摘要： 为解决跨域认证与密钥协商中存在的重复计算问题，提出一种基于跨域认证与密钥协商的协议模型。利用公钥加密算法，将跨域认证与密钥协商2种常用协议有机结合，以较少的计算资源、存储资源和网络带宽，在单一的协议内同时实现跨域认证和密钥协商的过程。理论分析和性能比较结果表明，该协议能够提供保密性、鉴别机制、完整性和不可抵赖性等安全保证，且具有较高的处理效率。

关键词: 跨域认证, 密钥协商, 网络通信, 信息安全, 公钥加密, 协议模型

Abstract: In this paper, a new protocol which combines cross-domain authentication and key agreement together is proposed to solve the repeat computing problem in both procedures. Utilizing public key cryptography, the proposed protocol combines both cross-domain authentication protocol and key agreement protocol, and implements both functions in a single protocol with less computational resources, storage resources and network bandwidth. Theoretical analysis and performance comparison results show that the proposed protocol can provide confidentiality, authentication, integrity, nonrepudiation and other security guarantees. Besides, it has a high level of efficiency.

Key words: cross-domain authentication, key agreement, network communication, information security, public key cryptography, protocol model

中图分类号: 

• TP309.7