CN110266496A - A kind of identity identifying method and system - Google Patents
A kind of identity identifying method and system Download PDFInfo
- Publication number
- CN110266496A CN110266496A CN201910528961.2A CN201910528961A CN110266496A CN 110266496 A CN110266496 A CN 110266496A CN 201910528961 A CN201910528961 A CN 201910528961A CN 110266496 A CN110266496 A CN 110266496A
- Authority
- CN
- China
- Prior art keywords
- pub
- random number
- result
- server
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Algebra (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Power Engineering (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of identity identifying method and system, method includes: password to be corresponded to public key by elliptic curve calculations, and public key is sent to server-side and is saved;Logging request is generated, the random number that server-side generates after receiving logging request is received, the public key for being served only for epicycle certification is generated with the password possessed based on random number, passes through the authentication outputs information such as hash algorithm;Authentication information is sent to server-side, server-side is based on authentication information, random number, and storage public key is authenticated.The present invention can effectively reduce the interaction times of client and server-side, improve efficiency, and improve the convenience of password and do not include the plaintext or ciphertext of password in authentication information, improve the safety of certification.
Description
Technical field
Technical field of data security of the present invention more particularly to a kind of identity identifying method and system.
Background technique
With more and more web applications, mobile phone application, the account number cipher for how storing user becomes one and important asks
Topic.Cause account number cipher in library to be revealed by de- library and unsafe storing mode due to producing database often, causes use
The massive losses at family.Simultaneously as the GDPR of European Union (protect by General Data Protection Regulation, general data
Guard strip example) come into force, people focus more on the data safety of itself, and each company is also concerned about whether the safety measure of oneself meets method
Laws & Regulations.
Currently, it is to be logged in Linux by public and private key that the prior art is immediate.User saves a private key, service
Corresponding public key is deposited at end, can not use password login by the method for public and private key.Server-side sends a string of characters, user
Whether unanimously server-side is returned to after encryption, compared after server-side decryption, if unanimously, just logined successfully.Another technology is just
It is authentication to be completed by interactive zero knowledge probative, but interactive mode needs client to interact with server-side more times
Number, and Replay Attack can not be prevented without enchancement factor in the process.
Therefore, the interaction times for how reducing client and server-side, improve efficiency, and improve the convenience of password,
The safety for improving certification, is a urgent problem to be solved.
Summary of the invention
In view of this, the friendship of client and server-side can be effectively reduced the present invention provides a kind of identity identifying method
Mutual number, improves efficiency, and improves the convenience of password and improve the safety of certification.
The present invention provides a kind of identity identifying methods, are applied to client, which comprises
Value x password being converted on elliptic curve, wherein 0 < x < n, n are the rank of elliptic curve basic point g;
The value of [x] g is calculated, and calculated result public key information pub is sent to server-side and is saved, wherein g is ellipse
Basic point on curve, [x] g are the x times of point of g;
Generate logging request;
Receive the random number m that the server-side generates after receiving the logging request;
Based on the random number m, epicycle is calculated according to formula pub*=[x+m] g and logs in the new public key pub* needed;
Generate random number w;
Based on the random number w, result c, r are exported by hash algorithm;
The result c, r are sent to the server-side, the result c, r are authenticated for the server-side.
Preferably, described to be based on the random number w, result r, c are exported by hash algorithm, comprising: based on described random
Number w calculates W by formula W=[w] g;
C is calculated by formula c=Hash (W, pub*);
Result r is exported based on formula r=w-c (x+m) mod (n), wherein n is the rank of elliptic curve basic point g.
A kind of identity identifying method is applied to server-side, which comprises
Save the public key information pub that client is sent;
Receive the logging request that client generates;
The random number m generated based on the logging request;
The random number m is sent to the client;
Based on the logging request, the pub of storage is found according to unique login name;
It is calculated and is logged according to pub* based on the random number m and pub;
Receive result r, c that the client is exported based on the random number m by hash algorithm;
Based on result r, the c, authentication is carried out by hash algorithm.
Preferably, described calculated based on the random number m and pub is logged according to pub*, comprising:
It is calculated and is logged according to pub* according to formula pub*=pub+ [m] g (mod q).
Preferably, described to be based on result r, the c, authentication is carried out by hash algorithm, comprising:
Judge whether Hash ([r] g+ [c] pub*, pub*) is equal to c, if so, authentication success, if it is not, then identity
Authentification failure.
A kind of identity authorization system is applied to client, the system comprises:
Conversion module, a value x for being converted to password on elliptic curve, wherein 0 < x < n, n are elliptic curve base
The rank of point g;
Calculated result public key information pub for calculating the value of [x] g, and is sent to server-side and carried out by the first computing module
It saves, wherein g is the basic point on elliptic curve, and [x] g is the x times of point of g;
First generation module, for generating logging request;
Receiving module, the random number m generated after receiving the logging request for receiving the server-side;
Second computing module calculates epicycle according to formula pub*=[x+m] g and logs in needs for being based on the random number m
New public key pub*;
Second generation module, for generating random number w;
Third computing module exports result r, c by hash algorithm for being based on the random number w;
Sending module, for the result r, c to be sent to the server-side, the result r, c are used for the server-side
It is authenticated.
Preferably, the third computing module is being executed based on the random number w, is passed through hash algorithm and is exported result r, c
When, it is specifically used for:
Based on the random number w, W is calculated by formula W=[w] g;
C is calculated by formula c=Hash (W, pub*);
Result r is exported based on formula r=w-c (x+m) mod (n), wherein n is the rank of elliptic curve basic point g.
A kind of identity authorization system is applied to server-side, the system comprises:
Memory module, for saving the public key information pub of client transmission;
First receiving module, for receiving the logging request of client generation;
Generation module, the random number m for being generated based on the logging request;
Sending module, for sending the random number m to the client;
Searching module finds the pub of storage according to unique login name for being based on the logging request;
Computing module is logged in for being calculated based on the random number m and pub according to pub*;
Second receiving module, the result exported based on the random number m by hash algorithm for receiving the client
R, c;
Authentication module carries out authentication by hash algorithm for being based on result r, the c.
Preferably, the computing module execute calculated based on the random number m and the pub log according to pub* when,
It is specifically used for:
It is calculated and is logged according to pub* according to formula pub*=pub+ [m] g (mod q).
Preferably, the authentication module is being executed based on result r, the c, when carrying out authentication by hash algorithm,
It is specifically used for:
Judge whether Hash ([r] g+ [c] pub*, pub*) is equal to c, if so, authentication success, if it is not, then identity
Authentification failure.
In conclusion the invention discloses a kind of identity identifying method, it is applied to client, when needing to carry out authentication
When, password is converted to a value x on elliptic curve first, then calculates the value of [x] g, and by calculated result public key information
Pub is sent to server-side and is saved, and generates logging request, receives the random number that server-side generates after receiving logging request
M is based on random number m, calculates epicycle according to formula pub*=[x+m] g and logs in the new public key pub* needed, generates random number w;Base
In random number w, result r, c are exported by hash algorithm, result r, c are sent to server-side, as a result r, c is carried out for server-side
Certification.The present invention can effectively reduce the interaction times of client and server-side, improve efficiency, and improve the convenience of password
With the safety for improving certification.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it is therefore apparent that the accompanying drawings in the following description is only the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is a kind of method flow diagram of identity identifying method embodiment 1 disclosed by the invention;
Fig. 2 is a kind of method flow diagram of identity identifying method embodiment 2 disclosed by the invention;
Fig. 3 is a kind of structural schematic diagram of identity authorization system embodiment 1 disclosed by the invention;
Fig. 4 is a kind of structural schematic diagram of identity authorization system embodiment 2 disclosed by the invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Whole description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Based on this
Embodiment in invention, every other reality obtained by those of ordinary skill in the art without making creative efforts
Example is applied, shall fall within the protection scope of the present invention.
As shown in Figure 1, being a kind of method flow diagram of identity identifying method embodiment 1 disclosed by the invention, the method
Applied to client, the method may include following steps:
S101, a value x being converted to password on elliptic curve;
When needing to carry out authentication, password is converted to a value x on elliptic curve in client, wherein 0 <
X < n, n are the rank of elliptic curve basic point g, and g is a basic point of elliptic curve.
The value of S102, calculating [x] g, and calculated result public key information pub is sent to server-side and is saved;
After a value x being converted to password on elliptic curve, the value of [x] g is calculated according to x, obtains calculated result public affairs
Key information pub.Then the result public key information pub being calculated is sent to server-side, server-side is public by the result received
Key information pub is stored, wherein [x] g is the x times of point of g.
S103, logging request is generated;
Logging request is initiated by client, i.e., logging request is generated by client.
S104, the random number m that server-side generates after receiving logging request is received;
Server-side finds the pub of storage according to unique login name after the logging request for receiving client initiation,
Random number m is generated, is calculated and is logged according to pub* in server-side according to formula pub*=pub+ [m] g (mod q), and by generation
Random number m is back to client, and client receives random number m.
S105, it is based on random number m, epicycle is calculated according to formula pub*=[x+m] g and logs in the new public key pub* needed;
Client calculates this in client after the random number m for receiving server-side return, according to the random number m received
Wheel logs in the new public key pub* needed.Specifically, logging in needs calculating epicycle in client according to the random number m received
When new public key pub*, it can specifically be calculated according to formula pub*=[x+m] g.
S106, random number w is generated;
Further random number w is generated in client.
S107, it is based on random number w, result r, c is exported by hash algorithm;
According to the random number w of generation, W is calculated by formula W=[w] g, then according to formula c=Hash (W, pub*)
C is calculated, result r is then exported according to formula r=w-c (x+m) mod (n), wherein n is the rank of elliptic curve basic point g.
S108, result r, c are sent to server-side, wherein result r, c are authenticated for server-side.
Result r, c are sent to server-side by client, server-side according to result r, the c received, by hash algorithm into
Row authentication.Specifically, judge whether Hash ([r] g+ [c] pub*, pub*) is equal to c, if so, authentication success, if
No, then authentication fails.Wherein, pub* is to be stepped on according to formula pub*=pub+ [m] g (mod q) server-side is calculated
Record foundation.
In conclusion in the above-described embodiments, being applied to client, when needing to carry out authentication, first by password
A value x being converted on elliptic curve, then calculates the value of [x] g, and calculated result public key information pub is sent to service
End is saved, and logging request is generated, and receives the random number m that server-side generates after receiving logging request, is based on random number
M calculates epicycle according to formula pub*=[x+m] g and logs in the new public key pub* needed, generates random number w;Based on random number w, lead to
Hash algorithm output result r, c are crossed, result r, c are sent to server-side, as a result r, c is authenticated for server-side.The present invention
The interaction times that client and server-side can be effectively reduced, improve efficiency, and improve the convenience of password and improve certification
Safety.
As shown in Fig. 2, being a kind of method flow diagram of identity identifying method embodiment 2 disclosed by the invention, the method
Applied to server-side, the method may include following steps:
S201, the public key information pub that client is sent is saved;
When needing to carry out authentication, password is converted to a value x on elliptic curve in client, wherein 0 <
X < n, n are the rank of basic point g, and g is a basic point of elliptic curve.After a value x being converted to password on elliptic curve,
The value that [x] g is calculated according to x, obtains calculated result public key information pub.Then the result public key information pub being calculated is sent
To server-side, server-side stores the result public key information pub received, wherein [x] g is the x times of point of g.
S202, the logging request that client generates is received;
Logging request is initiated by client, i.e., logging request is generated by client, server-side reception is generated by client
Logging request.
S203, the random number m generated based on logging request;
Server-side generates random number m after the logging request for receiving client initiation.
S204, random number m is sent to client;
And the random number m of generation is sent to client.
S205, it is based on logging request, the pub of storage is found according to unique login name;
Meanwhile server-side finds storage according to unique login name after the logging request for receiving client initiation
Pub.
S206, login is calculated according to pub* based on random number m and pub;
And it is calculated and is logged according to pub* in server-side according to formula pub*=pub+ [m] g (mod q).
S207, result r, c that client is exported based on random number m by hash algorithm are received;
Client is after the random number m for receiving server-side return, according to the random number m received in client according to public affairs
Formula pub*=[x+m] g calculates epicycle and logs in the new public key pub* needed.Random number w further is generated in client, according to generation
Random number w, W is calculated by formula W=[w] g, c is then calculated according to formula c=Hash (W, pub*), then basis
Formula r=w-c (x+m) mod (n) exports result r, and result r, c are sent to server-side by client, and server-side is received by client
The result r, c of transmission.
S208, it is based on result r, c, authentication is carried out by hash algorithm.
Server-side carries out authentication according to result r, the c received, by hash algorithm.Specifically, judging Hash
Whether ([r] g+ [c] pub*, pub*) is equal to c, if so, authentication success, if it is not, then authentication fails.Wherein,
Pub* is according to formula pub*=pub+ [m] g (mod q) in the calculated login foundation of server-side.
In conclusion in the above-described embodiments, being applied to server-side, when needing to carry out authentication, visitor is saved first
Family end send public key information pub, then receive client generate logging request, based on logging request generate random number m,
Institute random number m is sent to client, logging request is based on, the pub of storage is found according to unique login name, based on
Machine number m and pub, which are calculated, to be logged according to pub*, and result r, c that client is exported based on random number m by hash algorithm are received;Base
In result r, c, authentication is carried out by hash algorithm.The present invention can effectively reduce the interaction time of client and server-side
Number, improves efficiency, and improves the convenience of password and improve the safety of certification.
As shown in figure 3, being a kind of structural schematic diagram of identity authorization system embodiment 1 disclosed by the invention, the system
Applied to client, the system may include:
Conversion module 301, a value x for being converted to password on elliptic curve;
When needing to carry out authentication, password is converted to a value x on elliptic curve in client, wherein 0 <
X < n, n are the rank of elliptic curve basic point g, and g is a basic point of elliptic curve.
First computing module 302 is sent to server-side for calculating the value of [x] g, and by calculated result public key information pub
It is saved;
After a value x being converted to password on elliptic curve, the value of [x] g is calculated according to x, obtains calculated result public affairs
Key information pub.Then the result public key information pub being calculated is sent to server-side, server-side is public by the result received
Key information pub is stored, wherein [x] g is the x times of point of g.
First generation module 303, for generating logging request;
Logging request is initiated by client, i.e., logging request is generated by client.
Receiving module 304, the random number m generated after receiving logging request for receiving server-side;
Server-side finds the pub of storage according to unique login name after the logging request for receiving client initiation,
Random number m is generated, is calculated and is logged according to pub* in server-side according to formula pub*=pub+ [m] g (mod q), and by generation
Random number m is back to client, and client receives random number m.
Second computing module 305 calculates epicycle according to formula pub*=[x+m] g and logs in needs for being based on random number m
New public key pub*;
Client calculates this in client after the random number m for receiving server-side return, according to the random number m received
Wheel logs in the new public key pub* needed.Specifically, logging in needs calculating epicycle in client according to the random number m received
When new public key pub*, it can specifically be calculated according to formula pub*=[x+m] g.
Second generation module 306, for generating random number w;
Further random number w is generated in client.
Third computing module 307 exports result r, c by hash algorithm for being based on random number w;
According to the random number w of generation, W is calculated by formula W=[w] g, then according to formula c=Hash (W, pub*)
C is calculated, result r is then exported according to formula r=w-c (x+m) mod (n), wherein n is the rank of elliptic curve basic point g.
Sending module 308, for result r, c to be sent to server-side, wherein result r, c are authenticated for server-side.
Result r, c are sent to server-side by client, server-side according to result r, the c received, by hash algorithm into
Row authentication.Specifically, judge whether Hash ([r] g+ [c] pub*, pub*) is equal to c, if so, authentication success, if
No, then authentication fails.Wherein, pub* is to be stepped on according to formula pub*=pub+ [m] g (mod q) server-side is calculated
Record foundation.
In conclusion in the above-described embodiments, being applied to client, when needing to carry out authentication, first by password
A value x being converted on elliptic curve, then calculates the value of [x] g, and calculated result public key information pub is sent to service
End is saved, and logging request is generated, and receives the random number m that server-side generates after receiving logging request, is based on random number
M calculates epicycle according to formula pub*=[x+m] g and logs in the new public key pub* needed, generates random number w;Based on random number w, lead to
Hash algorithm output result r, c are crossed, result r, c are sent to server-side, as a result r, c is authenticated for server-side.The present invention
The interaction times that client and server-side can be effectively reduced, improve efficiency, and improve the convenience of password and improve certification
Safety.
As shown in figure 4, being a kind of structural schematic diagram of identity authorization system embodiment 2 disclosed by the invention, the system
Applied to server-side, the system may include:
Memory module 401, for saving the public key information pub of client transmission;
When needing to carry out authentication, password is converted to a value x on elliptic curve in client, wherein 0 <
X < n, n are the rank of basic point g, and g is a basic point of elliptic curve.After a value x being converted to password on elliptic curve,
The value that [x] g is calculated according to x, obtains calculated result public key information pub.Then the result public key information pub being calculated is sent
To server-side, server-side stores the result public key information pub received, wherein [x] g is the x times of point of g.
First receiving module 402, for receiving the logging request of client generation;
Logging request is initiated by client, i.e., logging request is generated by client, server-side reception is generated by client
Logging request.
Generation module 403, the random number m for being generated based on logging request;
Server-side generates random number m after the logging request for receiving client initiation.
Sending module 404, for sending random number m to client;
And the random number m of generation is sent to client.
Searching module 405 finds the pub of storage according to unique login name for being based on logging request;
Meanwhile server-side finds storage according to unique login name after the logging request for receiving client initiation
Pub.
Computing module 406 is logged in for being calculated based on random number m and pub according to pub*;
And it is calculated and is logged according to pub* in server-side according to formula pub*=pub+ [m] g (mod q).
Second receiving module 407, the result r, c exported based on random number m by hash algorithm for receiving client;
Client is after the random number m for receiving server-side return, according to the random number m received in client according to public affairs
Formula pub*=[x+m] g calculates epicycle and logs in the new public key pub* needed.Random number w further is generated in client, according to generation
Random number w, W is calculated by formula W=[w] g, c is then calculated according to formula c=Hash (W, pub*), then basis
Formula r=w-c (x+m) mod (n) exports result r, and client will be as a result, c be sent to server-side, and server-side is received by client
The result r, c of transmission.
Authentication module 408 carries out authentication by hash algorithm for being based on result r, c.
Server-side carries out authentication according to result r, the c received, by hash algorithm.Specifically, judging Hash
Whether ([r] g+ [c] pub*, pub*) is equal to c, if so, authentication success, if it is not, then authentication fails.Wherein,
Pub* is according to formula pub*=pub+ [m] g (mod q) in the calculated login foundation of server-side.
In conclusion in the above-described embodiments, being applied to server-side, when needing to carry out authentication, visitor is saved first
Family end send public key information pub, then receive client generate logging request, based on logging request generate random number m,
Institute random number m is sent to client, logging request is based on, the pub of storage is found according to unique login name, based on
Machine number m and pub, which are calculated, to be logged according to pub*, and result r, c that client is exported based on random number m by hash algorithm are received;Base
In result r, c, authentication is carried out by hash algorithm.The present invention can effectively reduce the interaction time of client and server-side
Number, improves efficiency, and improves the convenience of password and improve the safety of certification.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with other
The difference of embodiment, the same or similar parts in each embodiment may refer to each other.For device disclosed in embodiment
For, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is said referring to method part
It is bright.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond the scope of this invention.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor
The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit
Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology
In any other form of storage medium well known in field.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.
Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Claims (10)
1. a kind of identity identifying method, which is characterized in that be applied to client, which comprises
Value x password being converted on elliptic curve, wherein 0 < x < n, n are the rank of elliptic curve basic point g;
The value of [x] g is calculated, and calculated result public key information pub is sent to server-side and is saved, wherein g is elliptic curve
On basic point, [x] g be g x times of point;
Generate logging request;
Receive the random number m that the server-side generates after receiving the logging request;
Based on the random number m, epicycle is calculated according to formula pub*=[x+m] g and logs in the new public key pub* needed;
Generate random number w;
Based on the random number w, result c, r are exported by hash algorithm;
The result c, r are sent to the server-side, the result c, r are authenticated for the server-side.
2. being exported the method according to claim 1, wherein described be based on the random number w by hash algorithm
As a result r, c, comprising: be based on the random number w, W is calculated by formula W=[w] g;
C is calculated by formula c=Hash (W, pub*);
Result r is exported based on formula r=w-c (x+m) mod (n), wherein n is the rank of elliptic curve basic point g.
3. a kind of identity identifying method, which is characterized in that be applied to server-side, which comprises
Save the public key information pub that client is sent;
Receive the logging request that client generates;
The random number m generated based on the logging request;
The random number m is sent to the client;
Based on the logging request, the pub of storage is found according to unique login name;
It is calculated and is logged according to pub* based on the random number m and pub;
Receive result r, c that the client is exported based on the random number m by hash algorithm;
Based on result r, the c, authentication is carried out by hash algorithm.
4. according to the method described in claim 3, it is characterized in that, described calculated based on the random number m and pub is logged in
According to pub*, comprising:
It is calculated and is logged according to pub* according to formula pub*=pub+ [m] g (mod q).
5. according to the method described in claim 4, it is characterized in that, it is described be based on result r, the c, carried out by hash algorithm
Authentication, comprising:
Judge whether Hash ([r] g+ [c] pub*, pub*) is equal to c, if so, authentication success, if it is not, then authentication
Failure.
6. a kind of identity authorization system, which is characterized in that it is applied to client, the system comprises:
Conversion module, a value x for being converted to password on elliptic curve, wherein 0 < x < n, n are elliptic curve basic point g
Rank;
Calculated result public key information pub for calculating the value of [x] g, and is sent to server-side and protected by the first computing module
It deposits, wherein g is the basic point on elliptic curve, and [x] g is the x times of point of g;
First generation module, for generating logging request;
Receiving module, the random number m generated after receiving the logging request for receiving the server-side;
Second computing module calculates epicycle according to formula pub*=[x+m] g and logs in the new of needs for being based on the random number m
Public key pub*;
Second generation module, for generating random number w;
Third computing module exports result r, c by hash algorithm for being based on the random number w;
Sending module, for the result r, c to be sent to the server-side, the result r, c are carried out for the server-side
Certification.
7. system according to claim 6, which is characterized in that the third computing module is being executed based on the random number
W is specifically used for when by hash algorithm output result r, c:
Based on the random number w, W is calculated by formula W=[w] g;
C is calculated by formula c=Hash (W, pub*);
Result r is exported based on formula r=w-c (x+m) mod (n), wherein n is the rank of elliptic curve basic point g.
8. a kind of identity authorization system, which is characterized in that it is applied to server-side, the system comprises:
Memory module, for saving the public key information pub of client transmission;
First receiving module, for receiving the logging request of client generation;
Generation module, the random number m for being generated based on the logging request;
Sending module, for sending the random number m to the client;
Searching module finds the pub of storage according to unique login name for being based on the logging request;
Computing module is logged in for being calculated based on the random number m and pub according to pub*;
Second receiving module, the result r, c exported based on the random number m by hash algorithm for receiving the client;
Authentication module carries out authentication by hash algorithm for being based on result r, the c.
9. system according to claim 8, which is characterized in that the computing module executing based on the random number m and
When the pub calculates login according to pub*, it is specifically used for:
It is calculated and is logged according to pub* according to formula pub*=pub+ [m] g (mod q).
10. system according to claim 9, which is characterized in that the authentication module is being executed based on result r, the c,
When carrying out authentication by hash algorithm, it is specifically used for:
Judge whether Hash ([r] g+ [c] pub*, pub*) is equal to c, if so, authentication success, if it is not, then authentication
Failure.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910528961.2A CN110266496A (en) | 2019-06-18 | 2019-06-18 | A kind of identity identifying method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910528961.2A CN110266496A (en) | 2019-06-18 | 2019-06-18 | A kind of identity identifying method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110266496A true CN110266496A (en) | 2019-09-20 |
Family
ID=67919179
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910528961.2A Pending CN110266496A (en) | 2019-06-18 | 2019-06-18 | A kind of identity identifying method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110266496A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111212427A (en) * | 2020-01-14 | 2020-05-29 | 陈良准 | Application APP account login management system based on mobile terminal |
CN117640090A (en) * | 2024-01-25 | 2024-03-01 | 蓝象智联(杭州)科技有限公司 | Identity verification method and system |
-
2019
- 2019-06-18 CN CN201910528961.2A patent/CN110266496A/en active Pending
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111212427A (en) * | 2020-01-14 | 2020-05-29 | 陈良准 | Application APP account login management system based on mobile terminal |
CN117640090A (en) * | 2024-01-25 | 2024-03-01 | 蓝象智联(杭州)科技有限公司 | Identity verification method and system |
CN117640090B (en) * | 2024-01-25 | 2024-04-12 | 蓝象智联(杭州)科技有限公司 | Identity verification method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhang et al. | Deco: Liberating web data using decentralized oracles for tls | |
CN106850200B (en) | A kind of safety method, system and the terminal of digital cash of the use based on block chain | |
Choudhury et al. | A strong user authentication framework for cloud computing | |
US9264232B2 (en) | Cryptographic device that binds an additional authentication factor to multiple identities | |
CN102647461B (en) | Communication means based on HTTP, server, terminal | |
CN105024819B (en) | A kind of multiple-factor authentication method and system based on mobile terminal | |
CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
CN104521178B (en) | The method and system of the multi-party cloud computing of safety | |
CN109922077A (en) | A kind of identity identifying method and its system based on block chain | |
CA2613733A1 (en) | System and method for security in global computer transactions that enable reverse-authentication of a server by a client | |
CN109802835A (en) | A kind of safety certifying method, system and API gateway | |
CN107295011A (en) | The safety certifying method and device of webpage | |
CN101577917A (en) | Safe dynamic password authentication method based on mobile phone | |
CN102915263A (en) | Data backup method, system and equipment | |
CN109684129B (en) | Data backup recovery method, storage medium, encryption machine, client and server | |
CN105681470A (en) | Communication method, server and terminal based on hypertext transfer protocol | |
CN110336807A (en) | A kind of identity identifying method based on Web service, equipment and storage medium | |
CN105553654A (en) | Key information query processing method and device and key information management system | |
CN106789069B (en) | zero-knowledge identity authentication method | |
CN109474600A (en) | A kind of account binding method, system, device and its equipment | |
CN110266496A (en) | A kind of identity identifying method and system | |
CN110245117A (en) | The credible delet method of data and system on a kind of cloud based on block chain | |
CN109903047A (en) | Key migration method and apparatus | |
Pandey | Implementation of DNA cryptography in cloud computing and using Huffman algorithm, socket programming and new approach to secure cloud data | |
Patil et al. | A provably secure data sharing scheme for smart gas distribution grid using fog computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190920 |
|
RJ01 | Rejection of invention patent application after publication |