In a current computer network or communications network, for a user to login to and securely communicate on the network, entity authentication between the user and the network, either one-way or two-way, needs to be done. Generally, the mechanisms of authentication can be classified into two categories: symmetric-key algorithm based ones and public-key algorithm based ones.
The mechanisms of authentication based on a public-key algorithm and technique require a participating entity to have a pair of keys, i.e., a public-private key pair. The public key is distributed to the other participating entities. The distribution may be done in an out-of-band manner or a certificate based manner. The out-of-band manner is less used due to the difficulty of updating the key, while the certificate based manner is widely used.
Generally, the methods for entity authentication using a public key certificate are based on a public key infrastructure (PKI). PKI is a general security infrastructure that implements and provides security services based on the concepts and techniques of public key. PKI can provide security services including authentication, integrity and confidentiality. Two important concepts in PKI are public key certificate and certificate authority (CA). Generally, a public key certificate is issued by a CA, the signature in the public key certificate is signed by the CA, and the CA certifies the binding between a holder of the public key certificate and the public key of the holder by providing the signature.
Generally, the public key certificate certified by the CA has a period of validity, and the certificate becomes invalid after the expiration of the period of validity. If the private key that corresponds to the public key certificate is compromised, the public key certificate also becomes invalid. There are some other possibilities which may lead to invalidation of the public key certificate, such as job changes.
In network communication, generally an entity that participates authentication will refuse to establish secure communication with an entity holding an invalid public key certificate; thus public key obtaining and certificate verification are associated with the entity authentication process and provide services for it. Currently, in existing mechanisms of authentication, before or during the execution of authentication, the verifier needs to either have a valid public key of the claimer, or know the status of a public key certificate of the claimer; otherwise, the authentication process will be subverted or will not be completed. As shown in FIG. 1, an entity A and an entity B need to execute an authentication protocol for authentication with each other, and a trusted third party (TP) is a third party entity that is trusted by both the entity A and the entity B. Before authentication, each of the entity A and the entity B needs to obtain a valid public key or the status of a public key certificate of its counterpart through the TP.
Currently, the status of a public key certificate can be obtained in the following two manners.
1) CRL: downloading a Certificate Revocation List (CRL), which may include downloading the entire list and downloading the increment of the list. For an entity to check the status of a certain public key certificate, the entity downloads the latest CRL from a server, and then checks whether the public key certificate to be verified is in the latest CRL.
2) Online inquiry. For example, Online Certificate Status Protocol (OCSP). Using a typical client/server structure, the OCSP mainly involves two entities: a client and a server. The client sends a request to the server, and the server returns a response. The request includes some certificates to be verified, and the response includes the statuses and verification intervals of these certificates.
The requirement of obtaining a valid public key or the status of a public key certificate of the counterpart in advance and cannot be met in many application scenarios, for example, in an access network with a tri-element structure including a user, an access point and a server, which may be seen in many communications networks, generally access control of the user is realized by an entity authentication mechanism; and before the authentication mechanism is completed, the user is not allowed to access the network, and thus cannot use the methods such as CRL and OCSP to verify the validity of a certificate of the access point or obtain a valid public key of the access point.
Moreover, in some applications, it is difficult for the user to use the methods such as CRL and OCSP during the authentication. Firstly, the user device may have a limited storage resource, or the user may simply do not want to store a CRL; thus it may not be practicable to periodically download the CRL. Even though the access network has no resource limitations, it may have the problems such as policy restrictions. Secondly, for a user to use an online inquiry mechanism such as OCSP, he needs to execute an independent, e.g., OCSP protocol by a backend server. This type of protocol normally runs over the Hypertext Transfer Protocol (HTTP) and is an application layer protocol; thus direct use of this type of protocol is complicated before the authentication of the access network is completed. Even if this type of protocol can be used, it is realized by the “user-server and access point-server” structure, which does not comply with the “user-access point-server” structure; thus this type of protocol cannot be used directly and conveniently.