KR101782792B1 - Server, method and system for authentication and key agreement - Google Patents

Server, method and system for authentication and key agreement Download PDF

Info

Publication number
KR101782792B1
KR101782792B1 KR1020150181126A KR20150181126A KR101782792B1 KR 101782792 B1 KR101782792 B1 KR 101782792B1 KR 1020150181126 A KR1020150181126 A KR 1020150181126A KR 20150181126 A KR20150181126 A KR 20150181126A KR 101782792 B1 KR101782792 B1 KR 101782792B1
Authority
KR
South Korea
Prior art keywords
authentication
terminal
equation
server
remind
Prior art date
Application number
KR1020150181126A
Other languages
Korean (ko)
Other versions
KR20170073001A (en
Inventor
정익래
김동민
백목련
정원석
Original Assignee
고려대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 고려대학교 산학협력단 filed Critical 고려대학교 산학협력단
Priority to KR1020150181126A priority Critical patent/KR101782792B1/en
Publication of KR20170073001A publication Critical patent/KR20170073001A/en
Application granted granted Critical
Publication of KR101782792B1 publication Critical patent/KR101782792B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An authentication and key sharing method is disclosed. The authentication and key sharing method is performed in a server and includes receiving a registration request message from a terminal, registering a user of the terminal, receiving an authentication request message from the terminal, authenticating the user, And transmitting a response value to the terminal.

Description

Technical Field [0001] The present invention relates to an authentication and key sharing server, a method and a system,

The present invention relates to an authentication and key sharing server, a method and a system, and more particularly to a system and method for registering a user using a randomized ID and a password, And an authentication and key sharing server, method, and system capable of sharing a session key at the same time.

Recently, researches on user authentication and key sharing in various environments such as cloud system, control system, Internet of Things (IoT), and smart card have been actively conducted. However, in most studies, there is a vulnerability in that the user's ID is revealed in the user authentication process, or the user's ID or password can be guessed through the communication value or the value stored in the server. There is also an unsafe protocol considering forward secrecy. The present invention proposes a protocol that is safe for ID guessing, password guessing attack, omnidirectional security, and the user's ID is not revealed in the authentication process.

The background of the present invention is as follows.

Cryptographic hash function

Hash function

Figure 112015123999610-pat00001
Is a function that converts data of an arbitrary length into data of a fixed length. It has the same output value for the same input value, especially for the cryptographic hash function
Figure 112015123999610-pat00002
Satisfy the following three properties.

① pre-image resistance: given

Figure 112015123999610-pat00003
about,
Figure 112015123999610-pat00004
Satisfy
Figure 112015123999610-pat00005
.

② 2nd preimage resistance: given

Figure 112015123999610-pat00006
about,
Figure 112015123999610-pat00007
Satisfy
Figure 112015123999610-pat00008
.

③ Collision resistance:

Figure 112015123999610-pat00009
Satisfy
Figure 112015123999610-pat00010
Wow
Figure 112015123999610-pat00011
.

Elliptic curve cryptography

Elliptic curve cryptography is one of the public key cryptosystems based on the elliptic curve theory, which has the advantage of providing similar level of security while using shorter keys than RSA (Rivest Shamir Adleman) or Elgamal. Based on these advantages, it is mainly used in the environment where the transmission amount and the calculation amount are restricted like the wireless environment. In elliptic curve cryptosystems, we mainly design cryptosystems based on the elliptic curve discrete logarithm problem.

Elliptic Curve Discrete Algebra Problems: Minority

Figure 112015123999610-pat00012
about
Figure 112015123999610-pat00013
To
Figure 112015123999610-pat00014
The term finite field with a number of elements means that the point on the elliptic curve
Figure 112015123999610-pat00015
Order (order)
Figure 112015123999610-pat00016
The
Figure 112015123999610-pat00017
Lt; / RTI >
Figure 112015123999610-pat00018
An elliptic curve defined on the elliptic curve, a point defined on the elliptic curve
Figure 112015123999610-pat00019
, And an arbitrary point
Figure 112015123999610-pat00020
When given,
Figure 112015123999610-pat00021
An integer that satisfies
Figure 112015123999610-pat00022
Is an elliptic curve discrete algebra problem, which is perceived as a more difficult problem than factorization problem or discrete algebra problem.

Biohash function (Biohash)

Biohash function

Figure 112015123999610-pat00023
Is a function that takes an input of biometric information such as a fingerprint and outputs an arbitrary length, and has safety similar to a cryptographic hash function. Although biometrics is the same person, biometric information is slightly different for each input, so you can not use ordinary hash functions or cryptographic hash functions that require accurate values. The biohash function is a function for solving the similarity (fuzzyness) of biometric information and has the property of outputting the same value with high probability for similar input.

A.T.B. Jin, D.N.C. Ling, and A. Goh, Biohashing: Two factor authentication featuring fingerprint data and tokenized random number, Pattern recognition, 2004. R. Amin and G.P. Biswas, A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS with User Anonymity, J. Med. Syst., June 2015. R. Amin and G.P. Biswas, An Improved RSA Based Authentication and Session Key Agreement Protocol Usable in TMIS, J. Med. Syst., June 2015. S.A. Chaudhry, H. Naqvi, T. Shon, M. Sher, and M.S. Farash, Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems, J. Med. Syst., April 2015. H. Arshad, V. Teymoori, M. Nikooghadam, and H. Abbassi, On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems, J. Med. Syst., June 2015.

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to provide a method and apparatus for registering a user using a randomized ID and a password, Server, method, and system.

An authentication and key sharing method according to an embodiment of the present invention is performed in a server, and includes receiving a registration request message from a terminal, registering a user of the terminal, receiving an authentication request message from the terminal, Authenticating the user and generating a session key, and transmitting the response value to the terminal.

Also, an authentication and key sharing server according to an embodiment of the present invention includes a registration unit for receiving a registration request message from a terminal and registering a user of the terminal, and a registration unit for receiving an authentication request message from the terminal, And an authentication unit for generating a key and transmitting a response value to the terminal.

Also, an authentication and key sharing system according to an embodiment of the present invention includes the authentication and key sharing server and the terminal.

According to the authentication and key sharing server, method, and system according to the embodiment of the present invention, it is possible to design a multiple authentication and key sharing protocol that is safe for ID, password guessing attack and omnidirectional security, The user's privacy can be protected by preventing the ID of the user from being exposed.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In order to more fully understand the drawings recited in the detailed description of the present invention, a detailed description of each drawing is provided.
1 illustrates an authentication and key sharing system according to an embodiment of the present invention.
2 is a functional block diagram of the terminal shown in FIG.
3 is a functional block diagram of the server shown in FIG.
4 is a flowchart illustrating an authentication and key sharing method performed in the authentication and key sharing system shown in FIG.

It is to be understood that the specific structural or functional description of embodiments of the present invention disclosed herein is for illustrative purposes only and is not intended to limit the scope of the inventive concept But may be embodied in many different forms and is not limited to the embodiments set forth herein.

The embodiments according to the concept of the present invention can make various changes and can take various forms, so that the embodiments are illustrated in the drawings and described in detail herein. It should be understood, however, that it is not intended to limit the embodiments according to the concepts of the present invention to the particular forms disclosed, but includes all modifications, equivalents, or alternatives falling within the spirit and scope of the invention.

The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms may be named for the purpose of distinguishing one element from another, for example, without departing from the scope of the right according to the concept of the present invention, the first element may be referred to as a second element, The component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like are used to specify that there are features, numbers, steps, operations, elements, parts or combinations thereof described herein, But do not preclude the presence or addition of one or more other features, integers, steps, operations, components, parts, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the meaning of the context in the relevant art and, unless explicitly defined herein, are to be interpreted as ideal or overly formal Do not.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings attached hereto. First, the present invention assumes two parties including a user and a server. Transmitting a randomized ID and a password to register the user in the server, registering the user and transmitting the registered value, inputting a user ID, password, biometric information, The server authenticates the user and generates the session key, and the user authenticates the server and authenticates the session key. The first two steps are the steps of registering users to the server and assume a communication using a secure channel.

In addition,

Figure 112015123999610-pat00024
Cryptographic hash function,
Figure 112015123999610-pat00025
Let's call it a biohash function. here
Figure 112015123999610-pat00026
Is the length of the hash function output value,
Figure 112015123999610-pat00027
Means the length of a random token used in the biohash function. And
Figure 112015123999610-pat00028
Means an exclusive OR (XOR) for each bit.
Figure 112015123999610-pat00029
A point on the elliptic curve used in the elliptic curve cryptosystem,
Figure 112015123999610-pat00030
The secret value of the server, and
Figure 112015123999610-pat00031
Is the public value of the server.

1 illustrates an authentication and key sharing system according to an embodiment of the present invention.

The authentication and key sharing system 10, which may be referred to as an authentication system, multiple authentication and key sharing systems, etc., includes at least one terminal 100 and a server 300.

The terminal 100 transmits a registration request message to the server 300 and the server 300 registers the user of the terminal 100 in response to the registration request message.

The server 300 authenticates the terminal 100 or the user in response to the authentication request of the terminal 100 and transmits the response value to the terminal 100. The terminal 100 uses the response value By authenticating the server 300, mutual authentication can be completed and the session key can be securely shared.

The terminal 100 may be a personal computer, a tablet PC, a notebook, a net-book, an e-reader, a personal digital assistant (PDA) , An MP3 player, or an MP4 player, or may be implemented as a handheld device such as a mobile phone, a smart phone, and the like.

The specific configuration and operation of the server 300 and the terminal 100 will be described in detail with reference to FIG. 2 and FIG.

2 is a functional block diagram of the terminal shown in FIG. The terminal 100 shown in FIG. 2 includes a plurality of terminals (not shown)

Figure 112015123999610-pat00032
Th user (
Figure 112015123999610-pat00033
) ≪ / RTI >

Referring to FIGS. 1 and 2, the terminal 100 includes a registration request unit 110, an authentication request unit 130, and an authentication unit 150.

The registration request unit 110 transmits a registration request message for user registration to the server 300. The registration request message includes a randomized ID

Figure 112015123999610-pat00034
) And randomized password (
Figure 112015123999610-pat00035
). I have a signed ID (
Figure 112015123999610-pat00036
) And randomized password (
Figure 112015123999610-pat00037
The registration request unit 110 performs the following process.

First, the registration request unit 110 receives random numbers (

Figure 112015123999610-pat00038
,
Figure 112015123999610-pat00039
) Is selected (or generated).

Thereafter, the registration request unit 110 receives arbitrary random numbers (

Figure 112015123999610-pat00040
,
Figure 112015123999610-pat00041
), ID(
Figure 112015123999610-pat00042
), And a password (
Figure 112015123999610-pat00043
) Is input as a cryptographic hash function.
Figure 112015123999610-pat00044
) And randomized password (
Figure 112015123999610-pat00045
Can be generated.

Figure 112015123999610-pat00046

As described above, the ID (

Figure 112015123999610-pat00047
) And password (
Figure 112015123999610-pat00048
), The risk of personal information leakage that may occur can be eliminated. The selected arbitrary random numbers (
Figure 112015123999610-pat00049
,
Figure 112015123999610-pat00050
) Is a randomized ID
Figure 112015123999610-pat00051
) And randomized password (
Figure 112015123999610-pat00052
May be generated and then deleted in the terminal 100.

Also, the registration request unit 110 receives the registration value (

Figure 112015123999610-pat00053
,
Figure 112015123999610-pat00054
) And an open parameter (
Figure 112015123999610-pat00055
,
Figure 112015123999610-pat00056
) And receives the registration value (
Figure 112015123999610-pat00057
,
Figure 112015123999610-pat00058
), An open parameter (
Figure 112015123999610-pat00059
,
Figure 112015123999610-pat00060
), And user (
Figure 112015123999610-pat00061
) Biometric information
Figure 112015123999610-pat00062
) To calculate the value (
Figure 112015123999610-pat00063
,
Figure 112015123999610-pat00064
Can be generated. Biometric Information
Figure 112015123999610-pat00065
For example, fingerprint information, iris information, and the like.

Figure 112015123999610-pat00066

Figure 112015123999610-pat00067

The registration value received from the server 300

Figure 112015123999610-pat00068
,
Figure 112015123999610-pat00069
), An open parameter (
Figure 112015123999610-pat00070
,
Figure 112015123999610-pat00071
), The calculated value (
Figure 112015123999610-pat00072
,
Figure 112015123999610-pat00073
), Cryptographic hash function (
Figure 112015123999610-pat00074
), And biohash function (
Figure 112015123999610-pat00075
May be stored in a predetermined storage means that can be included in the terminal 100 by the registration requesting unit 110. [

When the authentication request unit 130 of the terminal 100 requires authentication for communication with the server 300,

Figure 112015123999610-pat00076
), password(
Figure 112015123999610-pat00077
), Biometric information
Figure 112015123999610-pat00078
), And a value stored in the terminal 100
Figure 112015123999610-pat00079
,
Figure 112015123999610-pat00080
,
Figure 112015123999610-pat00081
,
Figure 112015123999610-pat00082
,
Figure 112015123999610-pat00083
,
Figure 112015123999610-pat00084
, And
Figure 112015123999610-pat00085
), The following operation is performed.

First, the authentication request unit 130 uses the following equation to calculate the random number (

Figure 112015123999610-pat00086
,
Figure 112015123999610-pat00087
).

Figure 112015123999610-pat00088

Figure 112015123999610-pat00089

In addition, the authentication request unit 130 uses the following mathematical formula to calculate the randomized ID

Figure 112015123999610-pat00090
) And randomized password (
Figure 112015123999610-pat00091
).

Figure 112015123999610-pat00092

Figure 112015123999610-pat00093

Further, the authentication request unit 130 may use the following equation

Figure 112015123999610-pat00094
.

Figure 112015123999610-pat00095

Further, the authentication request unit 130 may use the following equation

Figure 112015123999610-pat00096
And calculates
Figure 112015123999610-pat00097
Which is stored in the terminal 100,
Figure 112015123999610-pat00098
The protocol is interrupted.

Figure 112015123999610-pat00099

Further, the authentication request unit 130 may use the following equation

Figure 112015123999610-pat00100
.

Figure 112015123999610-pat00101

here,

Figure 112015123999610-pat00102
May be an arbitrary random number selected by the authentication requesting unit 130 of the terminal 100.

Also, the authentication request unit 130 may generate a random number ("

Figure 112015123999610-pat00103
) And an open parameter (
Figure 112015123999610-pat00104
)
Figure 112015123999610-pat00105
.

Figure 112015123999610-pat00106

Further, the authentication request unit 130 may use the following equation

Figure 112015123999610-pat00107
.

Figure 112015123999610-pat00108

here,

Figure 112015123999610-pat00109
May be the current timestamp.

The authentication request unit 130 receives the value (e.g.,

Figure 112015123999610-pat00110
,
Figure 112015123999610-pat00111
,
Figure 112015123999610-pat00112
,
Figure 112015123999610-pat00113
To the server 300. The authentication request message may include an authentication request message, The generated value (
Figure 112015123999610-pat00114
,
Figure 112015123999610-pat00115
,
Figure 112015123999610-pat00116
,
Figure 112015123999610-pat00117
) Can be named the query value.

The authentication unit 150 of the terminal 100 receives the response value (

Figure 112015123999610-pat00118
,
Figure 112015123999610-pat00119
,
Figure 112015123999610-pat00120
), And receives the received response value (
Figure 112015123999610-pat00121
,
Figure 112015123999610-pat00122
,
Figure 112015123999610-pat00123
) And the values stored in the terminal 100,
Figure 112015123999610-pat00124
.

Figure 112015123999610-pat00125

Figure 112015123999610-pat00126

Figure 112015123999610-pat00127

The authentication unit 150 receives authentication information

Figure 112015123999610-pat00128
And generated
Figure 112015123999610-pat00129
If it is different, to stop the protocol, authenticate the server 300 if it is the same,
Figure 112015123999610-pat00130
As the session key.

3 is a functional block diagram of the server shown in FIG.

1 to 3, a server 300, which may be referred to as an authentication server, a key sharing server, or an authentication and key sharing server, includes a registration unit 310 and an authentication unit 330.

The registration unit 310 may receive a registration request message from the registration request unit 110 of the terminal 100 and perform user registration.

Specifically, the registering unit 310 registers the randomized ID received from the terminal 100

Figure 112015123999610-pat00131
), Randomized password (
Figure 112015123999610-pat00132
), And the secret value of the preset server 300 (
Figure 112015123999610-pat00133
) To calculate the registration value (
Figure 112015123999610-pat00134
,
Figure 112015123999610-pat00135
).

Figure 112017017422918-pat00265

Figure 112017017422918-pat00266

Also, the registration unit 310 registers the generated registration value (

Figure 112015123999610-pat00138
,
Figure 112015123999610-pat00139
) And an open parameter (
Figure 112015123999610-pat00140
,
Figure 112015123999610-pat00141
To the terminal 100. Here, the public parameter (
Figure 112015123999610-pat00142
,
Figure 112015123999610-pat00143
) May be a public parameter used in an elliptic curve cipher.

The authentication unit 330 receives the authentication request message or the query value received from the terminal 100

Figure 112015123999610-pat00144
,
Figure 112015123999610-pat00145
,
Figure 112015123999610-pat00146
,
Figure 112015123999610-pat00147
) And its secret value (
Figure 112015123999610-pat00148
) Is calculated as follows.

Figure 112015123999610-pat00149

Figure 112015123999610-pat00150

Figure 112015123999610-pat00151

The authentication unit 330 receives the generated

Figure 112015123999610-pat00152
And the terminal 100
Figure 112015123999610-pat00153
The user authentication is performed. That is, the authentication unit 330
Figure 112015123999610-pat00154
Wow
Figure 112015123999610-pat00155
If they are different, the protocol is aborted and in the same case authenticates that it is a legitimate user. When the user authentication is completed, the authentication unit 330 reads the response value (
Figure 112015123999610-pat00156
,
Figure 112015123999610-pat00157
,
Figure 112015123999610-pat00158
) To the terminal 100 after calculating (or generating) as shown below.

Figure 112015123999610-pat00159

Figure 112015123999610-pat00160

Figure 112015123999610-pat00161

Figure 112015123999610-pat00162

In the above equation

Figure 112015123999610-pat00163
May be any random number selected by the server 300 or the authentication unit 330,
Figure 112015123999610-pat00164
May be the current timestamp. Also,
Figure 112015123999610-pat00165
May refer to a session key used for communication between the server 300 and the terminal 100.

Each of the configurations of the terminal 100 and the server 300 shown in FIG. 2 and FIG. 3 may be functionally and logically separated, and each configuration may be divided into a separate physical device or a separate code It will be readily apparent to one of ordinary skill in the art to which the present invention pertains.

Also, in this specification, "part" may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may mean a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and does not necessarily mean a physically connected code or a kind of hardware.

4 is a flowchart illustrating an authentication and key sharing method performed in the authentication and key sharing system shown in FIG. In the description of the authentication and key sharing method, a detailed description of the contents overlapping with the above-described contents will be omitted.

1 to 4, the registration request unit 110 of the terminal 100 registers a randomized ID

Figure 112015123999610-pat00166
) And randomized password (
Figure 112015123999610-pat00167
) (S100), and generates a randomized ID
Figure 112015123999610-pat00168
) And randomized password (
Figure 112015123999610-pat00169
To the server 300 (S200).

I have a signed ID (

Figure 112015123999610-pat00170
) And randomized password (
Figure 112015123999610-pat00171
The registration unit 310 of the server 300 receives the registration value
Figure 112015123999610-pat00172
,
Figure 112015123999610-pat00173
(S300), and generates the generated registration value (
Figure 112015123999610-pat00174
,
Figure 112015123999610-pat00175
) And an open parameter (
Figure 112015123999610-pat00176
,
Figure 112015123999610-pat00177
) To the terminal 100 (S400). At this time, the created registration value (
Figure 112015123999610-pat00178
,
Figure 112015123999610-pat00179
) Registration unit 310 in a predetermined storage space in the server 300.

From the server 300,

Figure 112015123999610-pat00180
,
Figure 112015123999610-pat00181
) And an open parameter (
Figure 112015123999610-pat00182
,
Figure 112015123999610-pat00183
The registration request unit 110 receives the calculated value (
Figure 112015123999610-pat00184
,
Figure 112015123999610-pat00185
), And generates a registration value (
Figure 112015123999610-pat00186
,
Figure 112015123999610-pat00187
), The calculated value (
Figure 112015123999610-pat00188
,
Figure 112015123999610-pat00189
), An open parameter (
Figure 112015123999610-pat00190
,
Figure 112015123999610-pat00191
), Cryptographic hash function (
Figure 112015123999610-pat00192
), And biohash function (
Figure 112015123999610-pat00193
May be stored in the storage space of the terminal 100 (S500).

When authentication is required for communication with the server 300, the authentication request unit 130 of the terminal 100 transmits a query value

Figure 112015123999610-pat00194
,
Figure 112015123999610-pat00195
,
Figure 112015123999610-pat00196
,
Figure 112015123999610-pat00197
) And generates the generated query value (
Figure 112015123999610-pat00198
,
Figure 112015123999610-pat00199
,
Figure 112015123999610-pat00200
,
Figure 112015123999610-pat00201
To the server 300 (S600).

The authentication unit 330 of the server 300 receives the received query value (

Figure 112015123999610-pat00202
,
Figure 112015123999610-pat00203
,
Figure 112015123999610-pat00204
,
Figure 112015123999610-pat00205
The user of the terminal 100 is authenticated (S700), and the query value
Figure 112015123999610-pat00206
,
Figure 112015123999610-pat00207
,
Figure 112015123999610-pat00208
,
Figure 112015123999610-pat00209
) Corresponding to the response value
Figure 112015123999610-pat00210
,
Figure 112015123999610-pat00211
,
Figure 112015123999610-pat00212
And transmits it to the terminal 100 (S800).

The authentication unit 150 of the terminal 100 receives the response value (

Figure 112015123999610-pat00213
,
Figure 112015123999610-pat00214
,
Figure 112015123999610-pat00215
, The server 300 can be authenticated (S900).

Through the above-described process, the server 300 and the terminal 100 send the same session key (

Figure 112015123999610-pat00216
And the present invention is applicable to various environments such as a cloud system, a control system, and a smart card.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

10: Authentication and Key Sharing System
100: terminal
110: registration request unit
130:
150:
300: server
310: Register
330:

Claims (8)

In an authentication and key sharing method performed by a server,
The number of the randomized ID (
Figure 112017054651542-pat00267
) And randomized password (
Figure 112017054651542-pat00268
Receiving a registration request message including a registration request message;
Registering a user of the terminal;
Receiving an authentication request message from the terminal;
Authenticating the user and generating a session key; And
And transmitting a response value to the terminal,
Wherein registering the user comprises:
The randomized ID (
Figure 112017054651542-pat00281
), The randomized password (
Figure 112017054651542-pat00282
), The secret value of the server (
Figure 112017054651542-pat00283
) To calculate the registration value (
Figure 112017054651542-pat00284
,
Figure 112017054651542-pat00285
); And
The registration value (
Figure 112017054651542-pat00286
,
Figure 112017054651542-pat00287
) And an open parameter (
Figure 112017054651542-pat00288
,
Figure 112017054651542-pat00289
To the terminal,
Authentication and key sharing methods.
delete The method according to claim 1,
The authentication request message includes a query value
Figure 112017054651542-pat00228
,
Figure 112017054651542-pat00229
,
Figure 112017054651542-pat00230
,
Figure 112017054651542-pat00231
),
remind
Figure 112017054651542-pat00232
Is defined by Equation (1)
Equation (1)
Figure 112017054651542-pat00233
ego,
remind
Figure 112017054651542-pat00234
Is an arbitrary random number selected by the terminal,
remind
Figure 112017054651542-pat00235
Is defined by equation (2)
Equation (2)
Figure 112017054651542-pat00236
ego,
remind
Figure 112017054651542-pat00237
Is defined by Equation (3)
Equation (3)
Figure 112017054651542-pat00238
ego,
remind
Figure 112017054651542-pat00239
Is a time stamp,
Authentication and key sharing methods.
The method of claim 3,
Wherein authenticating the user and generating a session key comprises:
Using Equation 4,
Figure 112015123999610-pat00240
≪ / RTI >
remind
Figure 112015123999610-pat00241
And a controller
Figure 112015123999610-pat00242
And authenticating the user; And
Using equation (5), the session key
Figure 112015123999610-pat00243
), ≪ / RTI >
Equation (4)
Figure 112015123999610-pat00244
ego,
Equation (5)
Figure 112015123999610-pat00245
ego,
remind
Figure 112015123999610-pat00246
Is defined by Equation (6)
Equation (6)
Figure 112015123999610-pat00247
ego,
remind
Figure 112015123999610-pat00248
Is an arbitrary random number selected by the server,
remind
Figure 112015123999610-pat00249
Is defined by Equation (7)
Equation (7)
Figure 112015123999610-pat00250
sign,
Authentication and key sharing methods.
5. The method of claim 4,
Wherein the step of transmitting a response value to the terminal comprises:
Figure 112015123999610-pat00251
,
Figure 112015123999610-pat00252
,
Figure 112015123999610-pat00253
), ≪ / RTI >
remind
Figure 112015123999610-pat00254
Is defined by < RTI ID = 0.0 > (8)
Equation (8)
Figure 112015123999610-pat00255
ego,
remind
Figure 112015123999610-pat00256
Is a time stamp,
Authentication and key sharing methods.
The method according to claim 1,
remind
Figure 112017054651542-pat00257
Is defined by < RTI ID = 0.0 > (9)
Equation (9)
Figure 112017054651542-pat00258
ego,
remind
Figure 112017054651542-pat00259
Is defined by < RTI ID = 0.0 > (10)
Equation (10)
Figure 112017054651542-pat00260
sign,
Authentication and key sharing methods.
In an authentication and key sharing server,
The number of the randomized ID (
Figure 112017017422918-pat00269
) And randomized password (
Figure 112017017422918-pat00270
A registration unit for receiving a registration request message including a registration request message and registering a user of the terminal; And
And an authentication unit for receiving an authentication request message from the terminal, authenticating the user, generating a session key, and transmitting a response value to the terminal,
The register
The randomized ID (
Figure 112017017422918-pat00271
), The randomized password (
Figure 112017017422918-pat00272
), A secret value of the authentication and key sharing server (
Figure 112017017422918-pat00273
) To calculate the registration value (
Figure 112017017422918-pat00274
,
Figure 112017017422918-pat00275
),
The registration value (
Figure 112017017422918-pat00276
,
Figure 112017017422918-pat00277
) And an open parameter (
Figure 112017017422918-pat00278
,
Figure 112017017422918-pat00279
To the terminal,
Authentication and key sharing servers.
An authentication and key sharing server according to claim 7; And
Comprising:
Authentication and key sharing system.
KR1020150181126A 2015-12-17 2015-12-17 Server, method and system for authentication and key agreement KR101782792B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150181126A KR101782792B1 (en) 2015-12-17 2015-12-17 Server, method and system for authentication and key agreement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150181126A KR101782792B1 (en) 2015-12-17 2015-12-17 Server, method and system for authentication and key agreement

Publications (2)

Publication Number Publication Date
KR20170073001A KR20170073001A (en) 2017-06-28
KR101782792B1 true KR101782792B1 (en) 2017-10-24

Family

ID=59280489

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150181126A KR101782792B1 (en) 2015-12-17 2015-12-17 Server, method and system for authentication and key agreement

Country Status (1)

Country Link
KR (1) KR101782792B1 (en)

Also Published As

Publication number Publication date
KR20170073001A (en) 2017-06-28

Similar Documents

Publication Publication Date Title
He et al. Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol
Jiang et al. A privacy preserving three-factor authentication protocol for e-health clouds
KR102549272B1 (en) Method and Apparatus for Authenticated Key Exchange Using Password and Identity-based Signature
Zhao et al. A secure and effective anonymous authentication scheme for roaming service in global mobility networks
Tan An efficient biometrics-based authentication scheme for telecare medicine information systems
Das et al. A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
Gong et al. A secure chaotic maps-based key agreement protocol without using smart cards
Lee et al. Three‐factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices
Mir et al. A secure user anonymity and authentication scheme using AVISPA for telecare medical information systems
CN109309566B (en) Authentication method, device, system, equipment and storage medium
Srinivas et al. Provably secure biometric based authentication and key agreement protocol for wireless sensor networks
Qi et al. An efficient two‐party authentication key exchange protocol for mobile environment
Phan et al. Analyzing the secure simple pairing in Bluetooth v4. 0
CN112912878B (en) Secure crypto processor
Kang et al. Efficient and robust user authentication scheme that achieve user anonymity with a Markov chain
CN105162585B (en) A kind of session cipher negotiating method of secret protection
Amintoosi et al. TAMA: three-factor authentication for multi-server architecture
Kumar et al. A conditional privacy-preserving and desynchronization-resistant authentication protocol for vehicular ad hoc network
Meshram et al. An efficient remote user authentication with key agreement procedure based on convolution-Chebyshev chaotic maps using biometric
WO2019075447A1 (en) System and method for detecting the user using a single one-time password
Doshi et al. A password based authentication scheme for wireless multimedia systems
EP2991262A1 (en) A method for signing data, corresponding first and second device and system
Truong et al. Improved Chebyshev Polynomials‐Based Authentication Scheme in Client‐Server Environment
JP2022533979A (en) User authentication and signature device using user biometrics, and method thereof

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E90F Notification of reason for final refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant