, calculates the signature data including the first authentication result information to generate the first digital signature, and generates the first digital signature for the information including the first authentication result information. The information including the ciphertext of the second authentication result information is calculated to generate the first message authentication code of the first authentication server;

第二生成模块，用于根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The second generating module is configured to, based on information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information and the first message authentication code of the first authentication server The first authentication response message is generated.

可选的，第一鉴别服务器900还包括：Optionally, thefirst authentication server 900 further includes:

第二验证模块，用于对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果；a second verification module, configured to verify the identity authentication code of the authentication access controller to obtain a first verification result;

第三生成模块，用于根据包括所述第一验证结果在内的信息生成所述第一鉴别结果信息，对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成第二数字签名或对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成第二消息鉴别码；A third generating module, configured to generate the first authentication result information according to the information including the first verification result, and sign the first authentication result information and the ciphertext of the first identity information. Data calculation to generate a second digital signature or calculation of information including the first authentication result information and the ciphertext of the first identity information to generate a second message authentication code;

所述发送模块，还用于向第二鉴别服务器发送第二鉴别请求消息，所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二数字签名或所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二消息鉴别码；The sending module is further configured to send a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second authentication request message. The digital signature or the second authentication request message includes the first authentication result information, the ciphertext of the first identity information, and the second message authentication code;

所述接收模块，还用于接收所述第二鉴别服务器发送的第二鉴别响应消息，所述第二鉴别响应消息中包括所述第一鉴别结果信息、第一数字签名、第二鉴别结果信息密文和第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、第一数字签名、第二鉴别结果信息密文和第三消息鉴别码；其中，所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的；所述第三数字签名是所述第二鉴别服务器对包括所述第二鉴别结果信息密文在内的签名数据计算生成的或所述第三消息鉴别码是所述第二鉴别服务器对包括所述第二鉴别结果信息密文在内的信息计算生成的；The receiving module is further configured to receive a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result information The ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the ciphertext of the second authentication result information and the third message authentication code; wherein the first authentication result information The digital signature is calculated and generated by the second authentication server on the signature data including the first authentication result information; the third digital signature is the encryption of the second authentication result information including the second authentication result information by the second authentication server. The signature data including the text is calculated and generated or the third message authentication code is generated by the second authentication server on the information including the cipher text of the second authentication result information;

第三验证模块，用于利用所述第二鉴别服务器的公钥验证所述第三数字签名或利用与所述第二鉴别服务器的预共享密钥验证所述第三消息鉴别码；a third verification module, configured to use the public key of the second authentication server to verify the third digital signature or to verify the third message authentication code using the pre-shared key with the second authentication server;

第四生成模块，用于若验证通过，则对包括所述第二鉴别结果信息密文在内的信息计算生成所述第一鉴别服务器的第一消息鉴别码，根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The fourth generation module is used to calculate and generate the first message authentication code of the first authentication server for the information including the ciphertext of the second authentication result information, if the verification is passed, according to the information including the first authentication result Information including the information, the first digital signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server generates the first authentication response message.

可选的，所述第一鉴别服务器向所述鉴别接入控制器发送的消息还包括所述第一鉴别服务器对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值；所述第一鉴别服务器向所述第二鉴别服务器发送的消息还包括所述第一鉴别服务器对接收到的所述第二鉴别服务器发送的最新前序消息计算的杂凑值。Optionally, the message sent by the first authentication server to the authentication access controller further includes a hash value calculated by the first authentication server on the received latest pre-order message sent by the authentication access controller. ; The message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server for the latest pre-order message sent by the second authentication server received.

参见图10，本申请实施例还提供了一种第二鉴别服务器1000，包括：Referring to FIG. 10, an embodiment of the present application further provides asecond authentication server 1000, including:

接收模块1010，用于接收第一鉴别服务器发送的第二鉴别请求消息，所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二数字签名或所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二消息鉴别码；其中，所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的，所述请求设备的身份信息包括所述请求设备的数字证书，所述第一身份密钥包括第二密钥；所述第二数字签名是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成的或所述第二消息鉴别码是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成的；Thereceiving module 1010 is configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second digital signature or the second authentication request message. The authentication request message includes the first authentication result information, the ciphertext of the first identity information, and the second message authentication code; wherein, the ciphertext of the first identity information is the request device using the public key of the encryption certificate to include the request device's ciphertext. The identity information and the information including the first identity key of the requesting device are encrypted and generated, the identity information of the requesting device includes the digital certificate of the requesting device, and the first identity key includes the second key; The second digital signature is calculated and generated by the first authentication server on the signature data including the first authentication result information and the ciphertext of the first identity information, or the second message authentication code is the The first authentication server calculates and generates the information including the first authentication result information and the ciphertext of the first identity information;

验证模块1020，用于利用所述第一鉴别服务器的公钥验证所述第二数字签名或利用与所述第一鉴别服务器的预共享密钥验证所述第二消息鉴别码，若验证通过，则利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥，对所述请求设备的数字证书进行合法性验证得到第二验证结果；Averification module 1020, configured to verify the second digital signature by using the public key of the first authentication server or verify the second message authentication code by using the pre-shared key with the first authentication server, if the verification is passed, Then use the private key corresponding to the encryption certificate to decrypt the ciphertext of the first identity information to obtain the digital certificate of the requesting device and the second key, and verify the validity of the digital certificate of the requesting device to obtain the second verification result. ;

生成模块1030，用于根据包括所述第二验证结果在内的信息生成所述第二鉴别结果信息，利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文，对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名，对包括所述第二鉴别结果信息密文在内的签名数据计算生成第三数字签名或对包括所述第二鉴别结果信息密文在内的信息计算生成第三消息鉴别码；Agenerating module 1030, configured to generate the second authentication result information according to the information including the second verification result, and use the second key to encrypt the information including the second authentication result information to generate the second authentication The result information ciphertext, the signature data including the first authentication result information is calculated to generate a first digital signature, and the signature data including the second authentication result information ciphertext is calculated to generate a third digital signature or a pair of signatures. Information including the second authentication result information ciphertext is calculated to generate a third message authentication code;

发送模块1040，用于向所述第一鉴别服务器发送的第二鉴别响应消息，所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三消息鉴别码。A sendingmodule 1040, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication The result information ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the second authentication result information ciphertext and the third authentication result information. message authentication code.

可选的，所述第二鉴别服务器向所述第一鉴别服务器发送的消息还包括所述第二鉴别服务器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值。Optionally, the message sent by the second authentication server to the first authentication server further includes a hash value calculated by the second authentication server on the received latest pre-order message sent by the first authentication server.

本领域普通技术人员可以理解：实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成，前述程序可以存储于计算机可读取存储介质中，该程序在执行时，执行包括上述方法实施例的步骤；而前述的存储介质可以是下述介质中的至少一种：只读存储器(英文：Read-Only Memory，缩写：ROM)、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by program instructions related to hardware, the foregoing program may be stored in a computer-readable storage medium, and when the program is executed, the execution includes the above The steps of the method embodiment; and the aforementioned storage medium may be at least one of the following media: read-only memory (English: Read-Only Memory, abbreviation: ROM), RAM, magnetic disk or optical disk and other various programs that can store programs medium of code.

需要说明的是，本说明书中的各个实施例均采用递进的方式描述，各个实施例之间相同相似的部分互相参见即可，每个实施例重点说明的都是与其他实施例的不同之处。尤其，对于设备及系统实施例而言，由于其与方法实施例相一致和对应，所以描述得比较简单，相关之处参见方法实施例的部分说明即可。以上所描述的设备及系统实施例仅是示意性的，其中作为分离部件说明的模块可以是或者也可以不是物理上分开的，作为模块显示的部件可以是或者也可以不是物理模块，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下，即可以理解并实施。It should be noted that each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. place. In particular, for the device and system embodiments, since they are consistent with and correspond to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for related parts. The device and system embodiments described above are only schematic, wherein the modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

以上所述，仅为本申请的一种具体实施方式，但本申请的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本申请揭露的技术范围内，可轻易想到的变化或替换，都应涵盖在本申请的保护范围之内。因此，本申请的保护范围应该以权利要求的保护范围为准。The above is only a specific embodiment of the present application, but the protection scope of the present application is not limited to this. Substitutions should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Claims (48)

Translated fromChinese

1.一种身份鉴别方法，其特征在于，所述方法包括：1. an identity authentication method, is characterized in that, described method comprises:鉴别接入控制器接收请求设备发送的身份密文消息，所述身份密文消息包括第一身份信息密文；所述第一身份信息密文是所述请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的；所述请求设备的身份信息包括所述请求设备的数字证书；所述第一身份密钥包括第二密钥；The authentication access controller receives the identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the first identity information ciphertext; the first identity information ciphertext is the public key pair of the encryption certificate used by the requesting device, including The identity information of the requesting device and the information including the first identity key of the requesting device are encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key includes the second key;所述鉴别接入控制器向其信任的第一鉴别服务器发送第一鉴别请求消息，所述第一鉴别请求消息中包括所述第一身份信息密文和所述鉴别接入控制器的身份鉴别码；所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的；The authentication access controller sends a first authentication request message to its trusted first authentication server, where the first authentication request message includes the ciphertext of the first identity information and the identity authentication of the authentication access controller The identity authentication code of the authentication access controller is that the authentication access controller uses the pre-shared key with the first authentication server, and adopts the cryptographic algorithm agreed with the first authentication server to pair all data including It is calculated and generated from the information including the ciphertext of the first identity information;所述鉴别接入控制器接收所述第一鉴别服务器发送的第一鉴别响应消息，所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名，所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的，所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果，所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥，采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的；The authentication access controller receives a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first number of the second authentication server trusted by the requesting device signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first authentication result information The digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair including the second authentication result information. The information including the authentication result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first message authentication code of the first authentication server. An authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法验证所述第一鉴别服务器的第一消息鉴别码，若验证通过，向所述请求设备发送第三鉴别响应消息，所述第三鉴别响应消息中包括身份鉴别结果信息密文，所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和所述第一数字签名在内的加密数据加密生成的；The authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server. If the verification passes , send a third authentication response message to the requesting device, the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication access controller using a message encryption key Generated by encrypting the encrypted data including the first authentication result information and the first digital signature;所述请求设备利用所述消息加密密钥解密所述身份鉴别结果信息密文得到所述第一鉴别结果信息和所述第一数字签名；The requesting device decrypts the ciphertext of the identity authentication result information by using the message encryption key to obtain the first authentication result information and the first digital signature;所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证，若验证通过，则所述请求设备根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；当所述请求设备确定所述鉴别接入控制器的身份鉴别结果为合法时，向所述鉴别接入控制器发送第四鉴别响应消息；或者，The requesting device verifies the first digital signature by using the public key of the second authentication server, and if the verification is passed, the requesting device determines the first digital signature according to the first verification result in the first authentication result information. The identity authentication result of the authentication access controller; when the requesting device determines that the identity authentication result of the authentication access controller is legal, it sends a fourth authentication response message to the authentication access controller; or,所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证，若验证通过，则所述请求设备向所述鉴别接入控制器发送第四鉴别响应消息以及根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；或者，The requesting device verifies the first digital signature by using the public key of the second authentication server, and if the verification is passed, the requesting device sends a fourth authentication response message to the authentication access controller and sends a fourth authentication response message to the authentication access controller. The first verification result in the first authentication result information determines the identity authentication result of the authentication access controller; or,所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证；若所述第一数字签名验证通过，则所述请求设备根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；所述请求设备向所述鉴别接入控制器发送第四鉴别响应消息；The requesting device verifies the first digital signature by using the public key of the second authentication server; if the verification of the first digital signature passes, the requesting device verifies the first digital signature according to the first authentication result information. A verification result determines the identity authentication result of the authentication access controller; the requesting device sends a fourth authentication response message to the authentication access controller;其中，所述第四鉴别响应消息包括第二密钥密文，所述第二密钥密文是利用所述消息加密密钥对包括所述第二密钥在内的信息加密生成的；Wherein, the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by encrypting information including the second key by using the message encryption key;所述鉴别接入控制器接收到所述第四鉴别响应消息后，利用所述消息加密密钥解密所述第二密钥密文得到第二密钥，利用所述第二密钥对所述第二鉴别结果信息密文进行解密得到第二鉴别结果信息，根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。After receiving the fourth authentication response message, the authentication access controller decrypts the second key ciphertext by using the message encryption key to obtain a second key, and uses the second key to encrypt the second key. The ciphertext of the second authentication result information is decrypted to obtain second authentication result information, and the identity authentication result of the requesting device is determined according to the second verification result in the second authentication result information.2.根据权利要求1所述的方法，其特征在于，在所述鉴别接入控制器接收请求设备发送的身份密文消息之前，所述方法还包括：2. The method according to claim 1, wherein before the authentication access controller receives the identity ciphertext message sent by the requesting device, the method further comprises:所述鉴别接入控制器向所述请求设备发送密钥请求消息，所述密钥请求消息中包括所述鉴别接入控制器的密钥交换参数；The authentication access controller sends a key request message to the requesting device, where the key request message includes key exchange parameters of the authentication access controller;所述请求设备根据包括所述请求设备的密钥交换参数对应的临时私钥和所述鉴别接入控制器的密钥交换参数所包括的临时公钥进行密钥交换计算生成第一密钥，根据包括所述第一密钥在内的信息利用密钥导出算法计算所述消息加密密钥；The requesting device performs key exchange calculation according to the temporary private key corresponding to the key exchange parameter of the requesting device and the temporary public key included in the key exchange parameter of the authentication access controller to generate the first key, Calculate the message encryption key using a key derivation algorithm according to the information including the first key;则所述身份密文消息中还包括所述请求设备的密钥交换参数；Then the identity ciphertext message also includes the key exchange parameter of the requesting device;所述鉴别接入控制器根据包括所述鉴别接入控制器的密钥交换参数对应的临时私钥和所述请求设备的密钥交换参数所包括的临时公钥进行密钥交换计算生成所述第一密钥，根据包括所述第一密钥在内的信息利用所述密钥导出算法计算所述消息加密密钥。The authentication access controller performs key exchange calculation according to the temporary private key corresponding to the key exchange parameter of the authentication access controller and the temporary public key included in the key exchange parameter of the requesting device to generate the said authentication access controller. a first key, and the message encryption key is calculated using the key derivation algorithm according to the information including the first key.3.根据权利要求2所述的方法，其特征在于，所述密钥请求消息中还包括所述鉴别接入控制器生成的第一随机数；3. The method according to claim 2, wherein the key request message further comprises a first random number generated by the authentication access controller;则所述请求设备计算所述消息加密密钥具体包括：Then the requesting device to calculate the message encryption key specifically includes:所述请求设备根据包括所述第一密钥、所述第一随机数和所述请求设备生成的第二随机数在内的信息计算所述消息加密密钥；The requesting device calculates the message encryption key according to information including the first key, the first random number, and the second random number generated by the requesting device;对应的，所述身份密文消息中还包括所述第二随机数；Correspondingly, the identity ciphertext message also includes the second random number;则所述鉴别接入控制器计算所述消息加密密钥具体包括：Then, calculating the message encryption key by the authentication access controller specifically includes:所述鉴别接入控制器根据包括所述第一密钥、所述第一随机数和所述第二随机数在内的信息计算所述消息加密密钥。The authenticated access controller calculates the message encryption key based on information including the first key, the first random number, and the second random number.4.根据权利要求3所述的方法，其特征在于，所述身份密文消息中还包括所述第一随机数；则在所述鉴别接入控制器计算所述消息加密密钥之前，所述方法还包括：4. The method according to claim 3, wherein the identity ciphertext message further includes the first random number; then before the authentication access controller calculates the message encryption key, the The method also includes:所述鉴别接入控制器对所述身份密文消息中的第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证；若验证通过，则所述鉴别接入控制器再计算所述消息加密密钥。The authentication access controller verifies the consistency between the first random number in the identity ciphertext message and the first random number generated by the authentication access controller; if the verification is passed, the authentication access controller The controller recalculates the message encryption key.5.根据权利要求2所述的方法，其特征在于，所述密钥请求消息中还包括所述鉴别接入控制器支持的安全能力参数信息；所述方法还包括：5. The method according to claim 2, wherein the key request message further comprises security capability parameter information supported by the authentication access controller; the method further comprises:所述请求设备根据所述安全能力参数信息确定所述请求设备使用的特定安全策略；则所述身份密文消息中还包括所述特定安全策略。The requesting device determines the specific security policy used by the requesting device according to the security capability parameter information; then the identity ciphertext message also includes the specific security policy.6.根据权利要求2所述的方法，其特征在于，所述密钥请求消息中还包括所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识；则所述方法还包括：6. The method according to claim 2, wherein the key request message further includes the identity of at least one authentication server trusted by the authentication access controller; then the method further comprises:所述请求设备根据所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识，确定所述请求设备信任的至少一个鉴别服务器的身份标识；则所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识；则所述方法还包括：The requesting device determines the identity of the at least one authentication server trusted by the requesting device according to the identity of the at least one authentication server trusted by the authentication access controller; then the identity ciphertext message also includes the request the identity of at least one authentication server trusted by the device; then the method further includes:所述鉴别接入控制器根据所述身份密文消息中所述请求设备信任的至少一个鉴别服务器的身份标识和所述密钥请求消息中所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识，确定所述第一鉴别服务器。The authentication access controller is based on the identity of the at least one authentication server trusted by the requesting device in the identity ciphertext message and the identity of the at least one authentication server trusted by the authentication access controller in the key request message. The identity identifier is used to determine the first authentication server.7.根据权利要求1所述的方法，其特征在于，所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识；则所述方法还包括：7. The method according to claim 1, wherein the identity ciphertext message further includes an identity identifier of at least one authentication server trusted by the requesting device; then the method further comprises:所述鉴别接入控制器根据所述请求设备信任的至少一个鉴别服务器的身份标识和所述鉴别接入控制器信任的鉴别服务器的身份标识，确定所述第一鉴别服务器。The authentication access controller determines the first authentication server according to the identity of at least one authentication server trusted by the requesting device and the identity of the authentication server trusted by the authentication access controller.8.根据权利要求1所述的方法，其特征在于，所述第一鉴别请求消息中还包括所述鉴别接入控制器的身份标识和/或所述鉴别接入控制器生成的第一随机数；8 . The method according to claim 1 , wherein the first authentication request message further includes the identity of the authentication access controller and/or the first random generated by the authentication access controller. 9 . number;对应的，所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识和/或所述第一随机数；Correspondingly, the first authentication response message further includes the identity identifier of the authentication access controller and/or the first random number;则在所述鉴别接入控制器向所述请求设备发送第三鉴别响应消息之前，所述方法还包括：Then, before the authentication access controller sends a third authentication response message to the requesting device, the method further includes:所述鉴别接入控制器对所述第一鉴别响应消息中的所述鉴别接入控制器的身份标识和所述鉴别接入控制器自身的身份标识的一致性进行验证，和/或，对所述第一鉴别响应消息中的所述第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证；若验证通过，则所述鉴别接入控制器再执行相关操作。The authentication access controller verifies the consistency of the identity identifier of the authentication access controller in the first authentication response message and the identity identifier of the authentication access controller itself, and/or, verifies the identity of the authentication access controller. The consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller is verified; if the verification is passed, the authentication access controller executes the relevant operate.9.根据权利要求1所述的方法，其特征在于，所述请求设备的身份信息还包括所述请求设备的身份标识；所述第一身份密钥还包括第三密钥；9. The method according to claim 1, wherein the identity information of the requesting device further comprises an identity identifier of the requesting device; the first identity key further comprises a third key;则所述第一鉴别响应消息中还包括所述请求设备的身份标识密文，所述请求设备的身份标识密文是利用所述第三密钥对包括所述请求设备的身份标识在内的信息加密生成的；Then the first authentication response message also includes the identity ciphertext of the requesting device, and the ciphertext of the identity of the requesting device is obtained by using the third key pair including the identity of the requesting device. information generated by encryption;则所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述请求设备的身份标识密文；Then the encrypted data of the identity authentication result information ciphertext in the third authentication response message also includes the identity ciphertext of the requesting device;则在所述请求设备确定所述鉴别接入控制器的身份鉴别结果之前，所述方法还包括：Then, before the requesting device determines the identity authentication result of the authentication access controller, the method further includes:所述请求设备利用消息加密密钥解密所述身份鉴别结果信息密文还得到所述请求设备的身份标识密文，并根据所述请求设备自身的身份标识和所述第三密钥对所述请求设备的身份标识密文进行验证；若验证通过，则所述请求设备再执行相关操作。The requesting device decrypts the ciphertext of the identity authentication result information by using the message encryption key, and obtains the ciphertext of the identity identification of the requesting device. The ciphertext of the identity identification of the requesting device is verified; if the verification is passed, the requesting device performs related operations again.10.根据权利要求1所述的方法，其特征在于，所述身份密文消息中还包括所述请求设备生成的第二随机数，则所述第一鉴别请求消息中还包括所述第二随机数，所述第一鉴别响应消息中还包括所述第二随机数；10 . The method according to claim 1 , wherein the identity ciphertext message further includes a second random number generated by the requesting device, and the first authentication request message further includes the second random number. 11 . a random number, the first authentication response message further includes the second random number;则所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第二随机数；Then the encrypted data of the identity authentication result information ciphertext in the third authentication response message also includes the second random number;则在所述请求设备确定所述鉴别接入控制器的身份鉴别结果之前，所述方法还包括：Then, before the requesting device determines the identity authentication result of the authentication access controller, the method further includes:所述请求设备利用消息加密密钥解密所述身份鉴别结果信息密文还得到所述第二随机数，并验证其与所述请求设备生成的第二随机数的一致性；若验证通过，则所述请求设备再执行相关操作。The requesting device decrypts the ciphertext of the identity authentication result information by using the message encryption key to obtain the second random number, and verifies its consistency with the second random number generated by the requesting device; if the verification is passed, then The requesting device then performs related operations.11.根据权利要求2所述的方法，其特征在于，所述第三鉴别响应消息中还包括第一消息完整性校验码，所述第一消息完整性校验码是所述鉴别接入控制器利用消息完整性校验密钥对包括所述第三鉴别响应消息中除所述第一消息完整性校验码外的其他字段计算生成的；所述鉴别接入控制器的消息完整性校验密钥与所述鉴别接入控制器的消息加密密钥的生成方式相同；11. The method according to claim 2, wherein the third authentication response message further includes a first message integrity check code, and the first message integrity check code is the authentication access code The controller uses the message integrity check key to calculate and generate other fields including the third authentication response message except the first message integrity check code; the message integrity of the authentication access controller The generation method of the verification key is the same as that of the message encryption key of the authentication access controller;则在所述请求设备确定所述鉴别接入控制器的身份鉴别结果之前，所述方法还包括：Then, before the requesting device determines the identity authentication result of the authentication access controller, the method further includes:所述请求设备利用消息完整性校验密钥对所述第一消息完整性校验码进行验证；若验证通过，则所述请求设备再执行相关操作；所述请求设备的消息完整性校验密钥与所述请求设备的消息加密密钥的生成方式相同。The requesting device verifies the first message integrity check code by using the message integrity check key; if the verification is passed, the requesting device performs related operations again; the message integrity check of the requesting device The key is generated in the same manner as the requesting device's message encryption key.12.根据权利要求2所述的方法，其特征在于，所述请求设备发送的所述第四鉴别响应消息中还包括第二消息完整性校验码，所述第二消息完整性校验码是所述请求设备利用消息完整性校验密钥对包括所述第四鉴别响应消息中除所述第二消息完整性校验码外的其他字段计算生成的；所述请求设备的消息完整性校验密钥与所述请求设备的消息加密密钥的生成方式相同；12. The method according to claim 2, wherein the fourth authentication response message sent by the requesting device further comprises a second message integrity check code, the second message integrity check code is calculated and generated by the requesting device using the message integrity check key to include other fields in the fourth authentication response message except the second message integrity check code; the message integrity of the requesting device The verification key is generated in the same manner as the message encryption key of the requesting device;相应的，在所述鉴别接入控制器确定所述请求设备的身份鉴别结果之前，所述方法还包括：Correspondingly, before the authentication access controller determines the identity authentication result of the requesting device, the method further includes:所述鉴别接入控制器利用消息完整性校验密钥验证所述第二消息完整性校验码；若验证通过，则所述鉴别接入控制器再执行相关操作；所述鉴别接入控制器的消息完整性校验密钥与所述鉴别接入控制器的消息加密密钥的生成方式相同。The authentication access controller verifies the second message integrity check code by using the message integrity check key; if the verification is passed, the authentication access controller performs related operations again; the authentication access control The message integrity check key of the authentication access controller is generated in the same manner as the message encryption key of the authentication access controller.13.根据权利要求1所述的方法，其特征在于，所述第一鉴别请求消息中还包括第二身份信息密文，所述第二身份信息密文是所述鉴别接入控制器利用加密证书的公钥对包括所述鉴别接入控制器的身份标识和所述鉴别接入控制器的第二身份密钥在内的信息加密生成的，所述第二身份密钥包括第四密钥和第五密钥；13. The method according to claim 1, wherein the first authentication request message further comprises a second identity information ciphertext, the second identity information ciphertext is the authentication access controller using encryption The public key of the certificate is generated by encrypting the information including the identity of the authentication access controller and the second identity key of the authentication access controller, where the second identity key includes a fourth key and the fifth key;相应的，所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识密文，所述鉴别接入控制器的身份标识密文是利用所述第五密钥对包括所述鉴别接入控制器的身份标识在内的信息加密生成的；所述第一鉴别结果信息是利用所述第四密钥对包括所述鉴别接入控制器的第一验证结果在内的信息加密生成的；则所述方法还包括：Correspondingly, the first authentication response message also includes the identity ciphertext of the authentication access controller, and the identity ciphertext of the authentication access controller uses the fifth key pair to include the The information including the identity identifier of the authentication access controller is encrypted and generated; the first authentication result information is encrypted by using the fourth key to encrypt the information including the first verification result of the authentication access controller generated; then the method further includes:所述鉴别接入控制器根据自身的身份标识和所述第五密钥对所述鉴别接入控制器的身份标识密文进行验证，若验证通过，则再向所述请求设备发送第三鉴别响应消息；The authentication access controller verifies the ciphertext of the identity identification of the authentication access controller according to its own identity and the fifth key, and if the verification passes, then sends a third authentication to the requesting device. response message;则所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第四密钥；Then the encrypted data of the identity authentication result information ciphertext in the third authentication response message also includes the fourth key;则所述请求设备利用所述消息加密密钥解密所述身份鉴别结果信息密文还得到所述第四密钥，并利用所述第四密钥解密所述第一鉴别结果信息得到所述第一验证结果。Then the requesting device uses the message encryption key to decrypt the ciphertext of the identity authentication result information to obtain the fourth key, and uses the fourth key to decrypt the first authentication result information to obtain the fourth key. A verification result.14.根据权利要求1所述的方法，其特征在于，当所述身份密文消息中还包括所述请求设备的数字签名时，在所述鉴别接入控制器确定所述请求设备的身份鉴别结果之前，所述方法还包括：14. The method according to claim 1, wherein when the identity ciphertext message further includes the digital signature of the requesting device, the authentication access controller determines the identity authentication of the requesting device at the authentication access controller. Before the result, the method further includes:所述鉴别接入控制器确定所述请求设备的数字签名是否验证通过，若确定所述请求设备的数字签名验证通过，则再根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。The authentication access controller determines whether the digital signature of the requesting device has passed the verification, and if it is determined that the digital signature of the requesting device has passed the verification, then determines the verification according to the second verification result in the second authentication result information. The authentication result of the requesting device.15.根据权利要求14所述的方法，其特征在于，所述鉴别接入控制器确定所述请求设备的数字签名是否验证通过具体包括：15. The method according to claim 14, wherein the determining, by the authentication access controller, whether the digital signature of the requesting device passes the verification specifically comprises:所述第二鉴别服务器利用所述请求设备的数字证书对所述请求设备的数字签名进行验证，若所述鉴别接入控制器接收到所述第一鉴别响应消息，则所述鉴别接入控制器确定所述请求设备的数字签名已验证通过；或者，The second authentication server verifies the digital signature of the requesting device by using the digital certificate of the requesting device, and if the authentication access controller receives the first authentication response message, the authentication access control The controller determines that the digital signature of the requesting device has been verified; or,当所述第二鉴别结果信息中还包括所述请求设备的数字证书时，所述鉴别接入控制器利用所述请求设备的数字证书对所述请求设备的数字签名进行验证，根据验证结果确定所述请求设备的数字签名是否验证通过。When the second authentication result information further includes the digital certificate of the requesting device, the authentication access controller verifies the digital signature of the requesting device by using the digital certificate of the requesting device, and determines according to the verification result Whether the digital signature of the requesting device is verified.16.根据权利要求1至15任一项所述的方法，其特征在于，所述鉴别接入控制器信任的第一鉴别服务器和所述请求设备信任的第二鉴别服务器是同一个鉴别服务器，则所述方法还包括：16. The method according to any one of claims 1 to 15, wherein the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, Then the method further includes:所述第一鉴别服务器对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果，利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥，对所述请求设备的数字证书进行合法性验证得到第二验证结果，根据包括所述第一验证结果在内的信息生成第一鉴别结果信息，根据包括所述第二验证结果在内的信息生成第二鉴别结果信息，利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文，对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名，对包括所述第二鉴别结果信息密文在内的信息计算生成所述第一消息鉴别码，根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The first authentication server verifies the identity authentication code of the authentication access controller to obtain a first verification result, and decrypts the ciphertext of the first identity information by using the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the second key, perform legality verification on the digital certificate of the requesting device to obtain a second verification result, generate first authentication result information according to the information including the first verification result, and generate the first authentication result information according to the information including the first verification result. The information including the second authentication result is used to generate the second authentication result information, and the information including the second authentication result information is encrypted by using the second key to generate the ciphertext of the second authentication result information. The signature data including the information is calculated to generate a first digital signature, and the information including the ciphertext of the second authentication result information is calculated to generate the first message authentication code. Information including the first digital signature, the ciphertext of the second authentication result information, and the first message authentication code generates the first authentication response message.17.根据权利要求1至15任一项所述的方法，其特征在于，所述鉴别接入控制器信任的第一鉴别服务器和所述请求设备信任的第二鉴别服务器是两个不同的鉴别服务器；则所述方法还包括：17. The method according to any one of claims 1 to 15, wherein the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers server; then the method further includes:所述第一鉴别服务器对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果，根据包括所述第一验证结果在内的信息生成所述第一鉴别结果信息，对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成第二数字签名或对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成第二消息鉴别码；The first authentication server verifies the identity authentication code of the authentication access controller to obtain a first authentication result, generates the first authentication result information according to the information including the first authentication result, and verifies the information including the first authentication result. The signature data including the first authentication result information and the ciphertext of the first identity information is calculated to generate a second digital signature or the information including the first authentication result information and the ciphertext of the first identity information is calculated. generating a second message authentication code;所述第一鉴别服务器向第二鉴别服务器发送第二鉴别请求消息，所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二数字签名或所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二消息鉴别码；由所述第二鉴别服务器利用所述第一鉴别服务器的公钥验证所述第二数字签名或由所述第二鉴别服务器利用与所述第一鉴别服务器的预共享密钥验证所述第二消息鉴别码，若验证通过，则由所述第二鉴别服务器利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥，对所述请求设备的数字证书进行合法性验证得到第二验证结果，根据包括所述第二验证结果在内的信息生成第二鉴别结果信息，利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文，对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名，对包括所述第二鉴别结果信息密文在内的签名数据计算生成第三数字签名或对包括所述第二鉴别结果信息密文在内的信息计算生成第三消息鉴别码；The first authentication server sends a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second digital signature Or the second authentication request message includes the first authentication result information, the first identity information ciphertext and the second message authentication code; the second authentication server uses the first authentication server's The public key verifies the second digital signature or the second authentication server uses the pre-shared key with the first authentication server to verify the second message authentication code, if the verification is passed, the second authentication The server decrypts the ciphertext of the first identity information by using the private key corresponding to the encrypted certificate to obtain the digital certificate of the requesting device and the second key, and verifies the validity of the digital certificate of the requesting device to obtain the second verification result , generate the second authentication result information according to the information including the second authentication result, use the second key to encrypt the information including the second authentication result information to generate the second authentication result information ciphertext, The signature data including the first authentication result information is calculated to generate a first digital signature, and the signature data including the ciphertext of the second authentication result information is calculated to generate a third digital signature, or a third digital signature is generated by calculating the signature data including the second authentication result information. Information calculation including information ciphertext generates a third message authentication code;所述第一鉴别服务器接收所述第二鉴别服务器发送的第二鉴别响应消息，所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三消息鉴别码；The first authentication server receives a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication The result information ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the second authentication result information ciphertext and the third authentication result information. message authentication code;所述第一鉴别服务器利用所述第二鉴别服务器的公钥验证所述第三数字签名或所述第一鉴别服务器利用与所述第二鉴别服务器的预共享密钥验证所述第三消息鉴别码，若验证通过，则所述第一鉴别服务器对包括所述第二鉴别结果信息密文在内的信息计算生成所述第一鉴别服务器的第一消息鉴别码，根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The first authentication server verifies the third digital signature using the public key of the second authentication server or the first authentication server verifies the third message authentication using a pre-shared key with the second authentication server If the verification is passed, the first authentication server calculates the information including the ciphertext of the second authentication result information to generate the first message authentication code of the first authentication server. The information including the result information, the first digital signature, the ciphertext of the second authentication result information and the first message authentication code of the first authentication server generates the first authentication response message.18.根据权利要求1至15任一项所述的方法，其特征在于，所述请求设备向所述鉴别接入控制器发送的消息还包括所述请求设备对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值；The method according to any one of claims 1 to 15, wherein the message sent by the requesting device to the authentication access controller further comprises the requesting device receiving the authentication access The hash value calculated by the latest pre-order message sent by the controller;则所述鉴别接入控制器收到所述请求设备发送的消息时，先对接收到的消息中的杂凑值进行验证，验证通过后再执行后续操作；Then, when the authentication access controller receives the message sent by the requesting device, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is passed;所述鉴别接入控制器向所述请求设备发送的消息还包括所述鉴别接入控制器对接收到的所述请求设备发送的最新前序消息计算的杂凑值；The message sent by the authentication access controller to the requesting device further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the requesting device;则所述请求设备收到所述鉴别接入控制器发送的消息时，先对接收到的消息中的杂凑值进行验证，验证通过后再执行后续操作；Then, when the requesting device receives the message sent by the authentication access controller, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is passed;所述鉴别接入控制器向所述第一鉴别服务器发送的消息还包括所述鉴别接入控制器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值；The message sent by the authentication access controller to the first authentication server further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the first authentication server;则所述第一鉴别服务器收到所述鉴别接入控制器发送的消息时，先对接收到的消息中的杂凑值进行验证，验证通过后再执行后续操作；Then, when the first authentication server receives the message sent by the authentication access controller, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is passed;所述第一鉴别服务器向所述鉴别接入控制器发送的消息还包括所述第一鉴别服务器对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值；The message sent by the first authentication server to the authentication access controller further includes a hash value calculated by the first authentication server on the received latest pre-order message sent by the authentication access controller;则所述鉴别接入控制器收到所述第一鉴别服务器器发送的消息时，先对接收到的消息中的杂凑值进行验证，验证通过后再执行后续操作；Then, when the authentication access controller receives the message sent by the first authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is passed;所述第一鉴别服务器向所述第二鉴别服务器发送的消息还包括所述第一鉴别服务器对接收到的所述第二鉴别服务器发送的最新前序消息计算的杂凑值；The message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server on the received latest pre-order message sent by the second authentication server;则所述第二鉴别服务器收到所述第一鉴别服务器发送的消息时，先对接收到的消息中的杂凑值进行验证，验证通过后再执行后续操作；Then, when the second authentication server receives the message sent by the first authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is passed;所述第二鉴别服务器向所述第一鉴别服务器发送的消息还包括所述第二鉴别服务器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值；The message sent by the second authentication server to the first authentication server further includes a hash value calculated by the second authentication server on the received latest pre-order message sent by the first authentication server;则所述第一鉴别服务器收到所述第二鉴别服务器发送的消息时，先对接收到的消息中的杂凑值进行验证，验证通过后再执行后续操作。Then, when the first authentication server receives the message sent by the second authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is passed.19.一种请求设备，其特征在于，所述请求设备包括：19. A requesting device, wherein the requesting device comprises:加密模块，用于利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成第一身份信息密文，所述请求设备的身份信息包括所述请求设备的数字证书，所述第一身份密钥包括第二密钥；An encryption module, configured to encrypt the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate to generate a ciphertext of the first identity information, the identity of the requesting device the information includes a digital certificate for the requesting device, and the first identity key includes a second key;发送模块，用于向鉴别接入控制器发送身份密文消息，所述身份密文消息包括所述第一身份信息密文；a sending module, configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the first identity information ciphertext;接收模块，用于接收所述鉴别接入控制器发送的第三鉴别响应消息，所述第三鉴别响应消息中包括身份鉴别结果信息密文，所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和第一数字签名在内的加密数据加密生成的；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述请求设备信任的第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名；The receiving module is configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication access controller. The incoming controller encrypts the encrypted data including the first authentication result information and the first digital signature by using the message encryption key; the first authentication result information includes the first verification of the authentication access controller. As a result, the first digital signature is a digital signature calculated and generated by the second authentication server trusted by the requesting device on the signature data including the first authentication result information;解密模块，用于利用所述消息加密密钥解密所述身份鉴别结果信息密文得到所述第一鉴别结果信息和所述第一数字签名；A decryption module for decrypting the ciphertext of the identity authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature;验证模块，用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证，若验证通过，则确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；当所述确定模块确定所述鉴别接入控制器的身份鉴别结果为合法时，所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息；或者，A verification module, configured to use the public key of the second authentication server to verify the first digital signature, and if the verification is passed, the determination module determines the authentication according to the first verification result in the first authentication result information The identity authentication result of the access controller; when the determining module determines that the identity authentication result of the authentication access controller is valid, the sending module sends a fourth authentication response message to the authentication access controller; or ,用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证，若验证通过，则所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息以及确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；或者，For using the public key of the second authentication server to verify the first digital signature, if the verification is passed, the sending module sends a fourth authentication response message to the authentication access controller and the determination module is based on the The first verification result in the first authentication result information determines the identity authentication result of the authentication access controller; or,用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证；若所述第一数字签名验证通过，则确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果；所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息；for verifying the first digital signature by using the public key of the second authentication server; if the first digital signature is verified, the determination module determines according to the first verification result in the first authentication result information the identity authentication result of the authentication access controller; the sending module sends a fourth authentication response message to the authentication access controller;其中，所述第四鉴别响应消息包括第二密钥密文，所述第二密钥密文是所述加密模块利用消息加密密钥对包括所述第二密钥在内的信息加密生成的。Wherein, the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by the encryption module using a message encryption key to encrypt information including the second key .20.根据权利要求19所述的请求设备，其特征在于，所述接收模块还用于：在所述发送模块发送身份密文消息之前，接收所述鉴别接入控制器发送的密钥请求消息，所述密钥请求消息中包括所述鉴别接入控制器的密钥交换参数；所述请求设备还包括：20. The requesting device according to claim 19, wherein the receiving module is further configured to: receive a key request message sent by the authentication access controller before the sending module sends the identity ciphertext message , the key request message includes the key exchange parameters of the authentication access controller; the requesting device further includes:计算模块，用于根据包括所述请求设备的密钥交换参数对应的临时私钥和所述鉴别接入控制器的密钥交换参数所包括的临时公钥进行密钥交换计算生成第一密钥，根据包括所述第一密钥在内的信息利用密钥导出算法计算所述消息加密密钥；A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the requesting device and the temporary public key included in the key exchange parameter of the authentication access controller , calculate the message encryption key by using a key derivation algorithm according to the information including the first key;则所述身份密文消息中还包括所述请求设备的密钥交换参数。Then, the identity ciphertext message also includes the key exchange parameter of the requesting device.21.根据权利要求20所述的请求设备，其特征在于，所述密钥请求消息中还包括所述鉴别接入控制器生成的第一随机数；则所述计算模块具体用于：根据包括所述第一密钥、所述第一随机数和所述请求设备生成的第二随机数在内的信息计算所述消息加密密钥；21. The requesting device according to claim 20, wherein the key request message further includes a first random number generated by the authentication access controller; then the calculation module is specifically configured to: Calculate the message encryption key with information including the first key, the first random number, and the second random number generated by the requesting device;对应的，所述身份密文消息中还包括所述第二随机数。Correspondingly, the identity ciphertext message further includes the second random number.22.根据权利要求20所述的请求设备，其特征在于，所述密钥请求消息中还包括所述鉴别接入控制器支持的安全能力参数信息；所述确定模块还用于：根据所述安全能力参数信息确定所述请求设备使用的特定安全策略；则所述身份密文消息中还包括所述特定安全策略。22. The requesting device according to claim 20, wherein the key request message further comprises security capability parameter information supported by the authentication access controller; the determining module is further configured to: according to the The security capability parameter information determines the specific security policy used by the requesting device; then the identity ciphertext message also includes the specific security policy.23.根据权利要求20所述的请求设备，其特征在于，所述密钥请求消息中还包括所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识；则所述确定模块还用于：根据所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识，确定所述请求设备信任的至少一个鉴别服务器的身份标识；则所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识。23. The requesting device according to claim 20, wherein the key request message further includes the identity of at least one authentication server trusted by the authentication access controller; then the determining module is further configured to : determine the identity of at least one authentication server trusted by the requesting device according to the identity of at least one authentication server trusted by the authentication access controller; then the identity ciphertext message also includes the identity of the requesting device trusted The identity of at least one authentication server.24.根据权利要求19所述的请求设备，其特征在于，所述发送模块发送的身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识。24 . The requesting device according to claim 19 , wherein the identity ciphertext message sent by the sending module further includes an identity identifier of at least one authentication server trusted by the requesting device. 25 .25.根据权利要求19所述的请求设备，其特征在于，所述请求设备的身份信息还包括所述请求设备的身份标识；所述第一身份密钥还包括第三密钥；则所述第一鉴别响应消息中还包括所述请求设备的身份标识密文；所述请求设备的身份标识密文是利用所述第三密钥对包括所述请求设备的身份标识在内的信息加密生成的；25. The requesting device according to claim 19, wherein the identity information of the requesting device further comprises the identity of the requesting device; the first identity key further comprises a third key; then the The first authentication response message also includes the identity ciphertext of the requesting device; the identity ciphertext of the requesting device is generated by encrypting the information including the identity of the requesting device using the third key of;所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述请求设备的身份标识密文；所述解密模块解密所述身份鉴别结果信息密文还得到所述请求设备的身份标识密文；The encrypted data of the ciphertext of the identity authentication result information in the third authentication response message also includes the ciphertext of the identity identification of the requesting device; the decryption module decrypts the ciphertext of the identity authentication result information and obtains the ciphertext of the requesting device. ID ciphertext;则在所述确定模块确定所述鉴别接入控制器的身份鉴别结果之前，所述验证模块还用于：根据所述请求设备自身的身份标识和所述第三密钥对所述请求设备的身份标识密文进行验证。Then, before the determination module determines the identity authentication result of the authentication access controller, the verification module is further configured to: verify the identity of the requesting device according to the identity of the requesting device and the third key. Identity ciphertext for verification.26.根据权利要求20所述的请求设备，其特征在于，所述接收模块接收的第三鉴别响应消息中还包括第一消息完整性校验码；26. The requesting device according to claim 20, wherein the third authentication response message received by the receiving module further comprises a first message integrity check code;则在所述确定模块确定所述鉴别接入控制器的身份鉴别结果之前，所述验证模块还用于：利用消息完整性校验密钥对所述第一消息完整性校验码进行验证；其中，所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Then, before the determination module determines the identity authentication result of the authentication access controller, the verification module is further configured to: verify the first message integrity check code with a message integrity check key; Wherein, the message integrity check key and the message encryption key are generated in the same manner.27.根据权利要求20所述的请求设备，其特征在于，所述发送模块发送的第四鉴别响应消息中还包括第二消息完整性校验码，所述第二消息完整性校验码是所述请求设备利用消息完整性校验密钥对包括所述第四鉴别响应消息中除所述第二消息完整性校验码外的其他字段计算生成的；其中，所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。27. The requesting device according to claim 20, wherein the fourth authentication response message sent by the sending module further includes a second message integrity check code, and the second message integrity check code is The requesting device uses a message integrity check key to calculate and generate other fields including the fourth authentication response message except the second message integrity check code; wherein the message integrity check The key is generated in the same way as the message encryption key.28.根据权利要求19所述的请求设备，其特征在于，所述第一鉴别结果信息是利用所述第四密钥对包括所述鉴别接入控制器的第一验证结果在内的信息加密生成的；所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第四密钥；28. The requesting device according to claim 19, wherein the first authentication result information is to encrypt information including the first authentication result of the authentication access controller using the fourth key generated; the encrypted data of the identity authentication result information ciphertext in the third authentication response message also includes the fourth key;则所述解密模块解密所述身份鉴别结果信息密文还得到所述第四密钥，所述解密模块还用于：利用所述第四密钥解密所述第一鉴别结果信息得到第一验证结果。Then the decryption module decrypts the ciphertext of the identity authentication result information to obtain the fourth key, and the decryption module is also used for: decrypting the first authentication result information by using the fourth key to obtain the first verification result.29.根据权利要求19至28任一项所述的请求设备，其特征在于，所述请求设备向所述鉴别接入控制器发送的消息还包括所述请求设备对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值。29. The requesting device according to any one of claims 19 to 28, wherein the message sent by the requesting device to the authentication access controller further comprises that the requesting device responds to the received authentication access controller. The hash value calculated by the latest preorder message sent by the incoming controller.30.一种鉴别接入控制器，其特征在于，所述鉴别接入控制器包括：30. An authentication access controller, wherein the authentication access controller comprises:接收模块，用于接收请求设备发送的身份密文消息，所述身份密文消息包括第一身份信息密文；所述第一身份信息密文是所述请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的；所述请求设备的身份信息包括所述请求设备的数字证书；所述第一身份密钥包括第二密钥；A receiving module, configured to receive an identity ciphertext message sent by a requesting device, where the identity ciphertext message includes a first identity information ciphertext; the first identity information ciphertext is a public key pair that the requesting device utilizes an encryption certificate to include: The identity information of the requesting device and the information including the first identity key of the requesting device are encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key includes the second key;发送模块，用于向所述鉴别接入控制器信任的第一鉴别服务器发送第一鉴别请求消息，所述第一鉴别请求消息中包括所述第一身份信息密文和所述鉴别接入控制器的身份鉴别码；所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的；A sending module, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the authentication access control The identity authentication code of the authentication access controller; the authentication access controller's identity authentication code is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the password agreed with the first authentication server. The algorithm calculates and generates the information including the ciphertext of the first identity information;所述接收模块还用于接收所述第一鉴别服务器发送的第一鉴别响应消息，所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名，所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的，所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果，所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥，采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的；The receiving module is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first number of the second authentication server trusted by the requesting device signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first authentication result information The digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair including the second authentication result information. The information including the authentication result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first message authentication code of the first authentication server. An authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;验证模块，用于利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法验证所述第一鉴别服务器的第一消息鉴别码；a verification module, configured to use the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting a cryptographic algorithm agreed with the first authentication server;所述发送模块，还用于若验证通过，向所述请求设备发送第三鉴别响应消息，所述第三鉴别响应消息中包括身份鉴别结果信息密文，所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和所述第一数字签名在内的加密数据加密生成的；The sending module is further configured to send a third authentication response message to the requesting device if the verification is passed, where the third authentication response message includes the ciphertext of the identity authentication result information, and the ciphertext of the identity authentication result information is the The authentication access controller uses a message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature;所述接收模块，还用于接收所述请求设备发送的第四鉴别响应消息，所述第四鉴别响应消息包括第二密钥密文，所述第二密钥密文是利用所述消息加密密钥对包括所述第二密钥在内的信息加密生成的；The receiving module is further configured to receive a fourth authentication response message sent by the requesting device, where the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is encrypted by using the message The key is generated by encrypting the information including the second key;解密模块，用于利用所述消息加密密钥解密所述第二密钥密文得到第二密钥，利用所述第二密钥对所述第二鉴别结果信息密文进行解密得到第二鉴别结果信息；A decryption module, configured to decrypt the second key ciphertext by using the message encryption key to obtain a second key, and use the second key to decrypt the second authentication result information ciphertext to obtain a second authentication result information;确定模块，用于根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。A determination module, configured to determine the identity authentication result of the requesting device according to the second verification result in the second authentication result information.31.根据权利要求30所述的鉴别接入控制器，其特征在于，所述发送模块还用于：在接收所述身份密文消息之前，向所述请求设备发送密钥请求消息，所述密钥请求消息中包括所述鉴别接入控制器的密钥交换参数；则所述身份密文消息中还包括所述请求设备的密钥交换参数；所述鉴别接入控制器还包括：31. The authentication access controller according to claim 30, wherein the sending module is further configured to: before receiving the identity ciphertext message, send a key request message to the requesting device, the The key request message includes the key exchange parameters of the authentication access controller; the identity ciphertext message also includes the key exchange parameters of the requesting device; the authentication access controller further includes:计算模块，用于根据包括所述鉴别接入控制器的密钥交换参数对应的临时私钥和所述请求设备的密钥交换参数所包括的临时公钥进行密钥交换计算生成第一密钥，根据包括所述第一密钥在内的信息利用密钥导出算法计算所述消息加密密钥。A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the authentication access controller and the temporary public key included in the key exchange parameter of the requesting device , and calculate the message encryption key by using a key derivation algorithm according to the information including the first key.32.根据权利要求31所述的鉴别接入控制器，其特征在于，所述密钥请求消息中还包括所述鉴别接入控制器生成的第一随机数；对应的，所述身份密文消息中还包括所述请求设备生成的第二随机数；32. The authentication access controller according to claim 31, wherein the key request message further comprises a first random number generated by the authentication access controller; correspondingly, the identity ciphertext The message also includes a second random number generated by the requesting device;所述计算模块具体用于：根据包括所述第一密钥、所述第一随机数和所述第二随机数在内的信息计算所述消息加密密钥。The calculation module is specifically configured to calculate the message encryption key according to information including the first key, the first random number and the second random number.33.根据权利要求32所述的鉴别接入控制器，所述身份密文消息中还包括所述第一随机数；在所述计算模块计算所述消息加密密钥之前，所述验证模块还用于：对所述身份密文消息中的第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证。33. The authentication access controller according to claim 32, wherein the identity ciphertext message further comprises the first random number; before the calculation module calculates the message encryption key, the verification module further comprises It is used for: verifying the consistency of the first random number in the identity ciphertext message and the first random number generated by the authentication access controller.34.根据权利要求31所述的鉴别接入控制器，其特征在于，所述密钥请求消息中还包括所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识；对应的，所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识；34. The authentication access controller according to claim 31, wherein the key request message further comprises an identity identifier of at least one authentication server trusted by the authentication access controller; correspondingly, the The identity ciphertext message also includes the identity identifier of at least one authentication server trusted by the requesting device;所述确定模块还用于：根据所述身份密文消息中所述请求设备信任的至少一个鉴别服务器的身份标识和所述密钥请求消息中所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识，确定所述第一鉴别服务器。The determining module is further configured to: according to the identity of the at least one authentication server trusted by the requesting device in the identity ciphertext message and the at least one authentication server trusted by the authentication access controller in the key request message The identity identifier is determined to determine the first authentication server.35.根据权利要求30所述的鉴别接入控制器，其特征在于，所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识；35. The authentication access controller according to claim 30, wherein the identity ciphertext message further comprises an identity identifier of at least one authentication server trusted by the requesting device;所述确定模块还用于：根据所述请求设备信任的至少一个鉴别服务器的身份标识和所述鉴别接入控制器信任的鉴别服务器的身份标识，确定所述第一鉴别服务器。The determining module is further configured to: determine the first authentication server according to the identity of at least one authentication server trusted by the requesting device and the identity of the authentication server trusted by the authentication access controller.36.根据权利要求30所述的鉴别接入控制器，其特征在于，所述第一鉴别请求消息中还包括所述鉴别接入控制器的身份标识和/或所述鉴别接入控制器生成的第一随机数；36. The authentication access controller according to claim 30, wherein the first authentication request message further comprises an identity of the authentication access controller and/or the authentication access controller generated The first random number of ;对应的，所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识和/或所述第一随机数；Correspondingly, the first authentication response message further includes the identity identifier of the authentication access controller and/or the first random number;则所述验证模块还用于：在所述发送模块发送第三鉴别响应消息之前，对所述第一鉴别响应消息中的所述鉴别接入控制器的身份标识和所述鉴别接入控制器自身的身份标识的一致性进行验证；和/或，对所述第一鉴别响应消息中的所述第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证。Then the verification module is further configured to: before the sending module sends the third authentication response message, verify the identity of the authentication access controller and the authentication access controller in the first authentication response message. and/or, verifying the consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller.37.根据权利要求30所述的鉴别接入控制器，其特征在于，所述第一鉴别请求消息中还包括第二身份信息密文，所述第二身份信息密文是所述鉴别接入控制器利用加密证书的公钥对包括所述鉴别接入控制器的身份标识和所述鉴别接入控制器的第二身份密钥在内的信息加密生成的，所述第二身份密钥包括第四密钥和第五密钥；37. The authentication access controller according to claim 30, wherein the first authentication request message further comprises a ciphertext of second identity information, and the ciphertext of the second identity information is the ciphertext of the authentication access The controller uses the public key of the encryption certificate to encrypt and generate the information including the identity of the authentication access controller and the second identity key of the authentication access controller, where the second identity key includes the fourth key and the fifth key;相应的，所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识密文；所述第一鉴别结果信息是利用所述第四密钥对包括所述鉴别接入控制器的第一验证结果在内的信息加密生成的；所述鉴别接入控制器的身份标识密文是利用所述第五密钥对包括所述鉴别接入控制器的身份标识在内的信息加密生成的；Correspondingly, the first authentication response message further includes the identity ciphertext of the authentication access controller; the first authentication result information includes the authentication access controller using the fourth key pair. The information including the first verification result of the authentication access controller is encrypted and generated; the ciphertext of the identity identification of the authentication access controller is to use the fifth key to encrypt the information including the identification of the authentication access controller. Generated;所述验证模块还用于：根据所述鉴别接入控制器自身的身份标识和所述第五密钥对所述鉴别接入控制器的身份标识密文进行验证；若验证通过，则所述发送模块再向所述请求设备发送第三鉴别响应消息；其中，所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第四密钥。The verification module is further configured to: verify the ciphertext of the identity identification of the identification access controller according to the identification of the identification access controller itself and the fifth key; if the verification is passed, the The sending module sends a third authentication response message to the requesting device, wherein the encrypted data of the ciphertext of the identity authentication result information in the third authentication response message further includes the fourth key.38.根据权利要求31所述的鉴别接入控制器，其特征在于，所述发送模块发送的第三鉴别响应消息中还包括第一消息完整性校验码，所述第一消息完整性校验码是所述鉴别接入控制器利用消息完整性校验密钥对包括所述第三鉴别响应消息中除所述第一消息完整性校验码外的其他字段计算生成的；其中，所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。38. The authentication access controller according to claim 31, wherein the third authentication response message sent by the sending module further comprises a first message integrity check code, and the first message integrity check The verification code is calculated and generated by the authentication access controller using the message integrity check key to include other fields in the third authentication response message except the first message integrity check code; The message integrity check key is generated in the same manner as the message encryption key.39.根据权利要求31所述的鉴别接入控制器，其特征在于，所述接收模块接收的所述第四鉴别响应消息中还包括第二消息完整性校验码；39. The authentication access controller according to claim 31, wherein the fourth authentication response message received by the receiving module further comprises a second message integrity check code;则在所述确定模块确定所述请求设备的身份鉴别结果之前，所述验证模块还用于利用消息完整性校验密钥验证所述第二消息完整性校验码；其中，所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Then, before the determination module determines the identity authentication result of the requesting device, the verification module is further configured to verify the second message integrity check code by using a message integrity check key; wherein, the message integrity The verification key is generated in the same manner as the message encryption key.40.根据权利要求30所述的鉴别接入控制器，其特征在于，当所述身份密文消息中还包括所述请求设备的数字签名时，所述确定模块还用于：在确定所述请求设备的身份鉴别结果之前，确定所述请求设备的数字签名是否验证通过，若确定所述请求设备的数字签名验证通过，则再根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。40. The authentication access controller according to claim 30, wherein when the identity ciphertext message further includes the digital signature of the requesting device, the determining module is further configured to: after determining the Before requesting the identity authentication result of the device, determine whether the digital signature of the requesting device has passed the verification. The identity authentication result of the requesting device.41.根据权利要求40所述的鉴别接入控制器，其特征在于，所述确定模块通过以下方式确定所述请求设备的数字签名是否验证通过：41. The authentication access controller according to claim 40, wherein the determining module determines whether the digital signature of the requesting device is verified by the following means:所述第二鉴别服务器利用所述请求设备的数字证书对所述请求设备的数字签名进行验证，若所述接收模块接收到所述第一鉴别响应消息，则所述确定模块确定所述请求设备的数字签名已验证通过；或者，The second authentication server verifies the digital signature of the requesting device by using the digital certificate of the requesting device, and if the receiving module receives the first authentication response message, the determining module determines the requesting device 's digital signature has been verified; or,当所述第二鉴别结果信息中还包括所述请求设备的数字证书时，由所述验证模块利用所述请求设备的数字证书对所述请求设备的数字签名进行验证，所述确定模块根据验证结果确定所述请求设备的数字签名是否验证通过。When the second authentication result information also includes the digital certificate of the requesting device, the verification module verifies the digital signature of the requesting device by using the digital certificate of the requesting device, and the determining module verifies the digital signature of the requesting device according to the verification As a result, it is determined whether the digital signature of the requesting device passes the verification.42.根据权利要求30至41任一项所述的鉴别接入控制器，其特征在于，所述鉴别接入控制器向所述请求设备发送的消息还包括所述鉴别接入控制器对接收到的所述请求设备发送的最新前序消息计算的杂凑值；所述鉴别接入控制器向所述第一鉴别服务器发送的消息还包括所述鉴别接入控制器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值。42. The authentication access controller according to any one of claims 30 to 41, wherein the message sent by the authentication access controller to the requesting device further comprises the authentication access controller's response to receiving The hash value calculated by the latest pre-order message sent by the requesting device; the message sent by the authentication access controller to the first authentication server also includes the authentication access controller to the received first authentication server. A hash value computed by the latest preamble message sent by the authentication server.43.一种第一鉴别服务器，其特征在于，所述第一鉴别服务器包括：43. A first authentication server, wherein the first authentication server comprises:接收模块，用于接收鉴别接入控制器发送的第一鉴别请求消息，所述第一鉴别请求消息中包括第一身份信息密文和所述鉴别接入控制器的身份鉴别码，所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的，所述请求设备的身份信息包括所述请求设备的数字证书，所述第一身份密钥包括第二密钥，所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥，采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的；The receiving module is configured to receive the first authentication request message sent by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the identity authentication code of the authentication access controller, the first authentication request message An identity information ciphertext is generated by the requesting device using the public key of the encryption certificate to encrypt the information including the identity information of the requesting device and the first identity key of the requesting device, and the identity information of the requesting device includes The digital certificate of the requesting device, the first identity key includes a second key, and the identity authentication code of the authentication access controller is the authentication access controller using the pre-preset with the first authentication server. a shared key, which is calculated and generated from the information including the ciphertext of the first identity information by using the cryptographic algorithm agreed with the first authentication server;发送模块，用于向所述鉴别接入控制器发送第一鉴别响应消息，所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码；所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果，所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名，所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的，所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果，所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥，采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的。A sending module, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information, the first digital signature of the second authentication server trusted by the requesting device, The ciphertext of the second authentication result information and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first digital signature is a digital signature generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result The information including the information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code. The server uses the pre-shared key with the authentication access controller, and uses the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information.44.根据权利要求43所述的第一鉴别服务器，其特征在于，所述第一鉴别服务器还包括：44. The first authentication server according to claim 43, wherein the first authentication server further comprises:第一验证模块，用于对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果，利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥，对所述请求设备的数字证书进行合法性验证得到第二验证结果；The first verification module is used to verify the identity authentication code of the authentication access controller to obtain a first verification result, and decrypt the ciphertext of the first identity information by using the private key corresponding to the encryption certificate to obtain the digital code of the requesting device. the certificate and the second key, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;第一生成模块，用于根据包括所述第一验证结果在内的信息生成所述第一鉴别结果信息，根据包括所述第二验证结果在内的信息生成所述第二鉴别结果信息，利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文，对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名，对包括所述第二鉴别结果信息密文在内的信息计算生成第一鉴别服务器的第一消息鉴别码；The first generation module is configured to generate the first identification result information according to the information including the first verification result, generate the second identification result information according to the information including the second verification result, and use the The second key encrypts the information including the second authentication result information to generate the ciphertext of the second authentication result information, calculates the signature data including the first authentication result information to generate the first digital signature, and generates the first digital signature for the information including the first authentication result information. The information including the ciphertext of the second authentication result information is calculated to generate the first message authentication code of the first authentication server;第二生成模块，用于根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The second generating module is configured to, based on information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information and the first message authentication code of the first authentication server The first authentication response message is generated.45.根据权利要求43所述的第一鉴别服务器，其特征在于，所述第一鉴别服务器还包括：45. The first authentication server of claim 43, wherein the first authentication server further comprises:第二验证模块，用于对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果；a second verification module, configured to verify the identity authentication code of the authentication access controller to obtain a first verification result;第三生成模块，用于根据包括所述第一验证结果在内的信息生成所述第一鉴别结果信息，对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成第二数字签名或对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成第二消息鉴别码；A third generating module, configured to generate the first authentication result information according to the information including the first verification result, and sign the first authentication result information and the ciphertext of the first identity information. Data calculation to generate a second digital signature or calculation of information including the first authentication result information and the ciphertext of the first identity information to generate a second message authentication code;所述发送模块，还用于向第二鉴别服务器发送第二鉴别请求消息，所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二数字签名或所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二消息鉴别码；The sending module is further configured to send a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second authentication request message. The digital signature or the second authentication request message includes the first authentication result information, the ciphertext of the first identity information, and the second message authentication code;所述接收模块，还用于接收所述第二鉴别服务器发送的第二鉴别响应消息，所述第二鉴别响应消息中包括所述第一鉴别结果信息、第一数字签名、第二鉴别结果信息密文和第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、第一数字签名、第二鉴别结果信息密文和第三消息鉴别码；其中，所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的；所述第三数字签名是所述第二鉴别服务器对包括所述第二鉴别结果信息密文在内的签名数据计算生成的或所述第三消息鉴别码是所述第二鉴别服务器对包括所述第二鉴别结果信息密文在内的信息计算生成的；The receiving module is further configured to receive a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result information The ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the ciphertext of the second authentication result information and the third message authentication code; wherein the first authentication result information The digital signature is calculated and generated by the second authentication server on the signature data including the first authentication result information; the third digital signature is the encryption of the second authentication result information including the second authentication result information by the second authentication server. The signature data including the text is calculated and generated or the third message authentication code is generated by the second authentication server on the information including the cipher text of the second authentication result information;第三验证模块，用于利用所述第二鉴别服务器的公钥验证所述第三数字签名或利用与所述第二鉴别服务器的预共享密钥验证所述第三消息鉴别码；a third verification module, configured to use the public key of the second authentication server to verify the third digital signature or to verify the third message authentication code using the pre-shared key with the second authentication server;第四生成模块，用于若验证通过，则对包括所述第二鉴别结果信息密文在内的信息计算生成所述第一鉴别服务器的第一消息鉴别码，根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The fourth generation module is used to calculate and generate the first message authentication code of the first authentication server for the information including the ciphertext of the second authentication result information, if the verification is passed, according to the information including the first authentication result Information including the information, the first digital signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server generates the first authentication response message.46.根据权利要求43至45任一项所述的第一鉴别服务器，其特征在于，所述第一鉴别服务器向所述鉴别接入控制器发送的消息还包括所述第一鉴别服务器对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值；所述第一鉴别服务器向所述第二鉴别服务器发送的消息还包括所述第一鉴别服务器对接收到的所述第二鉴别服务器发送的最新前序消息计算的杂凑值。46. The first authentication server according to any one of claims 43 to 45, wherein the message sent by the first authentication server to the authentication access controller further comprises the first authentication server's response to receiving The hash value calculated by the latest pre-order message sent by the authentication access controller; the message sent by the first authentication server to the second authentication server also includes the received The hash value calculated by the latest pre-order message sent by the second authentication server.47.一种第二鉴别服务器，其特征在于，所述第二鉴别服务器包括：47. A second authentication server, wherein the second authentication server comprises:接收模块，用于接收第一鉴别服务器发送的第二鉴别请求消息，所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二数字签名或所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二消息鉴别码；其中，所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的，所述请求设备的身份信息包括所述请求设备的数字证书，所述第一身份密钥包括第二密钥；所述第二数字签名是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成的或所述第二消息鉴别码是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成的；A receiving module, configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second digital signature or the second authentication The request message includes the first authentication result information, the ciphertext of the first identity information and the second message authentication code; wherein, the ciphertext of the first identity information is the identity of the requesting device that is used by the requesting device using the public key of the encryption certificate information and information including the first identity key of the requesting device are encrypted and generated, the identity information of the requesting device includes the digital certificate of the requesting device, and the first identity key includes the second key; the The second digital signature is calculated and generated by the first authentication server on the signature data including the first authentication result information and the ciphertext of the first identity information, or the second message authentication code is the first authentication code. An authentication server calculates and generates the information including the first authentication result information and the ciphertext of the first identity information;验证模块，用于利用所述第一鉴别服务器的公钥验证所述第二数字签名或利用与所述第一鉴别服务器的预共享密钥验证所述第二消息鉴别码，若验证通过，则利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥，对所述请求设备的数字证书进行合法性验证得到第二验证结果；A verification module, configured to verify the second digital signature using the public key of the first verification server or verify the second message verification code using the pre-shared key with the first verification server, if the verification is passed, then Decrypt the ciphertext of the first identity information with the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the second key, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;生成模块，用于根据包括所述第二验证结果在内的信息生成所述第二鉴别结果信息，利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文，对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名，对包括所述第二鉴别结果信息密文在内的签名数据计算生成第三数字签名或对包括所述第二鉴别结果信息密文在内的信息计算生成第三消息鉴别码；A generating module, configured to generate the second authentication result information according to the information including the second authentication result, and use the second key to encrypt the information including the second authentication result information to generate the second authentication result Information ciphertext, calculate the signature data including the first authentication result information to generate a first digital signature, calculate the signature data including the second authentication result information ciphertext to generate a third digital signature or generate a third digital signature for the signature data including the second authentication result information The information including the ciphertext of the second authentication result information is calculated to generate a third message authentication code;发送模块，用于向所述第一鉴别服务器发送的第二鉴别响应消息，所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三消息鉴别码。A sending module, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result The information ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the second authentication result information ciphertext and the third message Authentication code.48.根据权利要求47所述的第二鉴别服务器，其特征在于，所述第二鉴别服务器向所述第一鉴别服务器发送的消息还包括所述第二鉴别服务器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值。48. The second authentication server according to claim 47, wherein the message sent by the second authentication server to the first authentication server further comprises the second authentication server's response to the first authentication server received. The hash value calculated by the latest preorder message sent by the authentication server.

Images