An entity authentication method using an asymmetric cipher can be categorized into unidirectional authentication and bidirectional authentication. Uniqueness or temporality of authentication is identified with a time-varying parameter, which typically includes a time stamp, a sequence number, and a random number. If a time stamp or a sequence number is used as a time-varying parameter, message passing shall be used only once for the unidirectional authentication and twice for the bidirectional authentication; and if a random number is used as a time-varying parameter, message passing shall be used twice for the unidirectional authentication and three or four times for the bidirectional authentication (i.e., parallel authentications each with message passing for twice).
Regardless of authentication mechanism, a verifier has to be provided with a valid public key of an asserter prior to or during operation; otherwise an authentication process may be damaged or fail. Here, a bidirectional authentication method with message passing for three times is described as an example.
Referring to FIG. 1, there are tokens TokenAB=RA∥RB∥B∥Text3∥sSA(RA∥RB∥B∥Text2) and TokenBA=RB∥RA∥A∥Text5∥sSB(RB∥RA∥A∥Text4), where X represents an entity identifier, and there are two authentication entities A and B in the authentication system; CertX represents a certificate of the entity X; sSX represents a signature of the entity X; RX represents a random number generated by the entity X; and Text represents an optional text field.
A process in which the authentication mechanism with message passing for three times operates is detailed as follows.
1) The entity B transmits the random number RB and the optional text Text1 to the entity A.
2) The entity A transmits the token TokenAB and the optional certificate CertA to the entity B.
3) The entity B performs the following steps upon reception of the message transmitted from the entity A:
3.1) the entity B ensures possession of a valid public key of the entity A by checking the certificate of the entity A or otherwise; and
3.2) the entity B obtains the public key of the entity A and then verifies the signature of TokenAB in the step 2), checks the identifier B for correctness and examines the random number RB transmitted in the step 1) and the random number RB in TokenAB for consistency to thereby verify the entity A.
4) The entity B transmits the token TokenBA and the optional certificate CertB to the entity A.
5) The entity A performs the following steps upon reception of the message including TokenBA transmitted from the entity B:
5.1) the entity A ensures possession of a valid public key of the entity B by checking the certificate of the entity B or otherwise; and
5.2) the entity A obtains the public key of the entity B and then verifies the signature of TokenBA in the step 4), checks the identifier A for correctness and examines the random number RA transmitted in the step 2) and the random number RA in TokenBA for consistency and the random number RB received in the step 1) and the random number RB in TokenBA for consistency to thereby verify the entity B.
As can be apparent, the authentication mechanism with message passing for three times has to ensure that each of the entities A and B possesses the valid public key of the other entity for successful operation, but neither how one party obtains the public key of the other party nor validity thereof has been mentioned in a protocol. This condition of guaranteeing a demand has not been satisfied in a variety of current application contexts. For example, a user access control function is typically performed with an entity authentication mechanism over a communication network in such a way that an access of a user to the network will not be allowed until the authentication mechanism is performed successfully, so it is impossible or difficult for the user to access a certificate institution to obtain validity of a public key of an opposite entity (a network access point) prior to authentication.
In an existing communication network, it is typically required to perform bidirectional authentication between a user and a network access point to ensure an access of a legal user to a legal network, so the traditional entity authentication mechanism can be improved and good feasibility and usability thereof can be offered in a practical application if a network entity is not aware of a valid public key of an opposite communication entity prior to authentication but verifies the public key of the opposite entity during authentication.