Entity authentication methods adopting asymmetric cryptographic technology may be divided into two types: unidirectional authentication and bidirectional authentication. Uniqueness or timeliness of the authentication is identified by time-varying parameters that typically include a time stamp, a sequence number and a random number, etc. If a time stamp or a sequence number is used as a time-varying parameter, a unidirectional authentication needs performing one pass authentication and the bidirectional authentication needs performing two pass authentication; if a random number is used as the time-varying parameter, a unidirectional authentication needs performing two pass authentication and a bidirectional authentication needs performing three pass authentication or four pass authentication (i.e., two parallel unidirectional authentication procedures).
No matter which one of the above authentication mechanisms is adopted, a verifier has to have a valid public key of a claimer, and otherwise, the authentication process will be damaged or can not finish successfully. Here, an explanation will be given by taking the method of three pass authentication in the bidirectional authentication for example:
Referring to FIG. 1, tokens TokenAB=RA∥RB∥B∥Text3∥sSA(RA∥RB∥Text2), TokenBA=RB∥RA∥A∥Text5∥sSB(RB∥RA∥A∥Text4 are shown. Where X is an entity distinguishing identifier, and the authentication system has two authentication entities which are A and B. CertX denotes a certificate of the entity X; sSX denotes a sign of the entity X; Rx denotes a random generated by the entity X and Text is an optional text field.
The authentication mechanism of three pass authentication operates as follows in detail:
1) The entity B sends a random number RB and an option text Text1 to the entity A;
2) The entity A sends a token TokenAB and an option certificate CertA to the entity B;
3) Upon receiving the message sent from the entity A, the entity B performs the following steps of:
3.1) ensuring having the valid public key of the entity A by checking the certificate of the entity A or by other methods;
3.2) after obtaining the public key of the entity A, verifying the sign of the TokenAB in the step 2), verifying the correctness of the distinguishing identifier B and checking whether the random number RB sent in the step 1) is consistent with the random number RB in the TokenAB, finishing the verification of the entity A by the entity B;
4) The entity B sends a token TokenBA and an option certificate CertB to the entity A;
5) After receiving the message including the TokenBA sent from the entity B, the entity A performs the following steps of:
5.1) ensuring having the valid public key of the entity B by checking the certificate of the entity B or by other methods;
5.2) after obtaining the public key of the entity B, verifying the sign of the TokenBA in the step 4), verifying the correctness of the distinguishing identifier A and checking whether the random number RA sent in the step 2) is consistent with the random number RA in the TokenBA and whether the random number RB received in step 1) is consistent with the random number RB in the TokenBA, finishing the verification of the entity B by the entity A.
As can be seen, the authentication mechanism of three pass authentication must ensure that the each one of entities A and B has the valid public key of the other side respectively in order to operate successfully. However, how to obtain the public key of the other side and its validity is not included in the protocol. This ensuring requirement condition can not be satisfied in many current application circumstances, for example, in a communication network, an entity authentication mechanism is generally used for implementing the function of the user access control, and before the authentication mechanism is completed successfully, the user is forbidden to access the network, therefore, the user can not or have difficulty to access a certificate institution to obtain the other side entity (the validity of the public key of the network access point) before the authentication.
Generally, in the current communication network, the bidirectional authentication needs to be implemented between the user and the network access point so as to ensure that a legal user accesses a legal network. Therefore, as to a network entity, if there is no need to know the valid public key of the opposite entity in the communication before authentication, and the verifying of the public key of the opposite entity is implemented during the authentication, then the conventional entity authentication mechanism is not only improved, but also provided with better feasibility and usability in the practical applications. In addition, no matter which one of the above authentication mechanisms is adopted, there is a need for the authentication entity to perform a calculation of the public key. However, the calculation of the public key takes a lot of time, which, for an authentication entity with a relatively weak computation capacity, causes the authentication protocol difficult to be applied. Therefore, during the design of the protocol, the calculation of the public key of the authentication entity should be performed as less times as possible while ensuring the authentication function.