CN114722364A

CN114722364A - Authentication method, device and equipment

Info

Publication number: CN114722364A
Application number: CN202110001469.7A
Authority: CN
Inventors: 陈美玲; 粟栗; 杜海涛; 冉鹏; 邵京
Original assignee: China Mobile Communications Group Co Ltd; Research Institute of China Mobile Communication Co Ltd
Current assignee: China Mobile Communications Group Co Ltd; Research Institute of China Mobile Communication Co Ltd
Priority date: 2021-01-04
Filing date: 2021-01-04
Publication date: 2022-07-08
Anticipated expiration: 2041-01-04
Also published as: CN114722364B

Abstract

The invention provides an authentication method, an authentication device and authentication equipment. The method comprises the following steps: acquiring a first handshake message; the first handshake message comprises an elliptic curve type supported by the second authentication end; determining a public key of the first authentication end according to a target elliptic curve type of the supported elliptic curve types; sending a second handshake message to a second authentication end, wherein the second handshake message comprises a target elliptic curve type and the public key; and performing identity verification of IBS based on identity with the second authentication end by adopting a signature algorithm corresponding to the type of the target elliptic curve. By adopting the method, the determined target elliptic curve type for key exchange is multiplexed into the elliptic curve type for IBS identity verification and signature algorithm determination, so that the elliptic curve type used by IBS signature and the elliptic curve type used in TLS handshake process are the same elliptic curve type, and the identity authentication mode between the first authentication end and the second authentication end is simple in operation process.

Description

An authentication method, device and equipment

技术领域technical field

本发明涉及网络安全技术领域，尤其是指一种认证方法、装置及设备。The present invention relates to the technical field of network security, and in particular, to an authentication method, device and equipment.

背景技术Background technique

可扩展的身份认证协议(Extensible Authentication Protocol，EAP)最早于1998年定义在RFC2284中，发展至目前已有超过20种基于EAP的认证方式。Extensible Authentication Protocol (EAP) was first defined in RFC2284 in 1998, and has developed more than 20 EAP-based authentication methods.

EAP-传输层安全性协议(Transport Layer Security，TLS)中使用X509证书实现对通信双方的身份认证，但在物联网场景下证书太大将会导致EAP-TLS认证的瓶颈问题，EAP-TLS-基于身份的数字签名(Identity Based Signature，IBS)是通过使用原始公钥替代X509证书，其为基于身份标识的密码系统(Identity-Based Cryptograph，IBC)技术的数字签名技术，可以用于用户的身份认证。IBS与传统数字签名的功能相同,不同处在于，使用IBS时认证方直接用被认证方的身份标识ID来验证签名的真伪，因此不需要复杂的证书体系，从而解决证书过大的问题。In EAP-Transport Layer Security (TLS), X509 certificate is used to authenticate the identity of both communication parties, but in the IoT scenario, the certificate is too large, which will lead to the bottleneck problem of EAP-TLS authentication. EAP-TLS-based Identity Based Signature (IBS) is a digital signature technology based on Identity-Based Cryptograph (IBC) technology by using the original public key to replace the X509 certificate, which can be used for user identity authentication . The function of IBS is the same as that of traditional digital signature, the difference is that when using IBS, the authenticator directly uses the identity ID of the authenticated party to verify the authenticity of the signature, so a complex certificate system is not required, thus solving the problem of too large certificates.

现有的IBS的签名方案是采用椭圆曲线类型密码学(Elliptic curvecryptography，ECC)的方式实现，然而通常技术方案中，TLS握手所使用的椭圆曲线类型和IBS签名所使用的椭圆曲线类型独立，造成认证过程的运算过程复杂问题。The existing IBS signature scheme is implemented by elliptic curve cryptography (ECC). However, in the usual technical scheme, the elliptic curve type used in the TLS handshake and the elliptic curve type used in the IBS signature are independent, resulting in The operation process of the authentication process is complicated.

发明内容SUMMARY OF THE INVENTION

本发明技术方案的目的在于提供一种认证方法、装置及设备，解决采用现有技术的认证方式，运算过程复杂的问题。The purpose of the technical solution of the present invention is to provide an authentication method, device and equipment, which solve the problem of complicated computing process in the authentication method in the prior art.

本发明实施例提供一种认证方法，应用于第一认证端，其中，所述方法包括：An embodiment of the present invention provides an authentication method, which is applied to a first authentication terminal, wherein the method includes:

获取第二认证端发送的第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；Acquire a first handshake message sent by the second authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

根据至少一所述椭圆曲线类型中的目标椭圆曲线类型，确定所述第一认证端的用于秘钥协商的公钥；determining, according to at least one target elliptic curve type in the elliptic curve type, a public key used for key negotiation of the first authenticating end;

向所述第二认证端发送第二握手消息；所述第二握手消息包括所述目标椭圆曲线类型和所述公钥；sending a second handshake message to the second authentication terminal; the second handshake message includes the target elliptic curve type and the public key;

采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证。Using the signature algorithm corresponding to the target elliptic curve type, the identity verification of the identity-based digital signature IBS is performed with the second authentication terminal.

可选地，所述的认证方法，其中，采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证，包括：Optionally, the authentication method, wherein a signature algorithm corresponding to the target elliptic curve type is used to perform identity-based digital signature IBS authentication with the second authentication terminal, including:

根据所述第一握手消息中的第一证书指示信息，向所述第二认证端发送第二证书指示信息；sending second certificate indication information to the second authentication terminal according to the first certificate indication information in the first handshake message;

其中，所述第二证书指示信息包括：Wherein, the second certificate indication information includes:

证书信息，包括所述第一认证端的身份信息、所述第一认证端的公开参数信息和所述第一认证端所属秘钥生成中心的公开参数信息；certificate information, including the identity information of the first authentication terminal, the public parameter information of the first authentication terminal, and the public parameter information of the key generation center to which the first authentication terminal belongs;

证书检验信息，包括采用所述目标椭圆曲线类型对应的签名算法，对所述证书信息进行签名的签名值；Certificate verification information, including a signature value for signing the certificate information using a signature algorithm corresponding to the target elliptic curve type;

证书请求信息，包括用于请求采用所述目标椭圆曲线类型对应的签名算法用于身份验证的请求信息。The certificate request information includes request information for requesting to use the signature algorithm corresponding to the target elliptic curve type for identity verification.

可选地，所述的认证方法，其中，所述第一认证端的公开参数信息包括：所述第一认证端的用于秘钥协商的公钥、所述签名算法和所述签名算法的公开参数的哈希值。Optionally, in the authentication method, the public parameter information of the first authenticating end includes: the public key of the first authenticating end used for key negotiation, the signature algorithm, and the public parameters of the signature algorithm hash value.

可选地，所述的认证方法，其中，所述第一证书指示信息包括：Optionally, in the authentication method, the first certificate indication information includes:

签名算法信息，用于指示所述第二认证端所支持的签名算法；Signature algorithm information, used to indicate the signature algorithm supported by the second authentication terminal;

第一证书类型信息，用于指示所述第二认证端能够处理的证书类型；first certificate type information, used to indicate the certificate type that the second authentication terminal can handle;

第二证书类型信息，用于指示所述第二认证端能够提供的证书类型。The second certificate type information is used to indicate the certificate type that the second authentication end can provide.

可选地，所述的认证方法，其中，所述第二证书指示信息还包括：Optionally, in the authentication method, the second certificate indication information further includes:

第三证书类型信息，用于指示在证书负载中的证书类型；third certificate type information, used to indicate the certificate type in the certificate payload;

第四证书类型信息，用于指示所述第二认证端要求提供的证书类型。The fourth certificate type information is used to indicate the certificate type required by the second authentication terminal.

可选地，所述的认证方法，其中，向所述第二认证端发送第二证书指示信息，包括：Optionally, the authentication method, wherein sending the second certificate indication information to the second authentication terminal includes:

采用握手秘钥加密所述第二证书指示信息，其中所述握手密钥是根据所述第一握手消息和所述第二握手消息计算获得；Encrypt the second certificate indication information with a handshake key, wherein the handshake key is obtained by calculation according to the first handshake message and the second handshake message;

向所述第二认证端发送加密后的所述第二证书指示信息。Send the encrypted second certificate indication information to the second authentication terminal.

可选地，所述的认证方法，其中，所述方法还包括：Optionally, the authentication method, wherein the method further comprises:

获取所述第二认证端发送的第三证书指示信息；obtaining the third certificate indication information sent by the second authentication terminal;

采用所述目标椭圆曲线类型对应的签名算法，对所述第三证书指示信息进行签名验证。A signature algorithm corresponding to the target elliptic curve type is used to perform signature verification on the third certificate indication information.

本发明实施例还提供一种认证方法，应用于第二认证端，其中，所述方法包括：An embodiment of the present invention further provides an authentication method, which is applied to the second authentication terminal, wherein the method includes:

向第一认证端发送第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；sending a first handshake message to the first authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

获取所述第一认证端响应所述第一握手消息发送的第二握手消息；所述第二握手消息包括所述第一认证端根据至少一所述椭圆曲线类型所选择的目标椭圆曲线类型，以及根据所述目标椭圆曲线类型确定的所述第一认证端的用于秘钥协商的公钥；acquiring a second handshake message sent by the first authentication terminal in response to the first handshake message; the second handshake message includes a target elliptic curve type selected by the first authentication terminal according to at least one of the elliptic curve types, and the public key for key negotiation of the first authentication terminal determined according to the target elliptic curve type;

采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证。Using the signature algorithm corresponding to the target elliptic curve type, the identity verification of the identity-based digital signature IBS is performed with the first authentication terminal.

可选地，所述的认证方法，其中，采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证，包括：Optionally, the authentication method, wherein a signature algorithm corresponding to the target elliptic curve type is used to perform identity-based digital signature IBS identity verification with the first authentication terminal, including:

获取所述第一认证端发送的第二证书指示信息；obtaining the second certificate indication information sent by the first authentication terminal;

采用所述目标椭圆曲线类型对应的签名算法，对所述第二证书指示信息进行签名验证；Using the signature algorithm corresponding to the target elliptic curve type, perform signature verification on the second certificate indication information;

可选地，所述的认证方法，其中，所述第一握手信息中包括第一证书指示信息，其中所述第一认证端根据所述第一证书指示信息，发送所述第二认证指示信息；Optionally, the authentication method, wherein the first handshake information includes first certificate indication information, wherein the first authentication end sends the second authentication indication information according to the first certificate indication information ;

所述第一证书指示信息包括：The first certificate indication information includes:

可选地，所述的认证方法，其中，采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证，还包括：Optionally, the authentication method, wherein the signature algorithm corresponding to the target elliptic curve type is used to perform identity-based digital signature IBS authentication with the first authentication terminal, further comprising:

向所述第一认证端发送第三证书指示信息，使所述第一认证端采用所述目标椭圆曲线类型对应的签名算法，对所述第三证书指示信息进行签名验证。Sending third certificate indication information to the first authentication end, so that the first authentication end uses a signature algorithm corresponding to the target elliptic curve type to perform signature verification on the third certificate indication information.

本发明实施例还提供一种认证端设备，所述认证端设备为第一认证端，其中，包括收发机和处理器，其中：An embodiment of the present invention further provides an authentication end device, where the authentication end device is a first authentication end, which includes a transceiver and a processor, wherein:

所述收发机用于，获取第二认证端发送的第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；The transceiver is configured to acquire a first handshake message sent by a second authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

所述处理器用于，根据至少一所述椭圆曲线类型中的目标椭圆曲线类型，确定所述第一认证端的用于秘钥协商的公钥；The processor is configured to, according to at least one target elliptic curve type in the elliptic curve type, determine the public key of the first authentication terminal for key negotiation;

所述收发机还用于，向所述第二认证端发送第二握手消息；所述第二握手消息包括所述目标椭圆曲线类型和所述公钥；The transceiver is further configured to send a second handshake message to the second authentication terminal; the second handshake message includes the target elliptic curve type and the public key;

所述处理器还用于，采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证。The processor is further configured to perform identity-based digital signature IBS authentication with the second authentication terminal by using a signature algorithm corresponding to the target elliptic curve type.

本发明实施例还提供一种认证端设备，所述认证端设备为第二认证端，其中，包括收发机和处理器，其中：An embodiment of the present invention further provides an authentication end device, where the authentication end device is a second authentication end, which includes a transceiver and a processor, wherein:

所述收发机用于，向第一认证端发送第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；以及The transceiver is configured to send a first handshake message to the first authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal; and

所述处理器用于，采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证。The processor is configured to perform identity-based digital signature IBS identity verification with the first authentication terminal by using a signature algorithm corresponding to the target elliptic curve type.

本发明实施例还提供一种认证装置，应用于第一认证端，其中，所述装置包括：An embodiment of the present invention further provides an authentication device, which is applied to the first authentication terminal, wherein the device includes:

第一消息获取模块，用于获取第二认证端发送的第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；a first message acquisition module, configured to acquire a first handshake message sent by a second authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

第一处理模块，用于根据至少一所述椭圆曲线类型中的目标椭圆曲线类型，确定所述第一认证端的用于秘钥协商的公钥；a first processing module, configured to determine, according to at least one target elliptic curve type in the elliptic curve type, a public key used for key negotiation of the first authentication end;

第一消息发送模块，用于向所述第二认证端发送第二握手消息；所述第二握手消息包括所述目标椭圆曲线类型和所述公钥；a first message sending module, configured to send a second handshake message to the second authentication terminal; the second handshake message includes the target elliptic curve type and the public key;

第二处理模块，用于采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证。The second processing module is configured to use the signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS authentication with the second authentication terminal.

本发明实施例还提供一种认证装置，应用于第二认证端，其中，所述装置包括：An embodiment of the present invention further provides an authentication device, which is applied to a second authentication terminal, wherein the device includes:

第二消息发送模块，用于向第一认证端发送第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；a second message sending module, configured to send a first handshake message to the first authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

第二消息获取模块，用于获取所述第一认证端响应所述第一握手消息发送的第二握手消息；所述第二握手消息包括所述第一认证端根据至少一所述椭圆曲线类型所选择的目标椭圆曲线类型，以及根据所述目标椭圆曲线类型确定的所述第一认证端的用于秘钥协商的公钥；A second message acquisition module, configured to acquire a second handshake message sent by the first authentication terminal in response to the first handshake message; the second handshake message includes the first authentication terminal according to at least one of the elliptic curve types. the selected target elliptic curve type, and the public key for key negotiation of the first authenticating end determined according to the target elliptic curve type;

第三处理模块，用于采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证。The third processing module is configured to use the signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS authentication with the first authentication terminal.

本发明实施例还提供一种认证设备，其特征在于，包括：处理器、存储器及存储在所述存储器上并可在所述处理器上运行的程序，所述程序被所述处理器执行时实现如上任一项所述的认证方法。An embodiment of the present invention also provides an authentication device, which is characterized by comprising: a processor, a memory, and a program stored in the memory and executable on the processor, when the program is executed by the processor Implement the authentication method as described in any of the above.

本发明实施例还提供一种可读存储介质，其中，所述可读存储介质上存储有程序，所述程序被处理器执行时实现如上任一项所述的认证方法中的步骤。An embodiment of the present invention further provides a readable storage medium, wherein a program is stored on the readable storage medium, and when the program is executed by a processor, the steps in any of the authentication methods described above are implemented.

本发明上述技术方案中的至少一个具有以下有益效果：At least one of the above-mentioned technical solutions of the present invention has the following beneficial effects:

本发明实施例所述认证方法，所确定的用于密钥交换的目标椭圆曲线类型，被复用为用于进行IBS身份验证确定签名算法的椭圆曲线类型，使得IBS签名所使用的椭圆曲线类型与TLS握手过程中所使用的椭圆曲线类型为同一椭圆曲线类型，第一认证端与第二认证端之间的身份认证方式，运算过程简单。In the authentication method according to the embodiment of the present invention, the determined target elliptic curve type used for key exchange is multiplexed as the elliptic curve type used for IBS identity verification to determine the signature algorithm, so that the elliptic curve type used for IBS signature The elliptic curve type used in the handshake process with TLS is the same elliptic curve type. The identity authentication method between the first authentication end and the second authentication end has a simple operation process.

附图说明Description of drawings

图1为本发明实施例所述认证方法的其中一实施方式的流程图；FIG. 1 is a flowchart of one implementation manner of the authentication method according to the embodiment of the present invention;

图2为EAP-TLS-IBS的认证流程的示意图；FIG. 2 is a schematic diagram of an authentication process of EAP-TLS-IBS;

图3为本发明实施例所述认证方法的另一实施方式的流程图；3 is a flowchart of another implementation manner of the authentication method according to the embodiment of the present invention;

图4为本发明实施例所述认证设备的其中一实施方式的结构示意图；FIG. 4 is a schematic structural diagram of an implementation manner of the authentication device according to the embodiment of the present invention;

图5为本发明实施例所述认证设备的另一实施方式的结构示意图；FIG. 5 is a schematic structural diagram of another implementation manner of the authentication device according to the embodiment of the present invention;

图6为本发明实施例所述认证装置的其中一实施方式的结构示意图；FIG. 6 is a schematic structural diagram of an implementation manner of the authentication apparatus according to the embodiment of the present invention;

图7为本发明实施例所述认证装置的另一实施方式的结构示意图；FIG. 7 is a schematic structural diagram of another implementation manner of the authentication apparatus according to the embodiment of the present invention;

图8为本发明实施例所述认证设备的其中一实施方式的结构示意图；FIG. 8 is a schematic structural diagram of an implementation manner of the authentication device according to the embodiment of the present invention;

图9为本发明实施例所述认证设备的另一实施方式的结构示意图。FIG. 9 is a schematic structural diagram of another implementation manner of an authentication device according to an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明要解决的技术问题、技术方案和优点更加清楚，下面将结合附图及具体实施例进行详细描述。In order to make the technical problems, technical solutions and advantages to be solved by the present invention more clear, the following will be described in detail with reference to the accompanying drawings and specific embodiments.

为解决采用现有技术的认证方式，运算过程复杂的问题，本发明实施例提供一种认证方法，使IBS签名所使用的椭圆曲线类型与TLS握手过程中所使用的椭圆曲线类型，复用为同一条椭圆曲线类型，以解决采用现有技术的认证方式，运算过程复杂的问题。In order to solve the problem that the authentication method of the prior art is used and the calculation process is complicated, the embodiment of the present invention provides an authentication method, so that the elliptic curve type used in the IBS signature and the elliptic curve type used in the TLS handshake process are multiplexed as The same elliptic curve type is used to solve the problem of complicated operation process in the authentication method using the existing technology.

本发明其中一实施例提供一种认证方法，如图1所示，该实施例所述认证方法应用于第一认证端，所述方法包括：An embodiment of the present invention provides an authentication method. As shown in FIG. 1 , the authentication method in this embodiment is applied to a first authentication terminal, and the method includes:

S110，获取第二认证端发送的第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；S110: Acquire a first handshake message sent by the second authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

S120，根据至少一所述椭圆曲线类型中的目标椭圆曲线类型，确定所述第一认证端的用于秘钥协商的公钥；S120, according to the target elliptic curve type in at least one of the elliptic curve types, determine the public key used for key negotiation of the first authentication terminal;

S130，向所述第二认证端发送第二握手消息；所述第二握手消息包括所述目标椭圆曲线类型和所述公钥；S130, sending a second handshake message to the second authentication terminal; the second handshake message includes the target elliptic curve type and the public key;

S140，采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证。S140, using the signature algorithm corresponding to the target elliptic curve type to perform identity verification based on an identity-based digital signature IBS with the second authentication terminal.

本发明实施例所述认证方法，在步骤S110至步骤S130，第一认证端与第二认证端进行TLS握手的密钥交换过程中，所确定的用于密钥交换的目标椭圆曲线类型，在步骤S140时，被复用为用于进行IBS身份验证确定签名算法的椭圆曲线类型，使得IBS签名所使用的椭圆曲线类型与TLS握手过程中所使用的椭圆曲线类型为同一椭圆曲线类型。In the authentication method according to the embodiment of the present invention, in steps S110 to S130, during the key exchange process of the TLS handshake between the first authentication end and the second authentication end, the determined target elliptic curve type used for the key exchange is In step S140, it is multiplexed as the elliptic curve type used for IBS authentication to determine the signature algorithm, so that the elliptic curve type used for the IBS signature and the elliptic curve type used in the TLS handshake process are the same elliptic curve type.

本发明实施例中，可选地，可以将发送第一握手消息的第二认证端称为客户端，将接收第一握手消息的第一认证端称为服务端。需要说明的是，客户端与服务端可以为双向认证，第一认证端与第二认证端作为客户端和服务端的名称可以互换。In this embodiment of the present invention, optionally, the second authentication end that sends the first handshake message may be referred to as the client, and the first authentication end that receives the first handshake message may be referred to as the server. It should be noted that the client and the server may be two-way authentication, and the names of the first authentication end and the second authentication end as the client and the server may be interchanged.

本发明实施例所述认证方法，步骤S110至步骤S130为TSL握手过程，可选地，TSL握手过程的密钥交换算法采用并不限于仅能够采用以下算法中的任一种：In the authentication method according to the embodiment of the present invention, steps S110 to S130 are the TSL handshake process. Optionally, the key exchange algorithm used in the TSL handshake process is not limited to using any one of the following algorithms:

使用基于椭圆曲线类型签密方案(EC,Elliptic Curve)的Diffie-Hellman(DH)密钥协商协议(ECDHE)；Use Diffie-Hellman (DH) key agreement protocol (ECDHE) based on elliptic curve type signcryption scheme (EC, Elliptic Curve);

仅采用预共享密钥模式(pre-shared key，PSK)，也即PSK-only；Only the pre-shared key mode (PSK) is used, that is, PSK-only;

PSK随附ECDHE。PSK comes with ECDHE.

以ECDHE的密钥交换算法为例，可选地，在步骤S110，所获取的第二认证端(如为客户端)发送的第一握手消息中包括随机数C和扩展参数，其中扩展参数包括第二认证端的所支持版本supported_version、所支持组supported_groups、签名列表signatureschemlist和共享密钥key_shared。可选地，所支持组supported_groups携带第二认证端所支持的至少一椭圆曲线类型，且第二认证端对所支持的每一椭圆曲线类型计算公钥POINT(Ha)，可选地，所计算的公钥通过共享密钥key_shared携带。Taking the key exchange algorithm of ECDHE as an example, optionally, in step S110, the acquired first handshake message sent by the second authentication terminal (such as a client) includes a random number C and an extended parameter, wherein the extended parameter includes The supported version supported_version, the supported group supported_groups, the signature list signatureschemlist and the shared key key_shared of the second authentication terminal. Optionally, the supported group supported_groups carries at least one elliptic curve type supported by the second authenticating end, and the second authenticating end calculates the public key POINT(Ha) for each supported elliptic curve type, optionally, the calculated The public key is carried through the shared key key_shared.

可选地，公钥POINT(Ha)可以根据随机数C计算确定。Optionally, the public key POINT(Ha) can be calculated and determined according to the random number C.

进一步地，第一认证端获取第二认证端发送的第一握手消息后，根据第一握手消息中所携带的至少一椭圆曲线类型，确定目标椭圆曲线类型，以及根据所确定的椭圆曲线类型，确定第一认证端的用于秘钥协商的公钥。Further, after the first authentication terminal obtains the first handshake message sent by the second authentication terminal, the target elliptic curve type is determined according to at least one elliptic curve type carried in the first handshake message, and according to the determined elliptic curve type, Determine the public key of the first authenticator for key negotiation.

可选地，所述第一认证端的用于秘钥协商的公钥为用于迪菲-赫尔曼(Diffie–Hellman，DH)秘钥协商的公钥。Optionally, the public key used for the key negotiation of the first authenticating end is the public key used for the Diffie-Hellman (Diffie-Hellman, DH) key negotiation.

具体地，第一认证端根据所接收的第一握手消息，选择所采用的椭圆曲线类型并通过共享密钥key_shared确定相对应的第二认证端的公钥POINT(Ha)，根据第一认证端的私钥random_S(或为私钥db)和第一认证端的公钥，确定第一认证端的用于秘钥协商的公钥POINT(Hb)。Specifically, the first authenticating end selects the adopted elliptic curve type according to the received first handshake message and determines the corresponding public key POINT(Ha) of the second authenticating end through the shared key key_shared. The key random_S (or the private key db) and the public key of the first authenticating end determine the public key POINT(Hb) of the first authenticating end that is used for key negotiation.

可选地，第二认证端的用于秘钥协商的公钥的计算方式为：POINT(Ha)＝Random_C*基点G；第一认证端的公钥的计算方式为：POINT(Hb)＝random_S*基点G。Optionally, the calculation method of the public key used for the secret key negotiation of the second authentication end is: POINT(Ha)=Random_C*base point G; the calculation method of the public key of the first authentication end is: POINT(Hb)=random_S*base point G.

进一步地，第一认证端还根据私钥random_S和第二认证端的公钥Ha计算主密钥H(X，Y)，并选择主密钥的X坐标作为握手密钥handshake_secret，根据选择的加密方式，通过握手密钥handshake_secret加密所需要发送的第二握手消息。本发明实施例中，可选地，第一握手消息中所携带、第二认证端所支持的椭圆曲线类型包括并不限于仅能够包括secp256r1、secp384r1、secp521r1、x25519和x448。其中，第一认证端可以选择上述椭圆曲线类型中的其中一种用于密钥协商。Further, the first authentication terminal also calculates the master key H(X, Y) according to the private key random_S and the public key Ha of the second authentication terminal, and selects the X coordinate of the master key as the handshake key handshake_secret, according to the selected encryption method. , encrypt the second handshake message to be sent by the handshake key handshake_secret. In this embodiment of the present invention, optionally, the elliptic curve type carried in the first handshake message and supported by the second authentication terminal includes but is not limited to only including secp256r1, secp384r1, secp521r1, x25519, and x448. The first authentication end may select one of the above elliptic curve types for key negotiation.

基于上述的TSL握手过程的基础上，所构建的EAP-TLS-IBS的流程，通过第二认证端向第一认证端所发送签名算法signature_algorithm信息提供所支持的签名算法，通过服务端证书类型server_certificate_type和客户端证书类型client_certificate_type标识可支持的证书类型。Based on the above-mentioned TSL handshake process, the constructed EAP-TLS-IBS process provides the supported signature algorithm through the signature algorithm signature_algorithm information sent by the second authentication end to the first authentication end, through the server certificate type server_certificate_type and client certificate type client_certificate_type identifies the supported certificate types.

具体地，如图2所示，EAP-TLS-IBS的认证流程主要包括：Specifically, as shown in Figure 2, the authentication process of EAP-TLS-IBS mainly includes:

S201，第一认证端(服务端)向第二认证端(客户端)发送EAP请求；S201, a first authentication end (server) sends an EAP request to a second authentication end (client);

S202，第二认证端向第一认证端发送第一认证信息；S202, the second authentication terminal sends the first authentication information to the first authentication terminal;

S203，第一认证端向第二认证端发送第二认证信息；S203, the first authentication end sends the second authentication information to the second authentication end;

S204，第二认证端向第一认证端发送第三认证信息；S204, the second authentication terminal sends third authentication information to the first authentication terminal;

S205，认证结束。S205, the authentication ends.

具体地，第一认证信息包括第一握手信息，第一握手信息携带的信息包括：Specifically, the first authentication information includes first handshake information, and the information carried in the first handshake information includes:

支持的加密套件；supported cipher suites;

所支持版本supported_version扩展；Supported version supported_version extension;

所支持组supported_groups扩展，包括所支持的椭圆曲线类型；Supported groups supported_groups extension, including supported elliptic curve types;

第一证书指示信息。The first certificate indication information.

其中，该第一证书指示信息包括：Wherein, the first certificate indication information includes:

签名算法signature_algorithm，用于指示第二认证端所支持的IBS签名算法；signature algorithm signature_algorithm, used to indicate the IBS signature algorithm supported by the second authentication terminal;

第一证书类型信息，用于指示所述第二认证端能够处理的证书类型；也可以称为服务证书类型server_certificate_type；The first certificate type information, which is used to indicate the certificate type that the second authentication terminal can handle; it may also be referred to as the service certificate type server_certificate_type;

第二证书类型信息，用于指示所述第二认证端能够提供的证书类型；也可以称为客户证书类型client_certificate_Type。The second certificate type information is used to indicate the certificate type that the second authentication end can provide; it may also be referred to as the client certificate type client_certificate_Type.

基于包括上述信息的第一认证信息，第一认证端向第二认证端发送第二认证信息，第二认证信息包括上述的第二握手信息，且携带信息：Based on the first authentication information including the above information, the first authentication terminal sends the second authentication information to the second authentication terminal, and the second authentication information includes the above-mentioned second handshake information and carries the information:

第一认证端所支持的版本supproted_versions，包括第一认证端由第二认证端发送的所支持版本supported_version中选择的TLS协议版本号；The versions supported_versions supported by the first authenticator include the TLS protocol version number selected by the first authenticator from the supported versions supported_version sent by the second authenticator;

共享密钥key_shared扩展，用于指示根据第二认证端所发送的椭圆曲线类型所选择的目标椭圆曲线类型，以及根据所选择的目标椭圆曲线类型计算的第一认证端的用于秘钥协商的公钥。The shared key key_shared extension is used to indicate the target elliptic curve type selected according to the elliptic curve type sent by the second authenticating end, and the public key used for key negotiation calculated by the first authenticating end according to the selected target elliptic curve type. key.

进一步地，第二认证信息还包括：第二证书指示信息。Further, the second authentication information further includes: second certificate indication information.

本发明实施例中，所述第二证书指示信息包括：In this embodiment of the present invention, the second certificate indication information includes:

证书Certificate信息，包括所述第一认证端的身份信息、所述第一认证端的公开参数信息和所述第一认证端所属秘钥生成中心的公开参数信息；Certificate information, including the identity information of the first authentication terminal, the public parameter information of the first authentication terminal, and the public parameter information of the key generation center to which the first authentication terminal belongs;

证书检验Certificate Verify信息，包括采用所述目标椭圆曲线类型对应的签名算法，对所述证书信息进行签名的签名值；Certificate Verify information, including a signature value for signing the certificate information using a signature algorithm corresponding to the target elliptic curve type;

证书请求Certificate Reuqest信息，包括用于请求采用所述目标椭圆曲线类型对应的签名算法用于身份验证的请求信息。The certificate request Certificate Reuqest information includes request information for requesting to use the signature algorithm corresponding to the target elliptic curve type for authentication.

可选地，在Certificate信息中，第一认证端的公开参数信息包括：所述第一认证端的用于秘钥协商的公钥、所述签名算法和所述签名算法的公开参数的哈希值。Optionally, in the Certificate information, the public parameter information of the first authenticator includes: a public key of the first authenticator used for key negotiation, the signature algorithm, and a hash value of the public parameter of the signature algorithm.

在步骤S140，采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证的过程中，第一认证端根据第一握手消息中的第一证书指示信息，向第二认证端发送第二证书指示信息。In step S140, using the signature algorithm corresponding to the target elliptic curve type, in the process of performing identity-based digital signature IBS identity verification with the second authenticating end, the first authenticating end uses the first authentication end in the first handshake message according to the first certificate indication information, and send the second certificate indication information to the second authentication end.

采用上述实施方式，第一认证端在收到第一握手消息后会选择所使用的密钥交换算法，即在所支持组supported_groups中选择其中之一的椭圆曲线类型作为目标椭圆曲线类型。根据以上，目前supported_groups支持五类类型的基于椭圆曲线的密钥交换算法：secp256r1、secp384r1、secp521r1、x25519和x448。With the above-mentioned embodiment, the first authenticating end will select the key exchange algorithm to be used after receiving the first handshake message, that is, select one of the elliptic curve types in the supported_groups as the target elliptic curve type. According to the above, currently supported_groups supports five types of elliptic curve-based key exchange algorithms: secp256r1, secp384r1, secp521r1, x25519, and x448.

在此基础上，第二认证端发送的第一握手消息的key_share里面会预存所列出的椭圆曲线类型对应的public key。第一认证端发送的第二握手消息会在共享密钥扩展Keyshare Extension中明确指出选择的椭圆曲线类型，以及计算得出的第一认证端的用于秘钥协商的公钥发送给第二认证端。On this basis, the public key corresponding to the listed elliptic curve type is pre-stored in the key_share of the first handshake message sent by the second authenticating end. The second handshake message sent by the first authenticating end will clearly indicate the selected elliptic curve type in the shared key extension Keyshare Extension, and the calculated public key of the first authenticating end for key negotiation will be sent to the second authenticating end .

其中，在第一认证端选择使用证书类型后，获取在密钥交换算法过程中已选中的椭圆曲线类型作为IBS的签名曲线。Wherein, after the first authentication end selects the certificate type to be used, the elliptic curve type selected in the key exchange algorithm process is obtained as the signature curve of the IBS.

由于第一认证端采用所述目标椭圆曲线类型对应的签名算法，对所述证书信息进行签名，且通过Certificate Reuqest信息请求第二认证端采用所述目标椭圆曲线类型对应的签名算法用于身份验证的请求信息，第二认证端接收certificate和certificateVerify之后使用第一认证端的身份信息serverID、certificate消息、签名值进行验签操作，验签通过则表示身份验证通过。而且，同样第一认证端也对第二认证端作相同的身份验证操作。Because the first authenticating end uses the signature algorithm corresponding to the target elliptic curve type to sign the certificate information, and requests the second authenticating end to use the signature algorithm corresponding to the target elliptic curve type for identity verification through the Certificate Reuqest information After receiving the certificate and certificateVerify, the second authentication terminal uses the identity information serverID, certificate message, and signature value of the first authentication terminal to perform the signature verification operation. Passing the signature verification means that the identity verification is passed. Moreover, the first authentication terminal also performs the same identity verification operation on the second authentication terminal.

采用上述实施方式，TLS握手的密钥交换过程与IBS签名所使用的椭圆曲线类型复用为同一椭圆曲线类型，以能够解决采用现有技术的认证方式，运算过程复杂的问题。With the above embodiment, the key exchange process of the TLS handshake and the elliptic curve type used for the IBS signature are multiplexed into the same elliptic curve type, so as to solve the problem of complicated computing process in the authentication method of the prior art.

可选地，所述的认证方法中，第一认证端在发送第二握手信息后，立刻发送加密扩展Encrypted Extension信息，该信息为第一个被加密的数据，包括与密钥协商无关的扩展数据，用于指示给第二认证端。Optionally, in the authentication method, after sending the second handshake information, the first authentication end immediately sends Encrypted Extension information, which is the first encrypted data, including extensions unrelated to key negotiation. data, used to indicate to the second authentication terminal.

进一步，第二证书指示信息还包括：Further, the second certificate indication information further includes:

所述第二证书指示信息还包括：The second certificate indication information further includes:

第三证书类型信息server_certificate_type，用于指示在证书负载中的证书类型；The third certificate type information server_certificate_type is used to indicate the certificate type in the certificate payload;

第四证书类型信息client_certificate_Type，用于指示所述第二认证端要求提供的证书类型。The fourth certificate type information client_certificate_Type is used to indicate the certificate type required to be provided by the second authentication terminal.

在依次完成上述的第二证书指示信息的发送之后，第一认证端向第二认证端发送结束消息，该结束消息也是身份验证阶段的最后一条消息，用于握手报文的完整性的检测。此外，该结束消息还提供密钥确认，将端点的身份绑定到交互的密钥。After completing the sending of the above-mentioned second certificate indication information in sequence, the first authentication end sends an end message to the second authentication end, where the end message is also the last message in the identity verification phase, and is used for checking the integrity of the handshake message. In addition, the end message provides key confirmation, binding the identity of the endpoint to the key of the interaction.

进一步，在完成上述的第二证书指示信息的发送之后，第一认证端发送应用数据Application Data，该应用数据Application Data受应用密钥保护。Further, after completing the sending of the above-mentioned second certificate indication information, the first authentication end sends application data Application Data, where the application data Application Data is protected by the application key.

可选地，所述方法还包括：Optionally, the method further includes:

向所述第二认证端发送第二证书指示信息，包括：Sending second certificate indication information to the second authentication terminal, including:

具体地，利用密钥材料和Client Hello、Server Hello两个报文的哈希值，基于HKDF算法可以计算出一个handshake_key，此后握手阶段的server_certificate_type、client_certificate_Type、Encrypted Extension、Certificate、Certificate Verify、CertificateReuqest、Finished报文都受该密钥保护。Specifically, using the key material and the hash values of the Client Hello and Server Hello packets, a handshake_key can be calculated based on the HKDF algorithm, and then the server_certificate_type, client_certificate_Type, Encrypted Extension, Certificate, Certificate Verify, CertificateReuqest, Finished in the handshake phase. Messages are protected by this key.

可选地，本发明实施例所述认证方法，还包括：Optionally, the authentication method according to the embodiment of the present invention further includes:

需要说明的是，第三证书指示信息包括：It should be noted that the third certificate indication information includes:

证书Certificate信息，包括所述第二认证端的公开参数信息和用户信息；Certificate information, including public parameter information and user information of the second authentication terminal;

证书检验Certificate Verify信息，包括采用所述目标椭圆曲线类型对应的签名算法，对所述证书信息进行签名的签名值。The certificate verification information includes a signature value for signing the certificate information using a signature algorithm corresponding to the target elliptic curve type.

可选地，第二认证端的公开参数信息包括：所述第二认证端的用于秘钥协商的公钥、所述签名算法和所述签名算法的公开参数的哈希值。Optionally, the public parameter information of the second authenticator includes: a public key of the second authenticator used for key negotiation, the signature algorithm, and a hash value of the public parameter of the signature algorithm.

其中，第一认证端根据第二认证端发送的第三证书指示信息，采用上述方式确定的目标椭圆曲线类型对应的签名算法，对Certificate信息和签名值进行验签操作。The first authentication end uses the signature algorithm corresponding to the target elliptic curve type determined in the above manner to perform a signature verification operation on the certificate information and the signature value according to the third certificate indication information sent by the second authentication end.

采用上述过程，通过相同的目标椭圆曲线对应的签名算法，第一认证端也对第二认证端执行相同的身份验证操作。Using the above process, the first authentication end also performs the same identity verification operation on the second authentication end through the signature algorithm corresponding to the same target elliptic curve.

本发明实施例所述认证方法，使IBS签名所使用的椭圆曲线类型与TLS握手过程中所使用的椭圆曲线类型，复用为同一条椭圆曲线类型，能够解决采用现有技术的认证方式，运算过程复杂的问题。The authentication method according to the embodiment of the present invention enables the elliptic curve type used in the IBS signature and the elliptic curve type used in the TLS handshake process to be multiplexed into the same elliptic curve type, which can solve the problem of using the prior art authentication method, computing complex process.

本发明实施例另一方面还提供一种认证方法，应用于第二认证端，如图3所示，所述方法包括：Another aspect of the embodiment of the present invention further provides an authentication method, which is applied to the second authentication terminal. As shown in FIG. 3 , the method includes:

S310，向第一认证端发送第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；S310: Send a first handshake message to the first authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

S320，获取所述第一认证端响应所述第一握手消息发送的第二握手消息；所述第二握手消息包括所述第一认证端根据至少一所述椭圆曲线类型所选择的目标椭圆曲线类型，以及根据所述目标椭圆曲线类型确定的所述第一认证端的用于秘钥协商的公钥；S320: Acquire a second handshake message sent by the first authentication terminal in response to the first handshake message; the second handshake message includes a target elliptic curve selected by the first authentication terminal according to at least one of the elliptic curve types type, and the public key for key negotiation of the first authenticating end determined according to the target elliptic curve type;

S330，采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证。S330, using the signature algorithm corresponding to the target elliptic curve type, to perform the identity verification of the identity-based digital signature IBS with the first authentication terminal.

采用本发明实施例所述认证方法，在第一认证端和第二认证端的认证过程中，IBS签名所使用的椭圆曲线类型与TLS握手过程中所使用的椭圆曲线类型，复用为同一条椭圆曲线类型，能够解决采用现有技术的认证方式，运算过程复杂的问题。With the authentication method according to the embodiment of the present invention, in the authentication process of the first authentication end and the second authentication end, the elliptic curve type used in the IBS signature and the elliptic curve type used in the TLS handshake process are multiplexed into the same ellipse The curve type can solve the problem that the authentication method of the prior art is used and the calculation process is complicated.

可选地，所述的认证方法，其中，在步骤S330，采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证，包括：Optionally, the authentication method, wherein, in step S330, using the signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS authentication with the first authentication terminal, including:

本发明实施例中，第一认证指示信息、第二认证指示信息和第三认证指示信息中所包括各信息的内容，以及第一认证端和第二认证端的认证过程可以参阅以上的详细描述，在此不再说明。In this embodiment of the present invention, the content of each information included in the first authentication indication information, the second authentication indication information, and the third authentication indication information, and the authentication process of the first authentication end and the second authentication end may refer to the above detailed description, It will not be described here.

本发明实施例还提供一种认证端设备，所述认证端设备为第一认证端，如图4所示，包括收发机410和处理器420，其中：An embodiment of the present invention further provides an authentication end device, where the authentication end device is a first authentication end, as shown in FIG. 4 , including a transceiver 410 and a processor 420, wherein:

所述收发机410用于，获取第二认证端发送的第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；The transceiver 410 is configured to obtain a first handshake message sent by the second authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

所述处理器420用于，根据至少一所述椭圆曲线类型中的目标椭圆曲线类型，确定所述第一认证端的用于秘钥协商的公钥；The processor 420 is configured to, according to the target elliptic curve type in at least one of the elliptic curve types, determine the public key used for key negotiation of the first authentication end;

所述收发机410还用于，向所述第二认证端发送第二握手消息；所述第二握手消息包括所述目标椭圆曲线类型和所述公钥；The transceiver 410 is further configured to send a second handshake message to the second authentication terminal; the second handshake message includes the target elliptic curve type and the public key;

所述处理器420还用于，采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证。The processor 420 is further configured to use the signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS authentication with the second authentication terminal.

可选地，所述的认证设备，其中，所述处理器420采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证，包括：Optionally, in the authentication device, wherein the processor 420 adopts a signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS authentication with the second authentication terminal, including:

可选地，所述的认证设备，其中，所述第一认证端的公开参数信息包括：所述第一认证端的用于秘钥协商的公钥、所述签名算法和所述签名算法的公开参数的哈希值。Optionally, the authentication device, wherein the public parameter information of the first authenticating end includes: the public key of the first authenticating end used for key negotiation, the signature algorithm, and the public parameters of the signature algorithm hash value.

可选地，所述的认证设备，其中，所述第一证书指示信息包括：Optionally, the authentication device, wherein the first certificate indication information includes:

可选地，所述的认证设备，其中，所述第二证书指示信息还包括：Optionally, the authentication device, wherein the second certificate indication information further includes:

可选地，所述的认证设备，其中，所述处理器420向所述第二认证端发送第二证书指示信息，包括：Optionally, in the authentication device, wherein the processor 420 sends the second certificate indication information to the second authentication terminal, including:

可选地，所述的认证设备，其中，所述处理器420还用于：Optionally, in the authentication device, the processor 420 is further configured to:

本发明实施例还提供一种认证端设备，所述认证端设备为第二认证端，如图5所示，包括收发机510和处理器520，其中：An embodiment of the present invention further provides an authentication end device, where the authentication end device is a second authentication end, as shown in FIG. 5 , including a transceiver 510 and a processor 520, wherein:

所述收发机510用于，向第一认证端发送第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；以及The transceiver 510 is configured to send a first handshake message to the first authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal; and

所述处理器520用于，采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证。The processor 520 is configured to use the signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS authentication with the first authentication terminal.

可选地，所述的认证装置，其中，所述处理器520采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证，包括：Optionally, in the authentication apparatus, wherein the processor 520 adopts a signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS authentication with the first authentication terminal, including:

可选地，所述的认证装置，其中，所述第一认证端的公开参数信息包括：所述第一认证端的用于秘钥协商的公钥、所述签名算法和所述签名算法的公开参数的哈希值。Optionally, the authentication apparatus, wherein the public parameter information of the first authenticating end includes: the public key of the first authenticating end used for key negotiation, the signature algorithm, and the public parameters of the signature algorithm hash value.

可选地，所述的认证装置，其中，所述第一握手信息中包括第一证书指示信息，其中所述第一认证端根据所述第一证书指示信息，发送所述第二认证指示信息；Optionally, the authentication apparatus, wherein the first handshake information includes first certificate indication information, wherein the first authentication end sends the second authentication indication information according to the first certificate indication information ;

可选地，所述的认证装置，其中，所述第二证书指示信息还包括：Optionally, in the authentication apparatus, the second certificate indication information further includes:

可选地，所述的认证装置，其中，所述处理器520采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证，还包括：Optionally, in the authentication apparatus, wherein the processor 520 uses a signature algorithm corresponding to the target elliptic curve type to perform identity verification based on the identity-based digital signature IBS with the first authentication terminal, further comprising:

本发明实施例还提供一种认证装置，应用于第一认证端，如图6所示，所述装置包括：An embodiment of the present invention further provides an authentication device, which is applied to the first authentication terminal. As shown in FIG. 6 , the device includes:

第一消息获取模块610，用于获取第二认证端发送的第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；A first message acquisition module 610, configured to acquire a first handshake message sent by a second authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

第一处理模块620，用于根据至少一所述椭圆曲线类型中的目标椭圆曲线类型，确定所述第一认证端的用于秘钥协商的公钥；a first processing module 620, configured to determine, according to at least one target elliptic curve type in the elliptic curve type, a public key used for key negotiation of the first authentication end;

第一消息发送模块630，用于向所述第二认证端发送第二握手消息；所述第二握手消息包括所述目标椭圆曲线类型和所述公钥；a first message sending module 630, configured to send a second handshake message to the second authentication terminal; the second handshake message includes the target elliptic curve type and the public key;

第二处理模块640，用于采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证。The second processing module 640 is configured to use the signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS identity verification with the second authentication terminal.

可选地，所述的认证装置，其中，第二处理模块640采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证，包括：Optionally, in the authentication apparatus, wherein the second processing module 640 adopts the signature algorithm corresponding to the target elliptic curve type to perform identity verification based on the digital signature IBS with the second authentication terminal, including:

可选地，所述的认证装置，其中，所述第一证书指示信息包括：Optionally, the authentication device, wherein the first certificate indication information includes:

可选地，所述的认证装置，其中，向所述第二认证端发送第二证书指示信息，包括：Optionally, the authentication apparatus, wherein sending the second certificate indication information to the second authentication terminal includes:

可选地，所述的认证装置，其中，第二处理模块640还用于：Optionally, in the authentication device, the second processing module 640 is further configured to:

本发明实施例还提供一种认证装置，应用于第二认证端，如图7所示，所述装置包括：An embodiment of the present invention further provides an authentication device, which is applied to the second authentication terminal. As shown in FIG. 7 , the device includes:

第二消息发送模块710，用于向第一认证端发送第一握手消息；所述第一握手消息包括所述第二认证端所支持的至少一椭圆曲线类型；The second message sending module 710 is configured to send a first handshake message to the first authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

第二消息获取模块720，用于获取所述第一认证端响应所述第一握手消息发送的第二握手消息；所述第二握手消息包括所述第一认证端根据至少一所述椭圆曲线类型所选择的目标椭圆曲线类型，以及根据所述目标椭圆曲线类型确定的所述第一认证端的用于秘钥协商的公钥；A second message acquisition module 720, configured to acquire a second handshake message sent by the first authentication terminal in response to the first handshake message; the second handshake message includes the first authentication terminal according to at least one of the elliptic curves. the target elliptic curve type selected by the type, and the public key used for key negotiation of the first authenticating end determined according to the target elliptic curve type;

第三处理模块730，用于采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证。The third processing module 730 is configured to use the signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS authentication with the first authentication terminal.

可选地，所述的认证装置，其中，第三处理模块730采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证，包括：Optionally, in the authentication apparatus, wherein the third processing module 730 adopts the signature algorithm corresponding to the target elliptic curve type to perform identity verification based on the digital signature IBS with the first authentication terminal, including:

可选地，所述的认证装置，其中，第三处理模块730采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证，还包括：Optionally, in the authentication device, wherein the third processing module 730 adopts the signature algorithm corresponding to the target elliptic curve type to perform identity verification based on the digital signature IBS with the first authentication terminal, further comprising:

本发明实施例另一方面还提供一种认证设备，可选地，所述认证设备为第一认证端，如图8所示，包括：处理器801；以及通过总线接口802与所述处理器801相连接的存储器803，所述存储器803用于存储所述处理器801在执行操作时所使用的程序和数据，处理器801调用并执行所述存储器803中所存储的程序和数据。Another aspect of an embodiment of the present invention further provides an authentication device. Optionally, the authentication device is a first authentication terminal, as shown in FIG. 8 , including: a processor 801 ; and a bus interface 802 communicates with the processor A memory 803 connected to 801 is used for storing programs and data used by the processor 801 when performing operations, and the processor 801 calls and executes the programs and data stored in the memory 803 .

其中，收发机804与总线接口802连接，用于在处理器801的控制下接收和发送数据，具体地，处理器801用于读取存储器803中的程序，执行下列过程：Wherein, the transceiver 804 is connected with the bus interface 802, and is used for receiving and sending data under the control of the processor 801. Specifically, the processor 801 is used to read the program in the memory 803, and execute the following process:

可选地，所述的认证设备，其中，处理器801采用所述目标椭圆曲线类型对应的签名算法，与所述第二认证端进行基于身份的数字签名IBS的身份验证，包括：Optionally, in the authentication device, wherein the processor 801 adopts the signature algorithm corresponding to the target elliptic curve type to perform the identity verification based on the identity-based digital signature IBS with the second authentication terminal, including:

可选地，所述的认证设备，其中，向所述第二认证端发送第二证书指示信息，包括：Optionally, the authentication device, wherein sending the second certificate indication information to the second authentication terminal includes:

可选地，所述的认证设备，其中，处理器801还用于：Optionally, in the authentication device, the processor 801 is further configured to:

其中，在图8中，总线架构可以包括任意数量的互联的总线和桥，具体由处理器801代表的一个或多个处理器和存储器803代表的存储器的各种电路链接在一起。总线架构还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起，这些都是本领域所公知的，因此，本文不再对其进行进一步描述。总线接口提供接口。收发机804可以是多个元件，即包括发送机和接收机，提供用于在传输介质上与各种其他装置通信的单元。处理器801负责管理总线架构和通常的处理，存储器803可以存储处理器801在执行操作时所使用的数据。8, the bus architecture may include any number of interconnected buses and bridges, specifically, one or more processors represented by processor 801 and various circuits of memory represented by memory 803 are linked together. The bus architecture may also link together various other circuits, such as peripherals, voltage regulators, and power management circuits, which are well known in the art and, therefore, will not be described further herein. The bus interface provides the interface. Transceiver 804 may be a number of elements, including a transmitter and a receiver, that provide a means for communicating with various other devices over a transmission medium. The processor 801 is responsible for managing the bus architecture and general processing, and the memory 803 may store data used by the processor 801 in performing operations.

本领域技术人员可以理解，实现上述实施例的全部或者部分步骤可以通过硬件来完成，也可以通过程序来指示相关的硬件来完成，所述程序包括执行上述方法的部分或者全部步骤的指令；且该程序可以存储于一可读存储介质中，存储介质可以是任何形式的存储介质。Those skilled in the art can understand that all or part of the steps of implementing the above-mentioned embodiments can be completed by hardware, or can be completed by instructing relevant hardware through a program, and the program includes instructions for executing part or all of the steps of the above-mentioned method; and The program may be stored in a readable storage medium, which may be any form of storage medium.

本发明实施例另一方面还提供一种认证设备，可选地，所述认证设备为第二认证端，如图9所示，包括：处理器901；以及通过总线接口902与所述处理器901相连接的存储器903，所述存储器903用于存储所述处理器901在执行操作时所使用的程序和数据，处理器901调用并执行所述存储器903中所存储的程序和数据。Another aspect of an embodiment of the present invention further provides an authentication device. Optionally, the authentication device is a second authentication terminal, as shown in FIG. 9 , including: a processor 901 ; and a bus interface 902 communicates with the processor 901 is connected to a memory 903, the memory 903 is used for storing programs and data used by the processor 901 when performing operations, and the processor 901 calls and executes the programs and data stored in the memory 903.

其中，收发机904与总线接口902连接，用于在处理器901的控制下接收和发送数据，具体地，处理器901用于读取存储器903中的程序，执行下列过程：Wherein, the transceiver 904 is connected with the bus interface 902, and is used for receiving and sending data under the control of the processor 901. Specifically, the processor 901 is used to read the program in the memory 903, and execute the following process:

可选地，所述的认证设备，其中，处理器901采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证，包括：Optionally, in the authentication device, wherein the processor 901 adopts the signature algorithm corresponding to the target elliptic curve type, and performs the identity verification based on the identity-based digital signature IBS with the first authentication terminal, including:

可选地，所述的认证设备，其中，所述第一握手信息中包括第一证书指示信息，其中所述第一认证端根据所述第一证书指示信息，发送所述第二认证指示信息；Optionally, the authentication device, wherein the first handshake information includes first certificate indication information, wherein the first authentication end sends the second authentication indication information according to the first certificate indication information ;

可选地，所述的认证设备，其中，处理器901采用所述目标椭圆曲线类型对应的签名算法，与所述第一认证端进行基于身份的数字签名IBS的身份验证，还包括：Optionally, in the authentication device, wherein the processor 901 adopts the signature algorithm corresponding to the target elliptic curve type to perform identity verification based on the digital signature IBS with the first authentication terminal, further comprising:

其中，在图9中，总线架构可以包括任意数量的互联的总线和桥，具体由处理器901代表的一个或多个处理器和存储器903代表的存储器的各种电路链接在一起。总线架构还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起，这些都是本领域所公知的，因此，本文不再对其进行进一步描述。总线接口提供接口。收发机904可以是多个元件，即包括发送机和接收机，提供用于在传输介质上与各种其他装置通信的单元。处理器901负责管理总线架构和通常的处理，存储器903可以存储处理器901在执行操作时所使用的数据。9, the bus architecture may include any number of interconnected buses and bridges, specifically, one or more processors represented by processor 901 and various circuits of memory represented by memory 903 are linked together. The bus architecture may also link together various other circuits, such as peripherals, voltage regulators, and power management circuits, which are well known in the art and, therefore, will not be described further herein. The bus interface provides the interface. Transceiver 904 may be a number of elements, including a transmitter and a receiver, that provide a means for communicating with various other devices over a transmission medium. The processor 901 is responsible for managing the bus architecture and general processing, and the memory 903 may store data used by the processor 901 in performing operations.

另外，本发明具体实施例还提供一种计算机可读存储介质，其上存储有计算机程序，其中，该程序被处理器执行时实现如上中任一项所述的认证方法中的步骤。In addition, specific embodiments of the present invention also provide a computer-readable storage medium on which a computer program is stored, wherein when the program is executed by a processor, the steps in any one of the authentication methods described above are implemented.

在本申请所提供的几个实施例中，应该理解到，所揭露方法和装置，可以通过其它的方式实现。例如，以上所描述的装置实施例仅仅是示意性的，例如，所述单元的划分，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式，例如多个单元或组件可以结合或者可以集成到另一个系统，或一些特征可以忽略，或不执行。另一点，所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口，装置或单元的间接耦合或通信连接，可以是电性，机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed method and apparatus may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.

另外，在本发明各个实施例中的各功能单元可以集成在一个处理单元中，也可以是各个单元单独物理包括，也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现，也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may be physically included individually, or two or more units may be integrated into one unit. The above-mentioned integrated unit may be implemented in the form of hardware, or may be implemented in the form of hardware plus software functional units.

上述以软件功能单元的形式实现的集成的单元，可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中，包括若干指令用使得一台计算机设备(可以是个人计算机，服务器，或者网络设备等)执行本发明各个实施例所述收发方法的部分步骤。而前述的存储介质包括：U盘、移动硬盘、只读存储器(Read-Only Memory，简称ROM)、随机存取存储器(Random Access Memory，简称RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-mentioned integrated units implemented in the form of software functional units can be stored in a computer-readable storage medium. The above-mentioned software functional unit is stored in a storage medium, and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to execute part of the steps of the transceiving method described in the various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM for short), Random Access Memory (RAM for short), magnetic disk or CD, etc. that can store program codes medium.

以上所述的是本发明的优选实施方式，应当指出对于本技术领域的普通人员来说，在不脱离本发明所述原理前提下，还可以作出若干改进和润饰，这些改进和润饰也应视为本发明的保护范围。The above are the preferred embodiments of the present invention. It should be pointed out that for those skilled in the art, several improvements and modifications can be made without departing from the principles of the present invention, and these improvements and modifications should also be considered as It is the protection scope of the present invention.

Claims

1. An authentication method, applied to a first authentication terminal, characterized in that the method comprises:

Acquire a first handshake message sent by the second authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

determining, according to at least one target elliptic curve type in the elliptic curve type, a public key used for key negotiation of the first authenticating end;

sending a second handshake message to the second authentication terminal; the second handshake message includes the target elliptic curve type and the public key;

Using the signature algorithm corresponding to the target elliptic curve type, the identity verification of the identity-based digital signature IBS is performed with the second authentication terminal.

2. The authentication method according to claim 1, characterized in that, using the signature algorithm corresponding to the target elliptic curve type to carry out the identity verification of the identity-based digital signature IBS with the second authentication terminal, comprising:

sending second certificate indication information to the second authentication terminal according to the first certificate indication information in the first handshake message;

Wherein, the second certificate indication information includes:

certificate information, including the identity information of the first authentication terminal, the public parameter information of the first authentication terminal, and the public parameter information of the key generation center to which the first authentication terminal belongs;

Certificate verification information, including a signature value for signing the certificate information using a signature algorithm corresponding to the target elliptic curve type;

The certificate request information includes request information for requesting to use the signature algorithm corresponding to the target elliptic curve type for identity verification.

3 . The authentication method according to claim 2 , wherein the public parameter information of the first authenticating end comprises: the public key of the first authenticating end used for key negotiation, the signature algorithm and the signature. 3 . A hash of the public parameters of the algorithm.

4. The authentication method according to claim 2, wherein the first certificate indication information comprises:

Signature algorithm information, used to indicate the signature algorithm supported by the second authentication terminal;

first certificate type information, used to indicate the certificate type that the second authentication terminal can handle;

The second certificate type information is used to indicate the certificate type that the second authentication end can provide.

5. The authentication method according to claim 2, wherein the second certificate indication information further comprises:

third certificate type information, used to indicate the certificate type in the certificate payload;

The fourth certificate type information is used to indicate the certificate type required by the second authentication terminal.

6. The authentication method according to claim 2, wherein sending the second certificate indication information to the second authentication terminal comprises:

Encrypt the second certificate indication information by using a handshake key, wherein the handshake key is obtained by calculation according to the first handshake message and the second handshake message;

Send the encrypted second certificate indication information to the second authentication terminal.

7. The authentication method according to claim 2, wherein the method further comprises:

obtaining the third certificate indication information sent by the second authentication terminal;

A signature algorithm corresponding to the target elliptic curve type is used to perform signature verification on the third certificate indication information.

8. An authentication method, applied to a second authentication terminal, characterized in that the method comprises:

sending a first handshake message to the first authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

acquiring a second handshake message sent by the first authentication terminal in response to the first handshake message; the second handshake message includes a target elliptic curve type selected by the first authentication terminal according to at least one of the elliptic curve types, and the public key for key negotiation of the first authentication terminal determined according to the target elliptic curve type;

Using the signature algorithm corresponding to the target elliptic curve type, the identity verification of the identity-based digital signature IBS is performed with the first authentication terminal.

9. The authentication method according to claim 8, characterized in that, using a signature algorithm corresponding to the target elliptic curve type to perform identity verification of an identity-based digital signature (IBS) with the first authentication terminal, comprising:

obtaining the second certificate indication information sent by the first authentication terminal;

Using the signature algorithm corresponding to the target elliptic curve type, perform signature verification on the second certificate indication information;

Wherein, the second certificate indication information includes:

10 . The authentication method according to claim 9 , wherein the public parameter information of the first authenticating end comprises: the public key of the first authenticating end used for key negotiation, the signature algorithm and the signature. 10 . A hash of the public parameters of the algorithm.

11 . The authentication method according to claim 9 , wherein the first handshake information includes first certificate indication information, wherein the first authentication end sends the first certificate indication information according to the first certificate indication information. 12 . 2. Authentication instruction information;

The first certificate indication information includes:

12. The authentication method according to claim 11, wherein the second certificate indication information further comprises:

13. The authentication method according to claim 9, characterized in that, using a signature algorithm corresponding to the target elliptic curve type to perform identity verification based on an identity-based digital signature (IBS) with the first authentication terminal, further comprising:

Sending third certificate indication information to the first authentication end, so that the first authentication end uses a signature algorithm corresponding to the target elliptic curve type to perform signature verification on the third certificate indication information.

14. An authentication end device, the authentication end device being a first authentication end, characterized in that it comprises a transceiver and a processor, wherein:

The transceiver is configured to acquire a first handshake message sent by a second authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

The processor is configured to, according to at least one target elliptic curve type in the elliptic curve type, determine the public key of the first authentication terminal for key negotiation;

The transceiver is further configured to send a second handshake message to the second authentication terminal; the second handshake message includes the target elliptic curve type and the public key;

The processor is further configured to perform identity-based digital signature IBS authentication with the second authentication terminal by using a signature algorithm corresponding to the target elliptic curve type.

15. An authentication end device, the authentication end device being a second authentication end, characterized in that it comprises a transceiver and a processor, wherein:

The transceiver is configured to send a first handshake message to the first authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal; and

The processor is configured to perform identity-based digital signature IBS identity verification with the first authentication terminal by using a signature algorithm corresponding to the target elliptic curve type.

16. An authentication device, applied to a first authentication terminal, characterized in that the device comprises:

a first message acquisition module, configured to acquire a first handshake message sent by a second authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

a first processing module, configured to determine, according to at least one target elliptic curve type in the elliptic curve type, a public key used for key negotiation of the first authentication end;

a first message sending module, configured to send a second handshake message to the second authentication terminal; the second handshake message includes the target elliptic curve type and the public key;

The second processing module is configured to use the signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS authentication with the second authentication terminal.

17. An authentication device, applied to a second authentication terminal, characterized in that the device comprises:

a second message sending module, configured to send a first handshake message to the first authentication terminal; the first handshake message includes at least one elliptic curve type supported by the second authentication terminal;

A second message acquisition module, configured to acquire a second handshake message sent by the first authentication terminal in response to the first handshake message; the second handshake message includes the first authentication terminal according to at least one of the elliptic curve types. the selected target elliptic curve type, and the public key for key negotiation of the first authenticating end determined according to the target elliptic curve type;

The third processing module is configured to use the signature algorithm corresponding to the target elliptic curve type to perform identity-based digital signature IBS authentication with the first authentication terminal.

18. An authentication device, comprising: a processor, a memory, and a program stored on the memory and executable on the processor, the program being executed by the processor to achieve the method as claimed in the claims The authentication method of any one of 1 to 7, or the authentication method of any one of claims 8 to 13 is implemented.

19. A readable storage medium, wherein a program is stored on the readable storage medium, and when the program is executed by a processor, the steps in the authentication method according to any one of claims 1 to 7 are implemented , or implement the steps in the authentication method according to any one of claims 8 to 13 .