[go: up one dir, main page]

CN101364876B - A method for realizing entity's public key acquisition, certificate verification and authentication - Google Patents

A method for realizing entity's public key acquisition, certificate verification and authentication Download PDF

Info

Publication number
CN101364876B
CN101364876B CN2008101509511A CN200810150951A CN101364876B CN 101364876 B CN101364876 B CN 101364876B CN 2008101509511 A CN2008101509511 A CN 2008101509511A CN 200810150951 A CN200810150951 A CN 200810150951A CN 101364876 B CN101364876 B CN 101364876B
Authority
CN
China
Prior art keywords
entity
public key
message
certificate
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2008101509511A
Other languages
Chinese (zh)
Other versions
CN101364876A (en
Inventor
铁满霞
曹军
赖晓龙
黄振海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co Ltd filed Critical China Iwncomm Co Ltd
Priority to CN2008101509511A priority Critical patent/CN101364876B/en
Publication of CN101364876A publication Critical patent/CN101364876A/en
Application granted granted Critical
Publication of CN101364876B publication Critical patent/CN101364876B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a method for achieving public key acquisition, certificate validation and authentication of an entity. The method comprises the following steps: (1) transmitting a message 2 to an entity A by an entity B; (2) transmitting a message 3 to a credible third party TP by the entity A after receiving the message 2; (3) determining response RepTA after the credible third party TPreceives the message 3; (4) returning a message 4 to the entity A by the credible third party TP; (5) executing step (6) after the entity A receives the message 4 from the credible third party TP; (6) returning a message 5 to the entity B by the entity A; and (7) processing the message 5 after the entity B receives the message 5 from the entity A to obtain the authentication result of the entity A. The method can achieve public key acquisition, certificate validation and authentication of the entity by fusing in one protocol, thereby facilitating the execution efficiency and the effect of theprotocol and facilitating the combination with various public acquisition and public key certificate state enquiry protocols. The method suits with a user-access point-server network structure accessed to the network to meet the authentication requirement of the access network.

Description

一种实现实体的公钥获取、证书验证及鉴别的方法A method for realizing entity's public key acquisition, certificate verification and identification

技术领域technical field

本发明涉及一种实现实体的公钥获取、证书验证及鉴别的方法。The invention relates to a method for realizing public key acquisition, certificate verification and identification of entities.

背景技术Background technique

在目前的计算机网络和通信网络中,当用户登录网络进行安全通信前,必须完成用户和网络之间的实体鉴别,或单向鉴别或双向鉴别。使用的鉴别机制一般分为两类:基于对称密钥算法和基于公钥(非对称密钥)算法。In the current computer network and communication network, before the user logs into the network for secure communication, entity authentication between the user and the network must be completed, either one-way authentication or two-way authentication. The authentication mechanism used is generally divided into two categories: based on symmetric key algorithm and based on public key (asymmetric key) algorithm.

基于公钥算法和技术的鉴别机制要求参与者实体必须具有一对密钥,即公私钥对,其中公钥需通知给其他的参与者实体。可用的通知方式有带外通知方式和证书方式,其中带外通知方式由于难于更新而较少使用,证书方式则应用广泛。The authentication mechanism based on the public key algorithm and technology requires that the participant entity must have a pair of keys, that is, a public-private key pair, and the public key needs to be notified to other participant entities. Available notification methods include out-of-band notification method and certificate method, among which the out-of-band notification method is less used because it is difficult to update, and the certificate method is widely used.

采用公钥证书的实体鉴别方法一般需基于公钥基础设施,公钥基础设施是一种利用公钥的概念与技术来实施和提供安全服务的、具有普适性的安全基础设施,它可以提供鉴别、完整性、机密性等安全服务。公钥基础设施中很重要的两个概念就是公钥证书和证书权威,其中公钥证书通常由证书权威颁发,公钥证书中的签名由证书权威提供,证书权威通过提供签名来证实公钥证书持有者和该持有者公钥的绑定关系。Entity authentication methods using public key certificates generally need to be based on public key infrastructure. Public key infrastructure is a universal security infrastructure that uses the concept and technology of public keys to implement and provide security services. It can provide Authentication, integrity, confidentiality and other security services. Two very important concepts in public key infrastructure are public key certificates and certificate authorities, where public key certificates are usually issued by certificate authorities, signatures in public key certificates are provided by certificate authorities, and certificate authorities verify public key certificates by providing signatures The binding relationship between the holder and the holder's public key.

经过证书权威证实的公钥证书通常存在生命期,在生命期结束后证书失效。如果公钥证书所对应的私钥泄漏,则该公钥证书也失效。此外还存在一些其他使公钥证书失效的情况,比如工作变动导致其失效等。The public key certificate verified by the certificate authority usually has a lifetime, and the certificate becomes invalid after the lifetime expires. If the private key corresponding to the public key certificate is leaked, the public key certificate will also be invalid. In addition, there are some other situations that make the public key certificate invalid, such as job changes that cause it to become invalid.

在网络通信中参与鉴别的实体通常会拒绝与持有失效公钥证书的实体建立安全通信,因此公钥获取和证书验证通常围绕实体鉴别过程并为之提供服务。目前现有的鉴别机制在运行之前或运行当中,验证者必须具有声称者的有效公开密钥或者知晓声称者的公钥证书状态,否则鉴别过程会受到损害或不能成功完成。如图1所示,其中实体A和实体B需要通过执行鉴别协议完成它们之间的鉴别,可信第三方TP(Trusted third Party)为实体A和实体B信任的第三方实体,且实体A和实体B必须在鉴别之前通过可信第三方TP获得对端实体的有效公钥或公钥证书的状态。Entities participating in authentication in network communication usually refuse to establish secure communication with entities holding invalid public key certificates, so public key acquisition and certificate verification usually revolve around the entity authentication process and provide services for it. Before or during the operation of the existing authentication mechanism, the verifier must have the valid public key of the claimant or know the state of the public key certificate of the claimant, otherwise the authentication process will be damaged or cannot be completed successfully. As shown in Figure 1, where entity A and entity B need to complete the authentication between them by executing an authentication protocol, the trusted third party TP (Trusted third Party) is a third-party entity trusted by entity A and entity B, and entity A and entity B Entity B must obtain the valid public key or public key certificate status of the peer entity through the trusted third party TP before authentication.

目前获取公钥证书的状态通常使用以下两种方式:Currently, the status of the public key certificate is obtained in the following two ways:

1)CRL:下载证书吊销列表CRL(Certificate Revocation List)获取公钥证书的状态,包括全部的证书列表下载和增量证书列表下载。某个实体需要验证某个公钥证书的状态时,从服务器下载最新的证书吊销列表,然后检查需要验证的公钥证书是否在最新的证书吊销列表CRL中。1) CRL: Download the certificate revocation list CRL (Certificate Revocation List) to obtain the status of the public key certificate, including downloading all certificate lists and incremental certificate lists. When an entity needs to verify the status of a public key certificate, it downloads the latest certificate revocation list from the server, and then checks whether the public key certificate to be verified is in the latest certificate revocation list CRL.

2)在线查询获取公钥证书的状态。例如:在线证书状态协议OCSP(OnlineCertificate Status Protocol)。在线证书状态协议OCSP主要涉及客户端和服务器两个实体,是一种典型的客户端/服务器结构。客户端向服务器发送请求,服务器返回响应。请求中包含需要验证的系列证书,响应中包含系列证书的状态和验证间隔。2) Online query to obtain the status of the public key certificate. For example: Online Certificate Status Protocol OCSP (Online Certificate Status Protocol). Online Certificate Status Protocol OCSP mainly involves two entities, client and server, and is a typical client/server structure. The client sends a request to the server, and the server returns a response. The request contains the series of certificates that need to be verified, and the response contains the status and verification interval of the series of certificates.

事先获得对端实体的有效公钥或公钥证书状态,这一保障需求条件在很多应用环境下都得不到满足,比如在网络结构是用户、接入点、服务器三元结构的接入网络中,包含大多数的通信网络,通常采用实体鉴别机制实现用户接入控制功能,在鉴别机制成功完成前,禁止用户访问网络,因而在鉴别之前用户无法使用证书吊销列表CRL、在线证书状态协议OCSP等方法验证接入点证书的有效性或获得接入点的有效公钥。因此想彻底成功地完成鉴别,只能依赖用户在完成鉴别、已经建立网络通信后再进行验证,例如IEEE802.11i和IEEE802.16(e)中密钥管理PKM(Privacy Key Management)协议,即事后获得接入点的有效公钥或公钥证书的状态。不论是事前获得还是事后获得对端实体的有效公钥或公钥证书的状态,均将鉴别过程与获得有效公钥和公钥证书状态的过程分隔成两个单独的过程,不利于提高协议执行效率,甚至在某些应用环境中会引入不安全的因素,影响鉴别的真实性。Obtain the valid public key or public key certificate status of the peer entity in advance. This guarantee requirement cannot be met in many application environments, such as access networks with a ternary structure of users, access points, and servers. In most of the communication networks, the entity authentication mechanism is usually used to realize the user access control function. Before the authentication mechanism is successfully completed, the user is prohibited from accessing the network, so the user cannot use the certificate revocation list CRL and the online certificate status protocol OCSP before the authentication. Verify the validity of the access point certificate or obtain the valid public key of the access point by other methods. Therefore, if you want to complete the authentication completely and successfully, you can only rely on the user to authenticate after completing the authentication and establishing network communication, such as the key management PKM (Privacy Key Management) protocol in IEEE802.11i and IEEE802.16(e). Get the status of the access point's valid public key or public key certificate. Regardless of obtaining the valid public key or the status of the public key certificate of the peer entity in advance or after the event, the authentication process and the process of obtaining the valid public key and public key certificate status are separated into two separate processes, which is not conducive to improving protocol execution. Efficiency, even in some application environments will introduce unsafe factors, affecting the authenticity of authentication.

另,在某些应用中,用户在进行鉴别的过程中,也难于使用证书吊销列表CRL、在线证书状态协议OCSP等方式。首先用户设备可能存储资源有限、或者用户根本不愿意存储证书吊销列表CRL,导致周期下载证书吊销列表CRL无法实现。接入网络虽然不存在资源限制,然而接入网络可能存在政策限制等问题。其次,当用户使用在线证书状态协议OCSP等在线查询机制时,用户需要通过后台服务器执行单独的在线证书状态协议OSCP等协议,这些协议往往运行在HTTP协议上,属于应用层的协议,在接入网络的鉴别尚未完成之前,直接使用这些协议将非常复杂。即使能够使用,也需要通过用户—服务器和接入点—服务器的结构完成,不符合用户—接入点—服务器这种结构,无法直接的方便的应用。In addition, in some applications, it is difficult for users to use certificate revocation list CRL, online certificate status protocol OCSP and other methods in the process of authentication. First of all, the user equipment may have limited storage resources, or the user may not be willing to store the CRL at all, which makes it impossible to download the CRL periodically. Although there is no resource limitation in the access network, there may be problems such as policy restrictions in the access network. Secondly, when the user uses an online query mechanism such as the online certificate status protocol OCSP, the user needs to execute a separate online certificate status protocol OSCP and other protocols through the background server. These protocols often run on the HTTP protocol and belong to the application layer protocol. Using these protocols directly will be very complicated until the authentication of the network is completed. Even if it can be used, it needs to be completed through the structure of user-server and access point-server, which does not conform to the structure of user-access point-server, and cannot be directly and conveniently applied.

发明内容Contents of the invention

本发明为解决背景技术中存在的上述技术问题,而提出一种实现实体的公钥获取、证书验证和鉴别为一体的方法。In order to solve the above-mentioned technical problems existing in the background technology, the present invention proposes a method for realizing the integration of entity public key acquisition, certificate verification and identification.

本发明的技术解决方案是:本发明为一种实现实体的公钥获取、证书验证和鉴别的方法,其特殊之处在于:该方法包括以下步骤:The technical solution of the present invention is: the present invention is a method for realizing public key acquisition, certificate verification and identification of entities, and its special feature is that the method includes the following steps:

1)实体B向实体A发送消息2,消息2包括随机数RB、请求ReqB及可选文本Text3;1) Entity B sends message 2 to entity A, message 2 includes random number RB , request ReqB and optional text Text3;

2)实体A收到消息2后,向可信第三方TP发送消息3,消息3包括身份标识IDA、请求ReqAT和可选文本Text4;2) After receiving message 2, entity A sends message 3 to trusted third party TP, message 3 includes identity ID A , request ReqAT and optional text Text4;

3)可信第三方TP收到消息3后,确定响应RepTA,执行步骤4);3) After receiving the message 3, the trusted third party TP determines to respond to RepTA, and executes step 4);

4)可信第三方TP向实体A返回消息4,消息4包括响应RepTA和可选文本Text5;4) The trusted third party TP returns message 4 to entity A, message 4 includes response RepTA and optional text Text5;

5)实体A收到到来自可信第三方TP的消息4后,执行步骤6);5) After entity A receives message 4 from the trusted third party TP, it executes step 6);

6)实体A向实体B返回消息5,消息5包括权标TokenAB和响应RepB;6) Entity A returns message 5 to entity B, message 5 includes token TokenAB and response RepB;

7)实体B收到来自实体A的消息5后,进行处理,得到实体A的鉴别结果。7) After receiving the message 5 from entity A, entity B processes it and obtains the authentication result of entity A.

上述步骤3)中可信第三方TP确定响应RepTA的方法如下:根据实体A的身份标识IDA,检查公钥证书CertA的有效性或通过实体区分符A搜索实体A的有效公钥。The method for the trusted third party TP to determine the response RepTA in the above step 3) is as follows: check the validity of the public key certificate Cert A according to the identity ID A of the entity A or search for the valid public key of the entity A through the entity identifier A.

上述步骤7)中实体B对消息5的处理步骤如下:The steps for entity B to process message 5 in the above step 7) are as follows:

7.1)根据使用的公钥验证协议或分发协议来验证响应RepB,若验证通过则进至步骤7.2);7.1) Verify the response RepB according to the public key verification protocol or distribution protocol used, if the verification is passed, proceed to step 7.2);

7.2)获得实体A的公钥或公钥证书的状态,验证包含在权标TokenAB中的实体A的签名,然后检查在步骤1)中发送给实体A的随机数RB是否与包含在权标TokenAB中的随机数RB相一致,得到实体A的鉴别结果。至此,实体B完成对实体A的单向鉴别过程。7.2) Obtain the state of entity A's public key or public key certificate, verify the signature of entity A contained in the token TokenAB, and then check whether the random number R B sent to entity A in step 1) is consistent with that contained in the token The random number RB in TokenAB is consistent, and the identification result of entity A is obtained. So far, entity B completes the one-way authentication process for entity A.

上述方法在步骤1)之前还包括步骤0)实体A发送消息1给实体B,消息1包括随机数RA、身份标识IDA及可选文本Text1;实体B收到消息1后,再执行步骤1)。此时上述消息2还包括身份标识IDB;上述步骤3)中可信第三方TP确定响应RepTA的方法如下:根据实体A和实体B的身份标识IDA和IDB,检查公钥证书CertA和CertB的有效性或通过实体区分符A和B搜索实体A和实 体B的有效公钥;上述步骤5)中实体A对消息4的处理步骤如下:The above method also includes step 0) before step 1), entity A sends message 1 to entity B, message 1 includes random number R A , identity ID A and optional text Text1; after entity B receives message 1, execute step 1). At this time, the above message 2 also includes the identity ID B ; in the above step 3), the trusted third party TP determines the method of responding to RepTA as follows: according to the identity ID A and ID B of entity A and entity B, check the public key certificate Cert A and the validity of Cert B or search for the effective public keys of entity A and entity B through entity identifiers A and B; the processing steps of entity A to message 4 in the above step 5) are as follows:

5.1)根据使用的公钥验证协议或分发协议来验证响应RepTA,若验证通过则进至步骤5.2);5.1) Verify the response RepTA according to the public key verification protocol or distribution protocol used, if the verification is passed, proceed to step 5.2);

5.2)获得实体B的公钥或公钥证书的状态,验证包含在权标TokenBA中的实体B的签名;然后检查包含在权标TokenBA的签名数据中的身份标识字段IDA 是否与实体A的身份标识一致,检查在步骤0)中发送给实体B的随机数RA是否与包含在权标TokenBA中的随机数RA相一致,得到实体B的鉴别结果。5.2) Obtain the state of entity B's public key or public key certificate, verify the signature of entity B contained in token TokenBA; then check whether the identity field ID A contained in the signature data of token TokenBA is consistent with entity A's The identity marks are consistent, check whether the random number R A sent to the entity B in step 0) is consistent with the random number R A contained in the token TokenBA, and obtain the authentication result of the entity B.

上述步骤7)中实体B对消息5的处理步骤如下:The steps for entity B to process message 5 in the above step 7) are as follows:

7.1)根据使用的公钥验证协议或分发协议来验证响应RepB,若验证通过则进至步骤7.2);7.1) Verify the response RepB according to the public key verification protocol or distribution protocol used, if the verification is passed, proceed to step 7.2);

7.2)获得实体A的公钥或公钥证书的状态,验证包含在权标TokenAB中的实体A的签名。然后检查包含在权标TokenAB的签名数据中的身份标识字段IDB是否与实体B的身份标识字段一致,检查在步骤1)中发送给实体A的随机数RB是否与包含在权标TokenAB.中的随机数RB相一致,得到实体A的鉴别结果。7.2) Obtain the state of the public key or public key certificate of entity A, and verify the signature of entity A contained in the token TokenAB. Then check whether the identity field ID B contained in the signature data of the token TokenAB is consistent with the identity field of entity B, and check whether the random number RB sent to entity A in step 1) is consistent with that contained in the token TokenAB. The random number RB in is consistent, and the identification result of entity A is obtained.

上述ReqB和ReqAT分别为实体B和实体A产生的请求,请求对端实体的有效公钥或公钥证书的原状态等信息;上述RepTA和RepB分别为针对请求ReqAT和ReqB而产生的响应。The above ReqB and ReqAT are the requests generated by entity B and entity A respectively, requesting information such as the valid public key of the peer entity or the original state of the public key certificate; the above RepTA and RepB are the responses to the requests ReqAT and ReqB respectively.

上述ReqB、ReqAT、RepTA和RepB的形式和定义根据具体使用的公钥验证协议或分发协议确定,这些公钥验证协议或分发协议是证书状态协议(见GB/T19713)、基于服务器的证书验证协议(见IETF RFC5055)或者其他公钥分发或验证协议。The forms and definitions of the above-mentioned ReqB, ReqAT, RepTA, and RepB are determined according to the specific public key authentication protocol or distribution protocol used. These public key authentication protocols or distribution protocols are certificate status protocols (see GB/T19713), server-based certificate authentication protocols (see IETF RFC5055) or other public key distribution or verification protocols.

本发明采用三实体构架,实体A和实体B在鉴别之前需获得可信第三方的公钥或证书,并获得可信第三方颁发给自己的用户证书或将自己的公钥交给可信第三方保管,而无需事先知晓对端实体的有效公钥或公钥证书的状态。本发明将实体的公钥获取、证书验证和鉴别功能融合在一个协议中完成,有利于提高协议执行的效率和效果,便于和各种公钥获取和公钥证书状态查询协议相结合,适合接入网络的用户-接入点-服务器的网络结构,满足接入网络的鉴别要求。The present invention adopts a three-entity framework. Entity A and entity B need to obtain the public key or certificate of a trusted third party before authentication, and obtain the user certificate issued by the trusted third party or hand over their public key to the trusted third party. Three-party escrow without prior knowledge of the status of the peer entity's valid public key or public key certificate. The present invention integrates the entity's public key acquisition, certificate verification and identification functions into one protocol, which is beneficial to improve the efficiency and effect of protocol execution, and is convenient to combine with various public key acquisition and public key certificate status query protocols, and is suitable for accessing The user-access point-server network structure of the access network meets the authentication requirements of the access network.

附图说明Description of drawings

图1为现有技术中的鉴别机制工作示意图;Fig. 1 is a working schematic diagram of the authentication mechanism in the prior art;

图2为本发明实施例一的方法示意图;Fig. 2 is the schematic diagram of the method of embodiment 1 of the present invention;

图3为本发明实施例二的方法示意图;3 is a schematic diagram of the method of Embodiment 2 of the present invention;

图4为本发明实施例三的方法示意图。Fig. 4 is a schematic diagram of the method of the third embodiment of the present invention.

具体实施方式Detailed ways

本发明的方法涉及三个安全元素,即两个实体A和B及一个可信第三方TP,通过在线的可信第三方TP,实体A和B之间完成鉴别,且获取对端实体的有效公钥或公钥证书的状态。The method of the present invention involves three security elements, that is, two entities A and B and a trusted third party TP, through the online trusted third party TP, the authentication between entities A and B is completed, and the valid The status of the public key or public key certificate.

实体A或B以实体X表示;则RX表示实体X产生的随机数;CertX为实体X的公钥证书;IDX为实体X的身份标识,由证书CertX或者实体的区分符X表示;ReqX表示由实体X产生的请求,请求对端实体的有效公钥或公钥证书的状态等信息;ReqXT表示由实体X产生的或转发给可信第三方TP的请求;RepX表示针对ReqX向实体X发送的响应,即向实体X响应其所请求的实体的有效公钥或公钥证书的状态等信息;RepTX表示针对ReqXT由可信第三方TP产生的响应;Token为权标字段;Text为可选文本字段。各符号定义如下:Entity A or B is represented by entity X; then R X represents the random number generated by entity X; Cert X is the public key certificate of entity X; ID X is the identity of entity X, which is represented by certificate Cert X or entity identifier X ; ReqX represents the request generated by entity X, requesting information such as the valid public key of the peer entity or the state of the public key certificate; ReqXT represents the request generated by entity X or forwarded to the trusted third party TP; RepX represents the request for ReqX to The response sent by entity X is to respond to entity X with information such as the valid public key of the requested entity or the status of the public key certificate; RepTX indicates the response to ReqXT generated by the trusted third party TP; Token is the token field; Text is an optional text field. The symbols are defined as follows:

IDA=Aor CertAID A = Aor CertA

IDB=B or CertBID B =B or CertB

ReqB、ReqAT、RepTA、RepB的形式根据具体使用的公钥验证协议或分发协议确定,这些在线公钥验证协议或分发协议包括证书状态协议(见GB/T19713)、基于服务器的证书验证协议(见IETF RFC5055)或者其他公钥分发或验证协议。The forms of ReqB, ReqAT, RepTA, and RepB are determined according to the specific public key verification protocol or distribution protocol used. These online public key verification protocols or distribution protocols include certificate status protocol (see GB/T19713), server-based certificate verification protocol (see IETF RFC5055) or other public key distribution or verification protocols.

参见图2,本发明实现实体A和实体B之间的双向鉴别的具体方法流程如下:Referring to Fig. 2, the specific method flow of the present invention to realize the two-way identification between entity A and entity B is as follows:

1)实体A发送消息1给实体B,消息1包括随机数RA、身份标识IDA及可选文本Text1;1) Entity A sends message 1 to entity B, message 1 includes random number R A , identity ID A and optional text Text1;

2)实体B收到消息1后,向实体A发送消息2,消息2包括权标TokenBA、身份标识IDB、请求ReqB及可选文本Text3,其中TokenBA=RA‖RB‖IDA‖sSB(RA‖RB‖IDB‖IDA‖Text2);2) Entity B sends message 2 to entity A after receiving message 1. Message 2 includes token TokenBA, identity ID B , request ReqB and optional text Text3, where TokenBA= RA ‖RB ‖ID A ‖sSB (R A ‖R B ‖ID B ‖ID A ‖Text2);

3)实体A收到消息2后,向可信第三方TP发送消息3,消息3包括请求ReqAT和可选文本Text4,其中ReqAT需包含ReqB的内容;3) After receiving message 2, entity A sends message 3 to the trusted third party TP. Message 3 includes request ReqAT and optional text Text4, where ReqAT needs to contain the content of ReqB;

4)可信第三方TP收到消息3后,根据实体A和实体B的身份标识IDA和 IDB,检查公钥证书CertA和CertB的有效性或通过实体区分符A和B搜索实体A和实体B的有效公钥,确定响应RepTA,其中RepTA需包含RepB的内容,执行步骤5);4) After receiving the message 3, the trusted third party TP checks the validity of the public key certificates Cert A and Cert B according to the identity ID A and ID B of entity A and entity B or searches for entities through entity identifiers A and B Valid public keys of A and entity B, determine the response RepTA, where RepTA needs to contain the content of RepB, execute step 5);

5)可信第三方TP向实体A返回消息4,消息4包括响应RepTA和可选文本Text5;5) The trusted third party TP returns message 4 to entity A, message 4 includes response RepTA and optional text Text5;

6)实体A收到到来自可信第三方TP的消息4后,完成下列步骤:6) After entity A receives message 4 from the trusted third party TP, it completes the following steps:

6.1)根据使用的公钥验证协议或分发协议来验证响应RepTA,若验证通过则进至步骤6.2);6.1) Verify the response RepTA according to the public key verification protocol or distribution protocol used, if the verification is passed, proceed to step 6.2);

6.2)获得实体B的公钥或公钥证书的状态,验证包含在权标TokenBA中的实体B的签名;然后检查包含在权标TokenBA的签名数据中的身份标识字段IDA是否与实体A的身份标识一致,检查在步骤1)步中发送给实体B的随机数RA是否与包含在权标TokenBA.中的随机数RA相一致,得到实体B的鉴别结果;6.2) Obtain the state of entity B's public key or public key certificate, verify the signature of entity B contained in token TokenBA; then check whether the identity field ID A contained in the signature data of token TokenBA is consistent with entity A's The identity is consistent, check whether the random number R A sent to entity B in step 1) is consistent with the random number R A contained in the token TokenBA., and obtain the identification result of entity B;

7)实体A向实体B返回消息5,消息5包括权标TokenAB和响应RepB,其中TokenAB=Text7‖sSA(RB‖IDB‖Text6);7) Entity A returns message 5 to entity B, message 5 includes token TokenAB and response RepB, where TokenAB=Text7∥sSA(R B∥ID B∥Text6 );

8)实体B收到来自实体A的消息5后,执行下列步骤:8) After entity B receives message 5 from entity A, it performs the following steps:

8.1)根据使用的公钥验证协议或分发协议来验证响应RepB,若验证通过则进至步骤8.2);8.1) Verify the response RepB according to the public key verification protocol or distribution protocol used, if the verification is passed, proceed to step 8.2);

8.2)获得实体A的公钥或公钥证书的状态,验证包含在权标TokenAB中的实体A的签名。然后检查包含在权标TokenAB的签名数据中的身份标识字段IDB是否与实体B的身份标识字段一致,检查在步骤2)中发送给实体A的随机数RB是否与包含在权标TokenAB.中的随机数RB相一致,得到实体A的鉴别结果;至此,实体A和实体B之间完成双向鉴别过程。8.2) Obtain the state of entity A's public key or public key certificate, and verify the signature of entity A contained in token TokenAB. Then check whether the identity field ID B contained in the signature data of the token TokenAB is consistent with the identity field of entity B, and check whether the random number RB sent to entity A in step 2) is the same as that contained in the token TokenAB. The random number RB is consistent, and the authentication result of entity A is obtained; so far, the two-way authentication process is completed between entity A and entity B.

参见图3,如果仅实现实体A对实体B的单向鉴别,则在双向鉴别过程的基础上步骤7)和8)可以省略,且消息1到消息5中的某些字段也可以省略。Referring to FIG. 3 , if only one-way authentication of entity A to entity B is implemented, steps 7) and 8) can be omitted based on the two-way authentication process, and some fields in messages 1 to 5 can also be omitted.

参见图4,如果仅实现实体B对实体A的单向鉴别,则在双向鉴别过程的基础上步骤1)可以省略,且消息2到消息5中的某些字段也可以省略,其具体工作过程如下:Referring to Figure 4, if only the one-way authentication of entity B to entity A is realized, step 1) can be omitted on the basis of the two-way authentication process, and some fields in message 2 to message 5 can also be omitted, the specific working process as follows:

2)实体B向实体A发送消息2,消息2包括随机数RB、请求ReqB及可选文本Text3;2) Entity B sends message 2 to entity A, message 2 includes random number RB , request ReqB and optional text Text3;

3)实体A收到消息2后,向可信第三方TP发送消息3,消息3包括身份标识IDA、请求ReqAT和可选文本Text4,其中ReqAT等于ReqB;3) After receiving message 2, entity A sends message 3 to trusted third party TP, message 3 includes identity ID A , request ReqAT and optional text Text4, wherein ReqAT is equal to ReqB;

4)可信第三方TP收到消息3后,根据实体A的身份标识IDA,检查公钥证书CertA的有效性或通过实体区分符A搜索实体A的有效公钥,确定响应RepTA,其中RepTA等于RepB,执行步骤5);4) After receiving the message 3, the trusted third party TP checks the validity of the public key certificate Cert A according to the identity ID A of the entity A or searches for the valid public key of the entity A through the entity identifier A, and determines the response RepTA, where RepTA is equal to RepB, execute step 5);

5)可信第三方TP向实体A返回消息4,消息4包括响应RepTA和可选文本Text5;5) The trusted third party TP returns message 4 to entity A, message 4 includes response RepTA and optional text Text5;

6)实体A收到到来自可信第三方TP的消息4后,执行步骤7);6) After entity A receives message 4 from the trusted third party TP, it executes step 7);

7)实体A向实体B返回消息5,消息5包括权标TokenAB和响应RepB,其中TokenAB=Text7‖sSA(RB‖Text6);7) Entity A returns message 5 to entity B, message 5 includes token TokenAB and response RepB, where TokenAB=Text7∥sSA(R B ∥Text6);

8)实体B收到来自实体A的消息5后,执行下列步骤:8) After entity B receives message 5 from entity A, it performs the following steps:

8.1)根据使用的公钥验证协议或分发协议来验证响应RepB,若验证通过则进至步骤8.2);8.1) Verify the response RepB according to the public key verification protocol or distribution protocol used, if the verification is passed, proceed to step 8.2);

8.2)获得实体A的公钥或公钥证书的状态,验证包含在权标TokenAB中的实体A的签名,然后检查在步骤2)中发送给实体A的随机数RB是否与包含在权标TokenAB.中的随机数RB相一致,得到实体A的鉴别结果。至此,实体B完成对实体A的单向鉴别过程。8.2) Obtain the state of entity A's public key or public key certificate, verify the signature of entity A contained in the token TokenAB, and then check whether the random number R B sent to entity A in step 2) is consistent with that contained in the token The random number R B in TokenAB. is consistent, and the identification result of entity A is obtained. So far, entity B completes the one-way authentication process for entity A.

Claims (12)

1.一种实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:该方法包括以下步骤:1. A method for realizing public key acquisition, certificate verification and identification of an entity, characterized in that: the method comprises the following steps: 1)实体B向实体A发送消息2,消息2包括随机数RR、请求ReqB及可选文本Text3;1) Entity B sends message 2 to entity A, message 2 includes random number R R , request ReqB and optional text Text3; 2)实体A收到消息2后,向可信第三方TP发送消息3,消息3包括身份标识IDA、请求ReqAT和可选文本Text4;2) After receiving message 2, entity A sends message 3 to trusted third party TP, message 3 includes identity ID A , request ReqAT and optional text Text4; 3)可信第三方TP收到消息3后,确定响应RepTA,执行步骤4);3) After receiving the message 3, the trusted third party TP determines to respond to RepTA, and executes step 4); 4)可信第三方TP向实体A返回消息4,消息4包括响应RepTA和可选文本Text5;4) The trusted third party TP returns message 4 to entity A, message 4 includes response RepTA and optional text Text5; 5)实体A收到来自可信第三方TP的消息4后,执行步骤6);5) After entity A receives message 4 from the trusted third party TP, it executes step 6); 6)实体A向实体B返回消息5,消息5包括权标TokenAB和响应RepB;6) Entity A returns message 5 to entity B, message 5 includes token TokenAB and response RepB; 7)实体B收到来自实体A的消息5后,进行处理,得到实体A的鉴别结果。7) After receiving the message 5 from entity A, entity B processes it and obtains the authentication result of entity A. 2.根据权利要求1所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:所述步骤3)中可信第三方TP确定响应RepTA的方法如下:根据实体A的身份标识IDA,检查公钥证书CertA的有效性或通过实体区分符A搜索实体A的有效公钥。2. the method for realizing the public key acquisition, certificate verification and identification of the entity according to claim 1, is characterized in that: in the described step 3), the trusted third party TP determines that the method for responding to RepTA is as follows: according to the identity of entity A To identify ID A , check the validity of the public key certificate Cert A or search for a valid public key of entity A by entity discriminator A. 3.根据权利要求2所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:所述步骤7)中实体B对消息5的处理步骤如下:3. the method for obtaining the public key of the realization entity according to claim 2, certificate verification and identification, is characterized in that: the processing steps of entity B to message 5 in the step 7) are as follows: 7.1)根据使用的公钥验证协议或分发协议来验证响应RepB,若验证通过则进至步骤7.2);7.1) Verify the response RepB according to the public key verification protocol or distribution protocol used, if the verification is passed, proceed to step 7.2); 7.2)获得实体A的公钥或公钥证书的状态,验证包含在权标TokenAB中的实体A的签名,然后检查在步骤1)中发送给实体A的随机数RB是否与包含在权标TokenAB中的随机数RB相一致,得到实体A的鉴别结果。7.2) Obtain the state of entity A's public key or public key certificate, verify the signature of entity A contained in the token TokenAB, and then check whether the random number R B sent to entity A in step 1) is consistent with that contained in the token The random number RB in TokenAB is consistent, and the identification result of entity A is obtained. 4.根据权利要求1所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:该方法在步骤1)之前还包括步骤0)实体A发送消息1给实体B,消息1包括随机数RA、身份标识IDA及可选文本Text1;实体B收到消息1后,再执行步骤1)。4. The method for realizing the public key acquisition, certificate verification and authentication of an entity according to claim 1, characterized in that: the method also includes step 0) before step 1) Entity A sends message 1 to entity B, and message 1 Including random number R A , identity ID A and optional text Text1; after entity B receives message 1, then execute step 1). 5.根据权利要求4所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:所述消息2还包括身份标识IDB5 . The method for realizing public key acquisition, certificate verification and authentication of an entity according to claim 4 , wherein the message 2 further includes an identity ID B . 6.根据权利要求5所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:所述步骤3)中可信第三方TP确定响应RepTA的方法如下:根据实体A和实体B的身份标识IDA和IDB,检查公钥证书CertA和CertB的有效性或通过实体区分符A和B搜索实体A和实体B的有效公钥。6. The method for realizing the public key acquisition, certificate verification and identification of the entity according to claim 5, characterized in that: the trusted third party TP in the step 3) determines that the method for responding to RepTA is as follows: according to entity A and entity A B's identity identifies ID A and ID B , check the validity of public key certificates Cert A and Cert B or search for valid public keys of entity A and entity B through entity discriminators A and B. 7.根据权利要求6所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:所述步骤5)中实体A对消息4的处理步骤如下:7. The method for obtaining the public key of the realization entity, certificate verification and identification according to claim 6, characterized in that: the processing steps of entity A to message 4 in the step 5) are as follows: 5.1)根据使用的公钥验证协议或分发协议来验证响应RepTA,若验证通过则进至步骤5.2);5.1) Verify the response RepTA according to the public key verification protocol or distribution protocol used, if the verification is passed, proceed to step 5.2); 5.2)获得实体B的公钥或公钥证书的状态,验证包含在权标TokenBA中的实体B的签名;然后检查包含在权标TokenBA的签名数据中的身份标识字段IDA是否与实体A的身份标识一致,检查在步骤0)中发送给实体B的随机数RA是否与包含在权标TokenBA中的随机数RA相一致,得到实体B的鉴别结果。5.2) Obtain the state of entity B's public key or public key certificate, verify the signature of entity B contained in token TokenBA; then check whether the identity field ID A contained in the signature data of token TokenBA is consistent with entity A's The identity marks are consistent, check whether the random number R A sent to the entity B in step 0) is consistent with the random number R A contained in the token TokenBA, and obtain the authentication result of the entity B. 8.根据权利要求7所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:所述步骤7)中实体B对消息5的处理步骤如下:8. The method for obtaining the public key of the realization entity, certificate verification and identification according to claim 7, characterized in that: the processing steps of entity B to message 5 in the step 7) are as follows: 7.1)根据使用的公钥验证协议或分发协议来验证响应RepB,若验证通过则进至步骤7.2);7.1) Verify the response RepB according to the public key verification protocol or distribution protocol used, if the verification is passed, proceed to step 7.2); 7.2)获得实体A的公钥或公钥证书的状态,验证包含在权标TokenAB中的实体A的签名,然后检查包含在权标TokenAB的签名数据中的身份标识字段IDB是否与实体B的身份标识字段一致,检查在步骤1)中发送给实体A的随机数RB是否与包含在权标TokenAB中的随机数RB相一致,得到实体A的鉴别结果。7.2) Obtain the state of entity A's public key or public key certificate, verify the signature of entity A contained in token TokenAB, and then check whether the identity field ID B contained in the signature data of token TokenAB is consistent with entity B's The identity field is consistent, check whether the random number RB sent to entity A in step 1) is consistent with the random number RB contained in the token TokenAB, and obtain the authentication result of entity A. 9.根据权利要求1至8任一权利要求所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:所述ReqB和ReqAT分别为实体B和实体A产生的请求,请求对端实体的有效公钥或公钥证书的原状态信息;所述RepTA和RepB分别为针对请求ReqAT和ReqB而产生的响应。9. The method according to any one of claims 1 to 8 to achieve public key acquisition, certificate verification and authentication of an entity, wherein: said ReqB and ReqAT are requests generated by entity B and entity A respectively, request The valid public key of the peer entity or the original state information of the public key certificate; the RepTA and RepB are responses to the requests ReqAT and ReqB respectively. 10.根据权利要求9所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:所述ReqB、ReqAT、RepTA和RepB的形式和定义根据具体使用的公钥验证协议或分发协议确定,所述公钥验证协议或分发协议是证书状态协议或基于服务器的证书验证协议。10. The method for realizing public key acquisition, certificate verification and identification of an entity according to claim 9, characterized in that: the form and definition of said ReqB, ReqAT, RepTA and RepB are based on the specific use of the public key verification protocol or distribution The protocol determines that the public key authentication protocol or distribution protocol is a certificate status protocol or a server-based certificate authentication protocol. 11.根据权利要求1至3任一权利要求所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:所述ReqAT等于ReqB,RepTA等于RepB。11. The method for realizing the public key acquisition, certificate verification and authentication of an entity according to any one of claims 1 to 3, characterized in that: said ReqAT is equal to ReqB, and RepTA is equal to RepB. 12.根据权利要求4至8任一权利要求所述的实现实体的公钥获取、证书验证及鉴别的方法,其特征在于:所述ReqAT包含ReqB的内容,RepTA包含RepB的内容。12. The method according to any one of claims 4 to 8 for realizing public key acquisition, certificate verification and authentication of an entity, characterized in that: the ReqAT includes the content of ReqB, and the RepTA includes the content of RepB.
CN2008101509511A 2008-09-12 2008-09-12 A method for realizing entity's public key acquisition, certificate verification and authentication Active CN101364876B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008101509511A CN101364876B (en) 2008-09-12 2008-09-12 A method for realizing entity's public key acquisition, certificate verification and authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008101509511A CN101364876B (en) 2008-09-12 2008-09-12 A method for realizing entity's public key acquisition, certificate verification and authentication

Publications (2)

Publication Number Publication Date
CN101364876A CN101364876A (en) 2009-02-11
CN101364876B true CN101364876B (en) 2011-07-06

Family

ID=40391055

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101509511A Active CN101364876B (en) 2008-09-12 2008-09-12 A method for realizing entity's public key acquisition, certificate verification and authentication

Country Status (1)

Country Link
CN (1) CN101364876B (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645776B (en) 2009-08-28 2011-09-21 西安西电捷通无线网络通信股份有限公司 An Entity Authentication Method Introducing an Online Third Party
CN101640593B (en) * 2009-08-28 2011-11-02 西安西电捷通无线网络通信股份有限公司 Entity two-way identification method of introducing the online third party
CN101635624B (en) * 2009-09-02 2011-06-01 西安西电捷通无线网络通信股份有限公司 Introducing an online trusted third-party entity authentication method
CN101674182B (en) * 2009-09-30 2011-07-06 西安西电捷通无线网络通信股份有限公司 Method and system for introducing online trusted third-party entity public key acquisition, certificate verification and authentication
WO2011075906A1 (en) * 2009-12-25 2011-06-30 西安西电捷通无线网络通信股份有限公司 Method for achieving public key acquisition, certificate validation and authentication of entity
WO2011075907A1 (en) * 2009-12-25 2011-06-30 西安西电捷通无线网络通信股份有限公司 Method for implementing public key acquirement, certificate validation and bi-directional authentication of entities
CN102014386B (en) * 2010-10-15 2012-05-09 西安西电捷通无线网络通信股份有限公司 Entity authentication method and system based on symmetric cryptographic algorithm
CN101997688B (en) 2010-11-12 2013-02-06 西安西电捷通无线网络通信股份有限公司 Method and system for identifying anonymous entity
CN101984577B (en) 2010-11-12 2013-05-01 西安西电捷通无线网络通信股份有限公司 Method and system for indentifying anonymous entities
CN102045716B (en) * 2010-12-06 2012-11-28 西安西电捷通无线网络通信股份有限公司 Method and system for safe configuration of station (STA) in wireless local area network (WLAN)
CN103297464B (en) * 2012-02-29 2016-03-30 华为技术有限公司 The acquisition methods of programme information and device
CN103312670A (en) 2012-03-12 2013-09-18 西安西电捷通无线网络通信股份有限公司 Authentication method and system
CN103312499B (en) 2012-03-12 2018-07-03 西安西电捷通无线网络通信股份有限公司 A kind of identity identifying method and system
CN104954130B (en) 2014-03-31 2019-08-20 西安西电捷通无线网络通信股份有限公司 A kind of method for authenticating entities and device
CN106571919B (en) * 2015-10-10 2019-10-29 西安西电捷通无线网络通信股份有限公司 A kind of entity identities validation verification method and device thereof
CN106572064B (en) * 2015-10-10 2019-10-29 西安西电捷通无线网络通信股份有限公司 A kind of entity identities validation verification method and device that more TTP are participated in
CN107104799B (en) * 2016-02-22 2021-04-16 西门子公司 A method and apparatus for creating a certificate testing library
GB2569130B (en) 2017-12-05 2020-11-04 Ali Musallam Ibrahim Method and system for sharing an item of media content

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1929380A (en) * 2006-09-23 2007-03-14 西安西电捷通无线网络通信有限公司 Public key certificate state obtaining and verification method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1929380A (en) * 2006-09-23 2007-03-14 西安西电捷通无线网络通信有限公司 Public key certificate state obtaining and verification method

Also Published As

Publication number Publication date
CN101364876A (en) 2009-02-11

Similar Documents

Publication Publication Date Title
CN101364876B (en) A method for realizing entity's public key acquisition, certificate verification and authentication
CN101674182B (en) Method and system for introducing online trusted third-party entity public key acquisition, certificate verification and authentication
US10439826B2 (en) Identity-based certificate management
CN101222328B (en) Entity bidirectional identification method
CN101247223B (en) A two-way authentication method for entities based on a trusted third party
EP3149887B1 (en) Method and system for creating a certificate to authenticate a user identity
CN101364875B (en) Method realizing public key acquiring, certificater verification and bidirectional identification of entity
CN101193103B (en) A method and system for allocating and validating identity identifier
US20100138907A1 (en) Method and system for generating digital certificates and certificate signing requests
CN101645776B (en) An Entity Authentication Method Introducing an Online Third Party
CN101145910A (en) An entity bidirectional authentication method and system based on a trusted third party
WO2011026296A1 (en) Method for authenticating entities by introducing an on-line trusted third party
Aiash et al. A formally verified access control mechanism for information centric networks
Yang et al. Blockchain-based conditional privacy-preserving authentication protocol with implicit certificates for vehicular edge computing
CN106230603A (en) A kind of authentication authority method
Kumar et al. Security enforcement using PKI in Semantic Web
Berger A Scalable Architecture for Public Key Distribution Acting in Concert with Secure DNS
Perrin Public key distribution through" cryptoIDs"
WO2011075906A1 (en) Method for achieving public key acquisition, certificate validation and authentication of entity
Linna et al. An anonymous authentication mechanism based on Kerberos and HIBC
WO2011075907A1 (en) Method for implementing public key acquirement, certificate validation and bi-directional authentication of entities
Mahdi et al. A formally verified access control mechanism for information centric networks
Palani Scalable authentication for consumer-side smart grid Internet of Things
Rao et al. An authentication and authorization approach for the network of knowledge architecture.

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: BEIJING ZHIXIANG TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2016610000049

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20161117

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: BEIJING FENGHUO LIANTUO TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000001

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20170106

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHANGHAI YU FLY MILKY WAY SCIENCE AND TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000005

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20170317

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing next Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000014

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20170601

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: HYTERA COMMUNICATIONS Corp.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000015

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20170602

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing Hua Xinaotian network technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000028

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20171122

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: ALPINE ELECTRONICS, Inc.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017990000497

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20171222

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN RAKWIRELESS TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000006

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20180226

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000008

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20180319

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000010

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20180322

Application publication date: 20090211

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000009

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20180320

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: BLACKSHARK TECHNOLOGIES (NANCHANG) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000012

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20180404

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Sony Mobile Communications AB

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018990000306

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20181123

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN UCLOUDLINK NEW TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2019610000002

Denomination of invention: Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Granted publication date: 20110706

License type: Common License

Record date: 20191010

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: HANGZHOU STRONG EDUCATION TECHNOLOGY Co.,Ltd.

Assignor: China IWNCOMM Co.,Ltd.

Contract record no.: X2021610000001

Denomination of invention: A method of public key acquisition, certificate verification and authentication of entity

Granted publication date: 20110706

License type: Common License

Record date: 20210125

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: EKC communication technology (Shenzhen) Co.,Ltd.

Assignor: China IWNCOMM Co.,Ltd.

Contract record no.: X2021610000008

Denomination of invention: A method of public key acquisition, certificate verification and authentication of entity

Granted publication date: 20110706

License type: Common License

Record date: 20210705

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Guangzhou nengchuang Information Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2021610000011

Denomination of invention: A method for obtaining public key, certificate verification and authentication of entities

Granted publication date: 20110706

License type: Common License

Record date: 20211104

Application publication date: 20090211

Assignee: Xinruiya Technology (Beijing) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2021610000012

Denomination of invention: A method for obtaining public key, certificate verification and authentication of entities

Granted publication date: 20110706

License type: Common License

Record date: 20211104

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN ZHIKAI TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2022610000005

Denomination of invention: A method of public key acquisition, certificate verification and authentication for entities

Granted publication date: 20110706

License type: Common License

Record date: 20220531

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: HISCENE INFORMATION TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000003

Denomination of invention: A method to realize entity's public key acquisition, certificate verification and authentication

Granted publication date: 20110706

License type: Common License

Record date: 20230207

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing baicaibang Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000005

Denomination of invention: A Method for Realizing Entity's Public Key Acquisition, Certificate Verification, and Authentication

Granted publication date: 20110706

License type: Common License

Record date: 20230329

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Shenzhen wisky Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000008

Denomination of invention: A Method for Realizing Entity's Public Key Acquisition, Certificate Verification, and Authentication

Granted publication date: 20110706

License type: Common License

Record date: 20230522

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing Digital Technology (Shanghai) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000012

Denomination of invention: A method for obtaining public keys, verifying certificates, and authenticating entities

Granted publication date: 20110706

License type: Common License

Record date: 20231114

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN JINGYI SMART TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2024610000002

Denomination of invention: A method for obtaining public keys, verifying certificates, and authenticating entities

Granted publication date: 20110706

License type: Common License

Record date: 20240520

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Nanjing Wanxin Donglian Intelligent Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2024610000005

Denomination of invention: A method for obtaining public keys, verifying certificates, and authenticating entities

Granted publication date: 20110706

License type: Common License

Record date: 20241025