ENTITY AUTHENTICATION METHOD AND DEVICE BASED ON PRE-SHARED KEY

摘要

The present invention relates to the technical field of network security. Provided are an entity authentication method and device based on a pre-shared key. The method comprises: an entity A generates and sends a random number NA to an entity B; the entity B generates random numbers NB and ZSEEDB, computes a key MKAˆ¥KEIA and first encrypted authentication data AuthEncDataB, and sends the NBˆ¥NAˆ¥AuthEncDataB to the entity A for verification; the entity A generates a random number ZSEEDA, computes second encrypted authentication data AuthEncDataA, a shared key seed Z, a master key MK and a first message authentication identifier MacTagA, and sends the NAˆ¥NBˆ¥AuthEncDataAˆ¥MacTagA to the entity B for verification; the entity B computes Z, MK and MacTagA, compares the MacTagAwith the received MacTagA, and if the two are equal, considers that the entity A is valid; the entity B computes and sends a second message authentication identifier MacTagB to the entity A; and the entity A computes MacTagB, compares the MacTagB with the received MacTagB, and if the two are equal, considers that the entity B is valid. The device of the present invention is corresponding to the entity A and the entity B in the method. The present invention can achieve bidirectional authentication between network entities and determine the identity of the other party, and greatly improves the efficiency and reduces the consumption of hardware computing resources.