TRUSTED MEASUREMENT AND CONTROL NETWORK AUTHENTICATION METHOD BASED ON DOUBLE CRYPTOGRAPHIC VALUES AND CHAOTIC ENCRYPTION

Abstract

The present invention relates to a trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption. The specific method comprises realizing identity authentication and key negotiation processes through double cryptographic values and chaotic public key ciphers and realizing secure transmission and verification of user identity credentials on the basis of building a trust chain through trusted computation for realizing a secure and trusted operating environment, thereby building a secure and trusted data transmission channel. The identity authentication method in the present invention comprises multiple links such as secure generation of user identity identifiers, read protection encapsulation, secure transmission and key negotiation. Each link adopts a unique and confidential cryptographic function for secure data generation, thereby ensuring the security of the authentication device access in an industrial measurement and control network.

Claims

1. A trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption, characterized by comprising the following steps: a control terminal and a measurement-control application server perform consistency analysis to verify the integrity of control terminal software; the control terminal and the measurement-control application server respectively generate user identifier information by using a user cryptographic value and a measurement-control application server cryptographic value, and transmit the information by asymmetric encryption; the control terminal generates a user identity credential; and the measurement-control application server deduces the authenticity of the user identifier information held by a user by analyzing the user identity credential.

2. The trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption according to claim 1, characterized in that the step that the control terminal and the measurement-control application server perform consistency analysis to verify the integrity of control terminal software comprises the following steps: 2a) the terminal device enables the control terminal software module to execute according to a reserved order in a mode of firstly verifying and then jumping, to enhance the integrity of the control terminal software; 2b) a software module code M is transmitted to TPM in the control terminal; SHA-1 engine in the TPM computes a code digital fingerprint PCR of the software module and stores the code digit fingerprint PCR into a platform configuration register by hash extension, i.e., PCR.sub.i=SHA-1(PCR.sub.i∥P.sub.i), to produce an integrity representation log SML; i indicates a digital fingerprint number and SHA-1 indicates a one-way hash function; 2c) the measurement-control application server transmits a challenge string Challenge=Nonce to start integrity verification; the control terminal signs the PCR and Nonce with a private key AIK_SK of the control terminal for an internal platform configuration register, and forms a response message Response=Sign.sub.AIK_SK{PCR, Nonce}∥SML with SML; Sign.sub.AIK_SK indicates that the private key AIK_SK is used for digital signature operation; 2d) the measurement-control application server verifies the digital signature by using a control terminal public key AIK_PK, compares an obtained PCR integrity representative value, i.e., digital fingerprint PCR, with a PCR integrity representative value acquired by the integrity representation log SML, and verifies the integrity of the control terminal software: if consistent, integrity verification is successful; otherwise, verification fails.

3. The trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption according to claim 1, characterized in that the step that the control terminal and the measurement-control application server respectively generate user identifier information by using the user cryptographic value and the measurement-control application server cryptographic value, and transmit the information by asymmetric encryption comprises the following steps: 3a) the measurement-control application server generates user identity identification code F=[h(ID∥x).Math.h(PW∥UPK).sup.β(κ)]mod p by using a server cryptographic value custom-character , a secret function β(.Math.), an ID number provided by a user, a user public key UPK and a hash value of a user cryptographic value PW; h(.Math.) indicates a one-way hash function; x indicates that the measurement-control application server holds a secret value that represents the identity; mod indicates modulo division; 3b) read protection encapsulation is conducted on the user identity identification code F through h(PW∥UPK) to obtain E(F):
E(F)=F⊕h(PW∥UPK) 3c) user identifier information {ID, C, h(PW∥UPK), E(F), EK, p, UN, AN, UC, . . . } composed of an encrypted and encapsulated user identity identification code E(F), a user ID, an encrypted and encapsulated identity authentication key EK, h(PW∥UPK), parameter p, user name UN, an area name AN and a user class UC is encrypted by using a public key UPK, and transmitted to USBKey device; USBKey adopts a private key SPK opposite to the UPK for decryption and saving; USBKey is transmitted and imported for the user identifier information through asymmetric encryption to create a secure channel.

4. The trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption according to claim 3, characterized in that the step that the control terminal generates a user identity credential comprises the following steps: 4a) the terminal device computes an extraction parameter h(PW∥UPK) of the user cryptographic value, de-encapsulates E(F) and restores F by computing F=E(F)⊕(PW∥UPK), and conducts transformation through an identity authentication key K=β(h(x).sup.h(ID) mod p) between the USBKey and the measurement-control application server to obtain a user identity identification code V.sub.1=F.sup.h(K) mod p; h(.Math.) indicates a one-way hash function; mod indicates modulo division; β(.Math.) indicates a secret function; p indicates a parameter; 4b) a user random number R.sub.1 acts on V.sub.1 to obtain a dynamic change user identity credential V.sub.2:
V.sub.2=R.sub.1.sup.h(V.sup.1.sup.∥K) mod p 4c) a time mark T.sub.1 is used for converting and generating a user identity credential of timeliness; (Q.sub.1, Q.sub.2, Q.sub.3)=(V.sub.1⊕h(K|T.sub.1), R.sub.1⊕h(K|T.sub.1),{F6}h(|V.sub.1)); custom-character indicates a server cryptographic value; d) a user identity authentication request (ID, Q.sub.1, Q.sub.2, Q.sub.3, T.sub.1) is finally produced, and transmitted to the measurement-control application server through a network.

5. The trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption according to claim 3, characterized in that the step that the measurement-control application server deduces the authenticity of the user identifier information held by a user by analyzing the user identity credential comprises the following steps: 5a) after receiving the identity authentication request {ID, Q.sub.1, Q.sub.2, Q.sub.3, T.sub.1} transmitted by the terminal device, the measurement-control application server firstly inspects the timeliness: if T−T.sub.1≤threshold ΔT is satisfied, the identity authentication key K=β(h(x).sup.h(ID) mod p) shared with the USBKey is computed through the cryptographic value K, the secret function β(.Math.) and the ID number provided by the user; 5b) next, the random number R.sub.1=Q.sub.2 ⊕h(K∥T.sub.1) is decoupled from Q.sub.2 by using K and T.sub.1; the user identity identification code V.sub.1=Q.sub.1 ⊕(K∥T.sub.1) is restored from Q.sub.1; a random user identity credential V.sub.2=R.sub.1.sup.h(V.sup.1.sup.∥K) mod p and a user identity credential {circumflex over (Q)}.sub.3=h(V.sub.1∥T.sub.1) with the time mark are computed through R.sub.1, V.sub.1 and K; 5c) then, the identity credential {circumflex over (Q)}.sub.3 obtained by restoring of the measurement-control application server is compared with the received identity credential Q.sub.3; the user identification code V.sub.1 and an expected user identity identification code PF=F.sup.h(K) mod p are restored; consistence between V.sub.1 and PF indicates that the user masters the cryptographic value PW, the USBKey provided by a terminal user has the cryptographic values E(F) and EK representing the users, and the user identity of the terminal device is confirmed.

6. The trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption according to claim 5, characterized by further comprising confirming an authentication result, which comprises the following steps: 6a) the measurement-control application server creates an identity verification result parameter AUTH∈{True,False}, generates a random number R.sub.2 and authentication time T.sub.2 and computes a response message parameter:
(P.sub.1,P.sub.2,P.sub.3,P.sub.4)=(R.sub.2⊕h(V.sub.2∥T.sub.2),R.sub.2.sup.V.sup.2 mod p,h(P.sub.2|T.sub.2),AUTH⊕h(K|R.sub.2)); 6b) the measurement-control application server creates an identity authentication confirmation message (P.sub.1, P.sub.3, T.sub.2,AUTH), feeds back the message to the USBKey and also creates a session key Skey=h(K, V.sub.2, P.sub.2, R.sub.1, R.sub.2, T.sub.1, T.sub.2) with the terminal device; 6c) after receiving the confirmation message, the USBKey device inspects the timeliness of the time mark T.sub.2: recomputes the parameter R.sub.2=P.sub.1⊕h(V.sub.2∥T.sub.2), P.sub.2=R.sub.2.sup.V.sup.2 mod p, {circumflex over (P)}.sub.3=h(P.sub.2∥T.sub.2) and compares the parameter with P.sub.3 in the confirmation message; {circumflex over (P)}.sub.3=P.sub.3 indicates that the measurement-control application server holds the secret value x and cryptographic function β(.Math.) that represent the identity, can compute the identity authentication key K of the user, and can decouple identity evidence V.sub.2 from the identity authentication request message; an identity authentication decoupling result AUTH=P.sub.4 ⊕h(K|R.sub.2) is reliable; the session key is computed according to 6b).

7. The trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption according to claim 1, characterized in that two measurement and control terminal devices with confirmed valid user identity credentials (Q.sub.1, Q.sub.2, Q.sub.3) after identity authentication conduct communication key negotiation by using a chaotic public key cryptographic algorithm, which comprises the following steps: a) the terminal device A firstly selects a large integer r, a large prime number N and x on a finite field, and computes T.sub.r(x); and connects an own user identity identifier ID.sub.A, a recipient device identity identifier ID.sub.B, x, N and T.sub.r(x), encrypts with a shared session key created between the terminal device A and the measurement-control application server, generates a ciphertext E.sub.TA(ID.sub.A, ID.sub.B, x, N, T.sub.r(x)) and then transmits the ciphertext to the measurement-control application server; r and N are larger than set values; b) after receiving the information transmitted by the terminal device A, the measurement-control application server decrypts the data E.sub.TA(ID.sub.A, ID.sub.B, x, N, T.sub.r(x)) by using a key shared with the terminal device A to verify whether the device A is a legal identity; if verification fails, the decryption is stopped; otherwise, the obtained information is encrypted by using the key shared with the terminal device B to obtain E.sub.TB(ID.sub.B, ID.sub.A, x, N, T.sub.r(x)); and E.sub.TB(ID.sub.B, ID.sub.A, x, N, T.sub.r(x)) is transmitted to the terminal device B; c) after receiving the information, the terminal device B decrypts E.sub.TB(ID.sub.B, ID.sub.A, x, N, T.sub.r(x)) by using the key shared with the measurement-control application server, and then randomly selects a large integer s for computing T.sub.s(x); the identity identifiers ID.sub.B and T.sub.s(x) of the terminal device B are connected and encrypted with the key shared with the measurement-control application server, i.e., E.sub.TB(ID.sub.B,T.sub.s(x)); then, k=T.sub.s(T.sub.r(x)) is computed, and a message confirmation code MAC.sub.B=h.sub.k(ID.sub.B, ID.sub.A, T.sub.r(x)) is computed through Hash function by using k as a key; the terminal device B transmits E.sub.TB(B, T.sub.s(x)) and MAC.sub.B to the measurement-control application server; s is larger than a set value; h.sub.k indicates the Hash function; T.sub.s(x) and T.sub.r(x) indicate computation expressions of the chaotic public key cryptographic algorithm; d) after receiving the information transmitted by the terminal device B, the measurement-control application server decrypts E.sub.TB(ID.sub.B, T.sub.s(x)) by using a key shared with the device B and verifies the identity of the device B; if verification fails, decryption is stopped; otherwise, the measurement-control application server encrypts ID.sub.B and T.sub.s(x) by using a key shared with the device A, i.e., E.sub.TA(ID.sub.B,T.sub.s(x)); then, E.sub.TA(ID.sub.B,T.sub.s(x)) and MAC.sub.B are transmitted to the terminal device A; e) after receiving the information transmitted by the measurement-control application server, the terminal device A computes a message confirmation code MAC′.sub.B=h.sub.k(ID.sub.B, ID.sub.A,T.sub.r(x)) and compares whether MAC′.sub.B is equal to MAC.sub.B; if not, the device A stops negotiation communication with B; otherwise, the device A confirms that B is a true communication object and a session key shared by terminal devices A and B is k=T.sub.s(T.sub.r(x)); the terminal device A transmits an authentication result message MAC.sub.A=h.sub.k(ID.sub.A, ID.sub.B, T.sub.s(x)) to the terminal device B for confirmation; f) the terminal device B computes a Hash function value MAC′.sub.A=h.sub.k(ID.sub.A, ID.sub.B, T.sub.s(x)) by using a key k, and compares whether MAC′.sub.A is equal to received MAC.sub.A; if not, the terminal device B stops negotiation; otherwise, the terminal device A is confirmed as a true communication object; and a session key is k.

Description

DESCRIPTION OF DRAWINGS

[0044] FIG. 1 is a schematic diagram of a software integrity enhancing and verifying method of a control terminal of a trusted measurement and control network authentication technology in the present invention;

[0045] FIG. 2 is a schematic diagram of a secure generation method of user identity identifier information in an identity authentication stage of a trusted measurement and control network in the present invention;

[0046] FIG. 3 is a schematic diagram of a user identity credential generating process in an identity authentication stage of a trusted measurement and control network in the present invention;

[0047] FIG. 4 is a schematic diagram of a user identity verifying process in an identity authentication stage of a trusted measurement and control network in the present invention;

[0048] FIG. 5 is a schematic diagram of an inter-device key negotiation process in an identity authentication stage of a trusted measurement and control network in the present invention; and

[0049] FIG. 6 is a schematic diagram of an authentication method of a trusted measurement and control network in the present invention.

DETAILED DESCRIPTION

[0050] The present invention will be further described in detail below in combination with the drawings and the embodiments.

[0051] As shown in FIG. 6, the present invention relates to a trusted measurement and control network authentication technical method based on double cryptographic values and a chaotic encryption algorithm. The specific method comprises realizing identity authentication and key negotiation processes through double cryptographic values and chaotic public key ciphers and realizing secure transmission and verification of user identity credentials on the basis of building a trust chain through trusted computation for realizing a secure and trusted operating environment, thereby building a secure and trusted data transmission channel. The identity authentication method in the present invention comprises multiple links such as secure generation of user identity identifiers, read protection encapsulation, secure transmission and key negotiation. Each link adopts a unique and confidential cryptographic function for secure data generation, thereby ensuring the security of the authentication device access in an industrial measurement and control network.

[0052] TPM is an abbreviation of a trust platform module, exists for providing a trusted root for the platform in the beginning of establishment of a trust computing chain, and usually refers to a TPM chip.

[0053] SHA-1 engine is an algorithm engine that executes SHA-1 one-way hash function and exists as a cryptographic operation module in the TPM chip.

[0054] 1. Integrity Enhancement and Verification of Software of an Operation Terminal

[0055] As shown in FIG. 1, the operation terminal transmits module digital fingerprints and integrity representation logs collected in a trust chain transmission process to a measurement-control application server based on a trusted computing digital signature method. The application server verifies the software integrity of the measurement and control terminal by performing consistency analysis on non-counterfeit digital fingerprints and the integrity logs. The integrity enhancement and verification process comprises the following relevant steps:

[0056] a) The terminal device enables a control terminal software module to execute according to a reserved order in a mode of firstly verifying and then jumping by using a TPM-based trust chain transmission method, to enhance the software integrity of the control terminal.

[0057] b) A software module code M is simultaneously transmitted to TPM; SHA-1 engine computes a code digital fingerprint of the module and stores the code digit fingerprint into a platform configuration register by hash extension, i.e., PCR.sub.i=SHA-1(PCR.sub.i∥P.sub.i), to produce an integrity representation log SML.

[0058] c) A monitoring module of a control terminal of the measurement-control application server transmits a challenge string Challenge=Nonce to start integrity verification; the control terminal signs the PCR and Nonce with a private key AIK_SK of the control terminal for the PCR register, and forms a response message Response=Sign.sub.AIK_SK{PCR, Nonce}∥SML with SML.

[0059] d) The measurement-control application server verifies the digital signature by using a control terminal public key AIK_PK, compares a PCR integrity representative value with an integrity representative value log SML, and verifies the software integrity of the control terminal.

[0060] 2. Secure Generation of User Identity Identifier Information

[0061] The user identity identifier information of the measurement and control terminal device must have security characteristics such as uniqueness and anti-guessing, and is transmitted and imported into a tamper-proof security storage medium such as USBKey through a secure channel by using the read encapsulation technology; and only a designated user can hold the information.

[0062] As shown in FIG. 2, a secure generation method of user identity identifier information in the identity authentication process based on an idea of double cryptographic values comprises three aspects of user identity identification code generation, read protection encapsulation and user identity identifier information security transmission. The realization process of each stage is as follows:

[0063] a) Generation Method of User Identification Code Having Uniqueness and Anti-Guessing

[0064] The measurement and control system application server generates underivable user identity identification code F=[h(ID∥x).Math.h(PW∥UPK).sup.β(κ)]mod p by using a server cryptographic value κ, a secret function β(.Math.), an ID number provided by a user, a user public key UPK and a hash value of a user cryptographic value PW, thereby completing the generation of the user identification code.

[0065] b) Read Protection Encapsulation Algorithm of User Identity Identification Code

[0066] Read protection encapsulation is conducted on the user identity identification code F through h(PW∥UPK) to obtain E(F):

E(F)=F⊕h(PW∥UPK)

[0067] F can be restored from the USBKey only when the user inputs a correct cryptographic value PW, to continue an identity authentication request process.

[0068] c) Secure Transmission and Import of User Identity Identifier Information

[0069] The measurement-control application server encrypts user identifier information {ID, C, h(PW∥UPK), E(F), EK, p, UN, AN, UC, . . . } composed of an encrypted and encapsulated user identity identification code E(F), a user ID, an encrypted and encapsulated identity authentication key EK, h(PW∥UPK), parameter p, user name UN, an area name AN and a user class UC by using a public key UPK, and transmitted to USBKey device; USBKey adopts a private key SPK opposite to the UPK for decryption and saving; USBKey is transmitted and imported for the user identifier information through an asymmetric encryption technology to create a secure channel.

[0070] 3. Generation of a User Identity Credential

[0071] The user identity credential of the measurement and control terminal device comprises user identification feature codes which shall have security characteristics such as dynamics, timeliness, anti-eavesdropping, recording and replay.

[0072] As shown in FIG. 3, the user identity credential is generated in USBKey; and the process is activated when the user inputs a correct PIN password or user cryptographic value PW.

[0073] Generation of the user identity credential comprises the following steps:

[0074] a) an extraction parameter h(PW∥UPK) of the user cryptographic value is computed; E(F) is de-encapsulated and F is restored by computing F=E(F)⊕h(PW∥UPK); and transformation is conducted through an identity authentication key K=β(h(x).sup.h(ID) mod p) between the USBKey and the measurement-control application server to compute a user identity identification code V.sub.1=F.sup.h(K) mod p.

[0075] b) A user random number R.sub.1 acts on V.sub.1 to obtain a dynamic change user identity credential V.sub.2:

V.sub.2=R.sub.1.sup.h(V.sup.1.sup.∥K) mod p

[0076] c) A time mark T.sub.1 is used for converting and generating a user identity credential of timeliness:

(Q.sub.1,Q.sub.2,Q.sub.3)=(V.sub.1⊕h(K|T.sub.1),R.sub.1⊕h(K|T.sub.1),{F6}h(|V.sub.1))

[0077] d) A user identity authentication-request {ID, Q.sub.1, Q.sub.2, Q.sub.3, T.sub.1} is finally produced, and transmitted to the measurement-control application server through a network.

[0078] 4. Verification of the User Identity Credential

[0079] As shown in FIG. 4, after receiving the identity authentication request transmitted by the terminal device, the measurement-control application server decouples the identity authentication request through the user identity credential to obtain derivable user identity identification codes, and then compares the codes with expected user identity identification codes to finally obtain an identity authentication result. The verification process of the user identity credential comprises the following steps:

[0080] a) When the user identity credential is verified, after receiving the identity authentication request {ID, Q.sub.1, Q.sub.2, Q.sub.3, T.sub.1} transmitted by the terminal device, the trusted measurement-control application server firstly inspects the timeliness: if T−T.sub.1≤ΔT is satisfied, the identity authentication key K=β(h(x).sup.h(ID) mod p) shared with the USBKey is computed through the cryptographic value κ, the secret function β(.Math.) and the ID number provided by the user.

[0081] b) Next, the random number R.sub.1=Q.sub.2 ⊕h(K∥T.sub.1) is decoupled from Q.sub.2 by using K and T.sub.1; the derivable user identity identification code V.sub.1=Q.sub.1 ⊕h(K∥T.sub.1) is restored from Q.sub.1; a random user identity credential V.sub.2=R.sub.1.sup.h(V.sup.1.sup.∥K) mod p and a user identity credential {circumflex over (Q)}.sub.3=h(V.sub.1∥T.sub.1) with the time mark are computed through R.sub.1, V.sub.1 and K.“Derivable” means that Q.sub.1 can be obtained by computing Q.sub.1 ⊕h(K∥T.sub.1), i.e., Q.sub.1 can be derived by computing Q.sub.1 ⊕h(K∥T.sub.1).

[0082] c) Then, the identity credential {circumflex over (Q)}.sub.3 obtained by restoring of the measurement-control application server is compared with the received identity credential Q.sub.3; the derivable user identification code V.sub.1 and an expected derivable user identity identification code PF=F.sup.h(K) mod p are restored; consistence indicates that the user masters the cryptographic value PW, the USBKey provided by the user has the cryptographic values E(F) and EK representing the user, and the user identity of the terminal device is confirmed.

[0083] 5. Confirmation of Authentication Result

[0084] As shown in FIG. 4, the measurement-control application server constructs an identity authentication confirmation message according to an identity authentication result and transmits the message to the terminal device. After receiving the identity confirmation information, the terminal device uses USBKey to decouple the data to obtain the identity authentication result, and creates a session key with the measurement and control server. The confirmation process of the authentication result comprises the following steps:

[0085] a) An identity verification result parameter AUTH∈{True,False} is created; a random number R.sub.2 and authentication time T.sub.2 are generated; and a response message parameter is computed:

(P.sub.1,P.sub.2,P.sub.3,P.sub.4)=(R.sub.2⊕h(V.sub.2∥T.sub.2),R.sub.2.sup.V.sup.2 mod p,h(P.sub.2|T.sub.2),AUTH⊕(h(K|R.sub.2))

[0086] b) An identity authentication confirmation message {P.sub.1, P.sub.3, T.sub.2,AUTH} is created; the message is fed back to the USBKey and a session key Skey=h(K, V.sub.2, P.sub.2, R.sub.1, R.sub.2, T.sub.1, T.sub.2) with the terminal device is also created.

[0087] c) After receiving the confirmation information, the USBKey device inspects the timeliness of the time mark T.sub.2, recomputes the parameter R.sub.2=P.sub.1⊕h(V.sub.2∥T.sub.2), P.sub.2=R.sub.2.sup.V.sup.h mod p, {circumflex over (P)}.sub.3=h(P.sub.2∥T.sub.2), and compares the parameter with P.sub.3 in the confirmation message; {circumflex over (P)}.sub.3=P.sub.3 indicates that the measurement-control application server holds the secret value x and cryptographic function β(.Math.) that represent the identity, can compute the identity authentication key K of the user, and can decouple identity evidence V.sub.2 from the identity authentication request message; and an identity authentication decoupling result AUTH=P.sub.4 ⊕h(K|R.sub.2) is reliable. The session key is computed according to b).

[0088] 6. Key Negotiation Based on Chebyshev Mapping Chaotic Public Key Cryptography

[0089] As shown in FIG. 5, two measurement and control terminal devices with confirmed valid user identity credentials after identity authentication conduct communication key negotiation by using a Chebyshev-based mapping chaotic public key cryptographic algorithm, which comprises the following steps:

[0090] a) The terminal device A firstly selects a large integer r, a large prime number N and x on a finite field, and computes T.sub.r(x), and connects an own user identity identifier ID.sub.A, a recipient device identity identifier ID.sub.B, x, N and T.sub.r(x), encrypts with a shared session key created between the terminal device A and the measurement-control application server, generates a ciphertext E.sub.TA(ID.sub.A, ID.sub.B, x, N, T.sub.r(x)) and then transmits the ciphertext to the measurement-control application server.

[0091] b) After receiving the information, the measurement-control application server decrypts the data E.sub.TA(ID.sub.A, ID.sub.B, x, N, T.sub.r(x)) by using a key shared with the terminal device A to verify whether the device A is a legal identity; if verification fails, the decryption is stopped; otherwise, the obtained information is encrypted by using the key shared with the terminal device B to obtain E.sub.TB(ID.sub.B, ID.sub.A, x, N, T.sub.r(x)); and E.sub.TB(ID.sub.B, ID.sub.A, x, N, T.sub.r(x)) is transmitted to the terminal device B.

[0092] c) After receiving the information, the terminal device B decrypts E.sub.TB(ID.sub.B, ID.sub.A, x, N, T.sub.r(x)) by using the key shared with the measurement-control application server, and then randomly selects a large integer s for computing T.sub.s(x); the identity identifiers ID.sub.B and T.sub.s(x) of the device B are connected and encrypted with the key shared with the measurement-control application server, i.e., E.sub.TB(ID.sub.B, T.sub.s(x)). Then, k=T.sub.s(T.sub.r(x)) is computed, and MAC.sub.B=h.sub.k(ID.sub.B, ID.sub.A, T.sub.r(x)) is computed through Hash function by using k as a key. The device B transmits E.sub.TB(ID.sub.B, T.sub.s(x)) and MAC.sub.B to the measurement-control application server.

[0093] d) After receiving the information, the measurement-control application server decrypts E.sub.TB(ID.sub.B, T.sub.s(x)) by using a key shared with the device B and verifies the identity of the device B. If verification fails, decryption is stopped; otherwise, the measurement-control application server encrypts ID.sub.B and T.sub.s(x) by using a key shared with the device A, i.e., E.sub.TA(ID.sub.B, T.sub.s(x)). Then, E.sub.TA(B, T.sub.s(x)) and MAC.sub.B are transmitted to the device A.

[0094] e) After receiving the information, the device A computes MAC′.sub.A=h.sub.k(ID.sub.B,ID.sub.A,T.sub.s(x)) and compares whether MAC′.sub.B is equal to MAC.sub.B. If not, the device A stops negotiation communication with B. Otherwise, the device A confirms that B is a true communication object and a session key shared by the devices A and B is k=T.sub.s(T.sub.s(x)). The device A can choose to transmit an authentication result message MAC.sub.A=h.sub.k(ID.sub.A, ID.sub.B,T.sub.s(x)) to the device B for confirmation.

[0095] f) The device B computes a Hash function value MAC′.sub.A=h.sub.k(ID.sub.A, ID.sub.B, T.sub.s(x)) by using a key k, and compares whether MAC′.sub.A is equal to received MAC.sub.A; if not, the device B stops negotiation. Otherwise, the device A is confirmed as a true communication object; and a session key is k. MAC′.sub.B and MAC.sub.B represent message confirmation codes obtained by encryption by the terminal device B with the Hash function through the key k shared with the server.

TRUSTED MEASUREMENT AND CONTROL NETWORK AUTHENTICATION METHOD BASED ON DOUBLE CRYPTOGRAPHIC VALUES AND CHAOTIC ENCRYPTION

Assignee

Inventors

Cpc classification

Classification Explorer

H04L9/321

ELECTRICITY

Classification Explorer

H04L2209/127

ELECTRICITY

Classification Explorer

H04L9/0825

ELECTRICITY

Classification Explorer

H04L9/30

ELECTRICITY

Classification Explorer

G06F21/64

PHYSICS

Classification Explorer

H04L9/0877

ELECTRICITY

Classification Explorer

H04L9/0847

ELECTRICITY

Classification Explorer

G06F21/602

PHYSICS

Classification Explorer

H04L9/001

ELECTRICITY

Classification Explorer

H04L9/3271

ELECTRICITY

Classification Explorer

G06F21/44

PHYSICS

Classification Explorer

G06F21/645

PHYSICS

Classification Explorer

H04L9/0869

ELECTRICITY

Classification Explorer

H04L9/3247

ELECTRICITY

Classification Explorer

H04L9/0643

ELECTRICITY

International classification

Classification Explorer

H04L9/00

ELECTRICITY

Classification Explorer

G06F21/64

PHYSICS

Classification Explorer

H04L9/06

ELECTRICITY

Classification Explorer

H04L9/08

ELECTRICITY

Classification Explorer

H04L9/30

ELECTRICITY

Classification Explorer

H04L9/32

ELECTRICITY

Abstract

Claims

Description