Method, apparatus, terminal device and system for generating shared key
US-10050781-B2 · Aug 14, 2018 · US
Identity authentication method, authentication access controller, requesting device, storage medium, program, and program product
US12531728B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12531728-B2 |
| Application number | US-202118259305-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 21, 2021 |
| Priority date | Dec 26, 2020 |
| Publication date | Jan 20, 2026 |
| Grant date | Jan 20, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed in embodiments of the present application are an identity authentication method. Bidirectional or unidirectional identity authentication between an authentication access controller and a requesting device is implemented by using a pre-shared key, thereby laying a foundation for ensuring that a user accessing a network is legitimate and/or a network accessed by a user is legitimate, so as to implement secret communication between the requesting device and the authentication access controller. In addition, in an identity authentication process, a verified party performs calculation on information comprising the pre-shared key of two parties and random numbers respectively generated by the two parties to obtain an identity authentication key, and performs calculation on specified content by using the identity authentication key to obtain an identity authentication code of the verified party. According to the method for calculating an identity authentication code provided by the present application, key exchange calculation is combined, and the capability of resistance to dictionary brute-force attack or to quantum computing attack in the authentication process is enhanced by means of an ingenious detail design. Also disclosed in the embodiments of the present application are an authentication access controller, a requesting device, a storage medium, a program, and a program product.
First claim
Opening claim text (preview).
The invention claimed is: 1 . An identity authentication method, one of a requester and an authentication access controller being used as a verified party, and the other one being used as a verifying party, the method comprising: sending, by the verified party, an identity authentication request message of the verified party to the verifying party, the identity authentication request message of the verified party comprising an identity authentication code of the verified party, wherein the identity authentication code of the verified party is obtained by the verified party by using an identity authentication key to perform calculation on specified content, the specified content comprises a first key, the first key is negotiated by the verified party and the verifying party, and the first key is obtained by the verified party by performing key exchange calculation according to a temporary private key corresponding to a key exchange parameter of the verified party and a temporary public key recovered from a key exchange parameter of the verifying party; using, by the verifying party, the identity authentication key and the specified content to check the identity authentication code of the verified party to obtain a check result, the identity authentication key being obtained by performing calculation on information comprising a pre-shared key between the verifying party and the verified party; and determining, by the verifying party, an identity authentication result of the verified party according to the check result. 2 . The method of claim 1 , further comprising: sending, by the authentication access controller, a key negotiation request message to the requester, the key negotiation request message comprising a first nonce generated by the authentication access controller; sending, by the requester, a key negotiation response message to the authentication access controller, the key negotiation response message comprising a second nonce generated by the requester; using, by the requester, a key derivation algorithm to perform calculation on information comprising the pre-shared key shared with the authentication access controller, the first nonce and the second nonce to obtain the identity authentication key; and using, by the authentication access controller, the key derivation algorithm to perform calculation on the information comprising the pre-shared key shared with the requester, the first nonce and the second nonce to obtain the identity authentication key. 3 . The method of claim 2 , wherein the key negotiation response message further comprises a key exchange parameter of the requester, and the key exchange parameter of the requester is obtained by using the identity authentication key to perform encryption calculation on information comprising a temporary public key generated by the requester, the method further comprising: sending, by the authentication access controller, a key exchange parameter of the authentication access controller to the requester, the key exchange parameter of the authentication access controller being obtained by using the identity authentication key to perform encryption calculation on information comprising a temporary public key generated by the authentication access controller; and performing, by each one of the requester and the authentication access controller, key exchange calculation according to a temporary private key corresponding to the temporary public key of said one of the requester and the authentication access controller and a temporary public key recovered from the key exchange parameter of the other one of the requester and the authentication access controller to obtain the first key. 4 . The method of claim 3 , wherein obtaining the key exchange parameter of the requester comprises: performing, by the requester, an exclusive or (XOR), operation on a hash value of the identity authentication key and the information comprising the temporary public key generated by the requester, and obtaining the key exchange parameter of the authentication access controller comprises: performing, by the authentication access controller, an XOR operation on the hash value of the identity authentication key and the information comprising the temporary public key generated by the authentication access controller; or, obtaining the key exchange parameter of the requester comprises: performing, by the requester, an XOR operation on the information comprising the temporary public key generated by the requester and an extended identity authentication key that is calculated by the requester by using the key derivation algorithm according to information comprising the identity authentication key, and obtaining the key exchange parameter of the authentication access controller comprises: performing, by the authentication access controller, an XOR operation on the information comprising the temporary public key generated by the authentication access controller and an extended identity authentication key that is calculated by the authentication access control by using the key derivation algorithm according to information comprising the identity authentication key. 5 . The method of claim 2 , wherein the key negotiation response message further comprises the first nonce, and before the authentication access controller calculates the identity authentication key, the method further comprises: verifying, by the authentication access controller, consistency between the first nonce in the key negotiation response message and the first nonce generated by the authentication access controller; and in response to the verification being successful, performing, by the authentication access controller, a relevant operation. 6 . The method of claim 2 , wherein the key negotiation request message further comprises security capability parameter information supported by the authentication access controller, and the method further comprises: determining, by the requester according to the security capability parameter information, a particular security policy used by the requester, wherein the key negotiation response message further comprises the particular security policy. 7 . The method of claim 2 , wherein the key negotiation request message further comprises an identifier of the authentication access controller, and the key negotiation response message further comprises an identifier of the requester. 8 . The method of claim 1 , wherein one of the requester and the authentication access controller is used as the verified party, and the other one is used as the verifying party comprises: the requester is used as the verified party while the authentication access controller is used as the verifying party; and the authentication access controller is also used as the verified party while the requester is used as the verifying party, wherein the specified content further comprises an identifier of the requester when the requester is used as the verified party, and the specified content further comprises an identifier of the authentication access controller when the authentication access controller is used as the verified party. 9 . The method of claim 8 , wherein, in response to the requester verifying that an identity of the authentication access controller is legal and the authentication access controller verifying that an identity of the requester is legal, the method further comprises: using, by each of the requester and the authentication access controller, a shared key calculated according to information comprising the first key and the identity authentication key as a pre-shared key for a next identity authentication process. 10 . The method of claim 1 , wherein
Assignees
Inventors
Classifications
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Program or device authentication · CPC title
using certificates or pre-shared keys · CPC title
Key management protocols · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12531728B2 cover?
- Disclosed in embodiments of the present application are an identity authentication method. Bidirectional or unidirectional identity authentication between an authentication access controller and a requesting device is implemented by using a pre-shared key, thereby laying a foundation for ensuring that a user accessing a network is legitimate and/or a network accessed by a user is legitimate, so…
- Who is the assignee on this patent?
- China Iwncomm Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/088. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 20 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).