US 12,438,878 B2
Method and device for identity authentication
Manxia Tie, Shaanxi (CN); Jun Cao, Shaanxi (CN); Xiaolong Lai, Shaanxi (CN); Xiaorong Zhao, Shaanxi (CN); Qin Li, Shaanxi (CN); Bianling Zhang, Shaanxi (CN); and Guoqiang Zhang, Shaanxi (CN)
Assigned to CHINA IWNCOMM CO., LTD., Shaanxi (CN)
Appl. No. 18/269,617
Filed by CHINA IWNCOMM CO., LTD., Shaanxi (CN)
PCT Filed Dec. 21, 2021, PCT No. PCT/CN2021/140039
§ 371(c)(1), (2) Date Jun. 26, 2023,
PCT Pub. No. WO2022/135386, PCT Pub. Date Jun. 30, 2022.
Claims priority of application No. 202011569205.3 (CN), filed on Dec. 26, 2020.
Prior Publication US 2024/0323188 A1, Sep. 26, 2024
Int. Cl. H04L 29/06 (2006.01); H04L 9/06 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/10 (2013.01) [H04L 9/0618 (2013.01); H04L 9/3247 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for identity authentication, comprising:
acquiring, by an authentication access controller, an identity ciphertext message transmitted by a REQuester, wherein the identity ciphertext message comprises identity information ciphertext of the REQuester, and the identity information ciphertext is generated by encrypting information comprising a digital certificate of the REQuester using a message encryption secret key;
decrypting, by the authentication access controller, the identity information ciphertext using the message encryption secret key to obtain the digital certificate of the REQuester;
transmitting, by the authentication access controller, a first authentication request message to a first authentication server trusted by the authentication access controller, wherein the first authentication request message comprises the digital certificate of the REQuester;
receiving, by the authentication access controller, a first authentication response message transmitted by the first authentication server, wherein the first authentication response message comprises authentication result information and a digital signature of the first authentication server, and the authentication result information comprises a verification result for the digital certificate of the REQuester;
verifying, by the authentication access controller using a public key of the first authentication server, the digital signature of the first authentication server; and
if the verification is successful, determining, by the authentication access controller, an identity authentication result of the REQuester according to the verification result for the digital certificate;
wherein before acquiring, by the authentication access controller, the identity ciphertext message transmitted by the REQuester, the method further comprises:
transmitting, by the authentication access controller, a secret key request message to the REQuester, wherein the secret key request message comprises a secret key exchange parameter of the authentication access controller;
performing, by the REQuester, secret key exchange calculation according to a temporary private key corresponding to a secret key exchange parameter of the REQuester and a temporary public key comprised in the secret key exchange parameter of the authentication access controller to generate a first secret key, and calculating, by the REQuester, the message encryption secret key by using a secret key derivation algorithm according to information comprising the first secret key, wherein the identity ciphertext message transmitted by the REQuester to the authentication access controller further comprises the secret key exchange parameter of the REQuester; and
performing, by the authentication access controller, secret key exchange calculation according to a temporary private key corresponding to the secret key exchange parameter of the authentication access controller and a temporary public key comprised in the secret key exchange parameter of the REQuester to generate the first secret key, and calculating, by the authentication access controller, the message encryption secret key by using the secret key derivation algorithm according to the information comprising the first secret key;
wherein the secret key request message further comprises a first random number generated by the authentication access controller;
then the calculating, by the REQuester, the message encryption secret key further comprises:
calculating, by the REQuester, the message encryption secret key according to information comprising a second random number generated by the REQuester, the first secret key and the first random number;
correspondingly, the identity ciphertext message further comprises the second random number; and
then the calculating, by the authentication access controller, the message encryption secret key further comprises:
calculating, by the authentication access controller, the message encryption secret key according to the information comprising the first secret key, the first random number and the second random number.