CN102195782A - Two-way identity authentication method with integration of identity and password for mailing system - Google Patents

Abstract

The invention relates to a two-way identity authentication method with integration of identity and a password for a mailing system, which belongs to the technical field of computer network safety. The technical scheme can be summarized as follows: adopting the identity way, combining with the dynamic random password, and mutually authenticating the identity of a user and the identity of a server while hiding the password of the user. The two-way identity authentication method has the benefit of solving the problem of two-way identity authentication in the existing mailing system. The two-way authentication technology is integrated in the two-way identity authentication method, so that the server can not get the password of the user and the two-way identity authentication of the user and the server can be achieved.

Description

The mailing system bidirectional identity authentication method that identity and password merge mutually

Technical field

The present invention relates to the computer network security technology field, the identity identifying method under the highly confidential mailing system of particularly a kind of needs refers to the mailing system bidirectional identity authentication method that a kind of identity and password merge mutually especially.

Background technology

The extensive use of Email relates to the every aspect of national economy, military affairs, politics, and national network safety is had most penetrating influence.Yet in the e-mail system of extensive use at present, majority all lacks complete safe mechanism, for example: when the user logins the E-mail address, only use the hashed value of user password to authenticate to mail server, and for fixing password, its corresponding hashed value is fixed, if have the assailant to wish to obtain this user's password, only need to use simple off-line dictionary attack to get final product.Cryptographic system based on password was the mainstream technology of carrying out authentication before public key cryptography is born always, early stage system such as famous Knight and Kerberos all uses password to carry out authenticating user identification, this technology is simple and easy to understand, use very conveniently, in most e-mail system, widely use.But also the characteristics of this simplicity can be pretended to be this user after making the assailant crack user cipher by dictionary attack just.While, existing secure e-mail system carried out step by step owing to its authentication, and the authentication between multistage and the cross-certification that may exist, make that administration overhead is too huge after this class safe e-mail system scale expands to a certain degree, can't large-scale application.And have some e-mail systems such as PGP (Pretty Good Privacy), S/MIME (Secure/Multipurpose Internet Mail Extensions) etc. to consider the safety problem of Email, used some security mechanism, for example: use hashing algorithm that the back is signed, encrypted to Mail Contents and transmit, use public-key and private key techniques openly and by authority's third party is carried out signature authentication with addresser and receiver's PKI as special annex.The organizations and individuals' of all next stage certificate of certification is responsible for authentication by the tissue of upper level, and authentication mutually between the tissue of upper level makes whole mailing system form a tree-shaped chain of trust relationship.Though this type systematic can reach the purpose that ensures mail security, owing to broken away from password mechanism, the user uses inconvenience, needs to be familiar with again using method.And because authentication is carried out step by step, the authentication between multistage, and the cross-certification that may exist make that administration overhead is too huge after this class safe e-mail system scale expands to a certain degree, are unfavorable for large-scale application.And in this type systematic, the authentication relationship inequality between each mail server, any country and organize can be not relieved with the authentication power transfer to other countries or tissue.In addition, when ciphertext was transmitted, this type systematic mainly used external commercial symmetric key encryption algorithm such as AES etc., and does not use China existing merchant's Data Encryption Standard SMS4.So this class safe e-mail system never is used widely in China.Existing bidirectional identity authentication method based on dynamic password and digital certificate needs to preserve last verify data and also need to transmit certificate chain in verification process, occupies transmission bandwidth.

Summary of the invention

The mailing system bidirectional identity authentication method that the object of the present invention is to provide a kind of identity and password to merge mutually, overcome the authentication defective in the existing e-mail system, the two-way authentication technology is incorporated wherein, make server itself can not obtain user's password and private key, and reach the bidirectional identity authentication of user and server.Thereby have the trusting relationship of equality between mail reception person and mail server, the PKI system key generator, and no longer be the level trusting relationship.

Above-mentioned purpose of the present invention is achieved through the following technical solutions:

The mailing system bidirectional identity authentication method that identity and password merge mutually, be that the two-way authentication technology is incorporated in the existing mailing system, make server itself can not obtain user's password, and reach the bidirectional identity authentication of user and server, its concrete steps are as follows:

1. server initialization system parameter T=(p, a, b, g, P _Pub, q, h, H, I, H ₁, I ₁), the selection of parameter process is as follows:

1.1 choose a prime number finite field F _p, choose field element a, b ∈ F _pSatisfy equation: E:y ²≡ x ³+ ax+b (modp), wherein 4a ³+ 27b ²≠ 0 (mod p);

1.2 at curve E (F _p) on choose a basic point g=(x _g, y _g), and calculate the rank q that g is ordered, h=#E (F _p)/q; These parameters satisfy following condition: #E (F _p) ≠ p; p ^B≠ 1 (mod q), wherein 1≤B＜20; H≤4; P, q also must satisfy p=2 mod 3 and p=6q-1;

1.3 generate a random number

S is the master key of system, and calculates P _Pub=sg;

1.4 select four hash functions:

I:{0,1} ^*→ F _p, H ₁: 0,1} ⁿ* 0,1} ⁿ→ F _q, I ₁: 0,1} ⁿ→ 0,1} ⁿ

2. selected server identification ID _S, generate server identification ID _SCorresponding private key d _S, its step is as follows:

2.1 with ID _SBe mapped to elliptic curve E (F _p) on some Q _S

2.2 calculating private key: d _S=sQ _S

3. the user registers at mail server, by the selected user's of user identify label ID _UAnd user password pwd; By server authentication User Identity ID _UUniqueness; The hash value h (pwd) of server end storage user password, h represents hash algorithm; And provide this user's private key d _U, this private key d _UGenerate by server;

4 users use the sign ID of mail server _SFollowing information encrypted sends to mail server then:

Wherein || expression connects,

The expression XOR, pwd represents user password, and h represents hash algorithm, and g represents a basic point, and x is a random number, g ^xThe x power of expression g, ID _UThe sign of representative of consumer U;

5. after server is received information encrypted, at first use the private key d of oneself _SBe decrypted, obtain message Then according to user ID in the database _UCryptographic Hash h (pwd) with

Carry out XOR, obtain x, calculate g ^x, and compare to confirm user ID with the information of receiving _UThe correctness of password pwd come identifying user identity; At last, mail server is selected a disposable dynamic password y, with this user's identity ID _UEncrypting messages M=x||y also sends to this user;

6. the user deciphers x||y, and compares the authentication server identity with he x of transmission.

Private key for user d in the described step 3 _UThe step that is generated by server is as follows:

With ID _UBe mapped to elliptic curve E (F _p) on some Q _U, i.e. function H in the step (1.4) ₁

Calculate private key: d _U=sQ _U

User in the described step 4 uses the sign ID of mail server _SThe step that information is encrypted is as follows:

With server identification ID _SBe mapped to elliptic curve E (F _p) on the some Q on q rank _S

Select a random train σ, r=H is set ₁(σ, M), wherein M is above-mentioned message: $M=h\left(\mathrm{pwd}\right)\⊕\left|\right|g^x\left|\right|{\mathrm{ID}}_U;$

Calculate ciphertext $C=<\mathrm{rP},\mathrm{\&sigma;}\&CirclePlus;H\left(g_{\mathrm{ID}}^r\right),M\&CirclePlus;I_1\left(\mathrm{\&sigma;}\right)>;$ Wherein $g_{\mathrm{ID}}=e(Q_S,P_{\mathrm{pub}})\&Element;F_{p^2},$ E is the bilinearity mapping function of a weil pairing.

Mail server in the described step 5 is selected a disposable dynamic password y, with this user's identity ID _UEncrypting messages M=x||y and to send to this user's encrypting step as follows:

Identify label ID with the user _UBe mapped to elliptic curve E (F _p) on the some Q on q rank _U

Select a random train σ, r=H is set ₁(σ, M), wherein M is above-mentioned message: M=x||y;

Calculate ciphertext $C=<\mathrm{rP},\mathrm{\&sigma;}\&CirclePlus;H\left(g_{\mathrm{ID}}^r\right),M\&CirclePlus;I_1\left(\mathrm{\&sigma;}\right)>,$ Wherein $g_{\mathrm{ID}}=e(Q_U,P_{\mathrm{pub}})\&Element;F_{p^2},$ E is the bilinearity mapping function of a weil pairing.

The present invention compares with the identity identifying method in the existing mailing system, and advantage of the present invention and good effect are as follows:

1. in the transmission of user password, adopt

Form transmission, although user's password information form with hash value in server database exists, but but be variant in transmission with the user password hash value, promptly carry out XOR and obtain, make the assailant to decode user cipher by means such as dictionary attacks by a random number of choosing with the user.

2. guaranteeing to be held as a hostage in server domain name by the two-way authentication that realizes server and user causes under the situation that mail server is replaced, and the user can discern false server; Also can make server affirmation user identity and exchange initial information with the user.

Embodiment:

Further specify detailed content of the present invention and embodiment thereof below.

The mailing system bidirectional identity authentication method that identity of the present invention and password merge mutually, be that the two-way authentication technology is incorporated in the existing mailing system, make server itself can not obtain user's password, and reach the bidirectional identity authentication of user and server, its concrete steps are as follows:

1. server initialization system parameter T=(p, a, b, g, P _Pub, q, h, H, I, H ₁, I ₁), the selection of parameter process is as follows:

1.1 choose a prime number finite field F _p, choose field element a, b ∈ F _pSatisfy equation: E:y ²≡ x ³+ ax+b (mod p), wherein 4a ³+ 27b ²≠ 0 (mod p);

1.2 at curve E (F _p) on choose a basic point g=(x _g, y _g), and calculate the rank q that g is ordered, h=#E (F _p)/q; These parameters satisfy following condition: #E (E _p) ≠ p; p ^B≠ 1 (mod q), wherein 1≤B＜20; H≤4; P, q also must satisfy p=2mod3 and p=6q-1;

1.3 generate a random number S is the master key of system, and calculates P _Pub=sg;

1.4 select four hash functions:

I:{0,1} ^*→ F _p, H ₁: 0,1} ⁿ* 0,1} ⁿ→ F _q, I ₁: 0,1} ⁿ→ 0,1} ⁿ

2. selected server identification ID _S, generate server identification ID _SCorresponding private key d _S, its step is as follows:

2.1 with ID _SBe mapped to elliptic curve E (F _p) on some Q _S, i.e. function H in 1.4 ₁

2.2 calculating private key: d _S=sQ _S

3. the user registers at mail server, by the selected user's of user identify label ID _UAnd user password pwd; By server authentication User Identity ID _UUniqueness; The hash value h (pwd) of server end storage user password, h represents hash algorithm; And provide this user's private key d _S, this private key d _SGenerate by server; Concrete generation step is as follows:

3.1 with ID _UBe mapped to elliptic curve E (F _p) on some Q _U, i.e. function H in the step 1.4 ₁

3.2 calculating private key: d _U=sQ _U

4. the user uses the sign ID of mail server _SFollowing information encrypted sends to mail server then:

Wherein || expression connects,

The expression XOR, pwd represents user password, h represents hash algorithm, as SHA-256, MD2, MD4, MD5 ..., g represents a basic point, x is a random number, g ^xThe x power of expression g, ID _UThe sign of representative of consumer U, encrypting step is as follows:

4.1 as step 2.1, with server identification ID _SBe mapped to elliptic curve E (F _p) on the some Q on q rank _S

4.2 select a random train σ, r=H be set ₁(σ, M), wherein M is the message of foregoing description: $M=h\left(\mathrm{pwd}\right)\&CirclePlus;\left|\right|g^x\left|\right|{\mathrm{ID}}_U;$

4.3 calculating ciphertext $C=<\mathrm{rP},\mathrm{\&sigma;}\&CirclePlus;H\left(g_{\mathrm{ID}}^r\right),M\&CirclePlus;I_1\left(\mathrm{\&sigma;}\right)>,$ Wherein $g_{\mathrm{ID}}=e(Q_S,P_{\mathrm{pub}})\&Element;F_{p^2},$ E is the bilinearity mapping function of a weil pairing.

5. after server is received information encrypted, at first use the private key d of oneself _SBe decrypted, obtain message

Then according to user ID in the database _UCryptographic Hash h (pwd) with

Carry out XOR, obtain x, calculate g ^x, and compare to confirm user ID with the information of receiving _UThe correctness of password pwd come identifying user identity;

Clearer for mark, establish the ciphertext form and be $C=<\mathrm{rP},\mathrm{\&sigma;}\&CirclePlus;H\left(g_{\mathrm{ID}}^r\right),M\&CirclePlus;I_1\left(\mathrm{\&sigma;}\right)>=<U,V,W>,$ Decryption step is as follows:

5.1 calculate $V\&CirclePlus;H\left(e(d_S,U)\right)=\mathrm{\&sigma;};$

5.2 calculate $W\&CirclePlus;I_1\left(\mathrm{\&sigma;}\right)=M;$

5.3r=H ₁(σ, M), whether checking U equates with rP; If unequal, then deciphering is failed and is withdrawed from; Otherwise the plaintext M in the output step 5.2.

If g by calculating ^xWith the g that obtains in the message ^xEquate, the authentication success of server to the user then is described;

At last, mail server is selected a disposable dynamic password y, with this user's identity ID _UEncrypting messages M=x||y also sends to this user, and encrypting step is as follows:

Similar step 2.1 is with user's identify label ID _UBe mapped to elliptic curve E (F _p) on the some Q on q rank _U

Select a random train σ, r=H is set ₁(σ, M), wherein M is the message of foregoing description: M=x||y;

Calculate ciphertext $C=<\mathrm{rP},\mathrm{\&sigma;}\&CirclePlus;H\left(g_{\mathrm{ID}}^r\right),M\&CirclePlus;I_1\left(\mathrm{\&sigma;}\right)>,$ Wherein $g_{\mathrm{ID}}=e(Q_U,P_{\mathrm{pub}})\&Element;F_{p^2},$ E is the bilinearity mapping function of a weil pairing;

6. the user deciphers x||y, and compares the authentication server identity with he x of transmission.That is: the user uses the private key d of oneself _UDeciphering obtains message M=x||y, and compares with he x of transmission, the authentication server identity, and in the interacting message afterwards message y is sent to server, can carry out the secondary checking of server to user identity;

Clear for mark, establish the cryptographic algorithm pattern and be $C=<\mathrm{rP},\mathrm{\&sigma;}\&CirclePlus;H\left(g_{\mathrm{ID}}^r\right),M\&CirclePlus;I_1\left(\mathrm{\&sigma;}\right)>=<U,V,W>,$ Decryption step is as follows:

6.1 calculate $V\&CirclePlus;H\left(e(d_U,U)\right)=\mathrm{\&sigma;};$

6.2 calculate $W\&CirclePlus;I_1\left(\mathrm{\&sigma;}\right)=M;$

6.3r=H ₁(σ, M), whether checking U equates with rP; If unequal, then deciphering is failed and is withdrawed from; Otherwise the plaintext M in the output step 6.2.

Claims (4)

1. the mailing system bidirectional identity authentication method that merges mutually of an identity and password, be that the two-way authentication technology is incorporated in the existing mailing system, make server itself can not obtain user's password, and reach the bidirectional identity authentication of user and server, its concrete steps are as follows:

(1) server initialization system parameter T=(p, a, b, g, P _Pub, q, h, H, I, H ₁, I ₁), the selection of parameter process is as follows:

(1.1) choose a prime number finite field F _p, choose field element a, b ∈ F _pSatisfy equation: E:y ²≡ x ³+ ax+b (modp), wherein 4a ³+ 27b ²≠ 0 (modp);

(1.2) at curve E (F _p) on choose a basic point g=(x _g, y _g), and calculate the rank q that g is ordered, h=#E (F _p)/q; These parameters satisfy following condition: #E (F _p) ≠ p; p ^B≠ 1 (mod q), wherein 1≤B＜20; H≤4; P, q also must satisfy p=2mod3 and p=6q-1;

(1.3) generate a random number

S is the master key of system, and calculates P _Pub=sg;

(1.4) select four hash functions:

I:{0,1} ^*→ F _p, H ₁: 0,1} ⁿ* 0,1} ⁿ→ F _q, I ₁: 0,1} ⁿ→ 0,1} ⁿ

(2) selected server identification ID _S, generate server identification ID _SCorresponding private key d _S, its step is as follows:

(2.1) with ID _SBe mapped to elliptic curve E (F _p) on some Q _S

(2.2) calculate private key: d _S=sQ _S

(3) user registers at mail server, by the selected user's of user identify label ID _UAnd user password pwd; By server authentication User Identity ID _UUniqueness; The hash value h (pwd) of server end storage user password, h represents hash algorithm; And provide this user's private key d _U, this private key d _UGenerate by server;

(4) user uses the sign ID of mail server _SFollowing information encrypted sends to mail server then:

Wherein || expression connects,

The expression XOR, pwd represents user password, and h represents hash algorithm, and g represents a basic point, and x is a random number, g ^xThe x power of expression g, ID _UThe sign of representative of consumer U;

(5) after server is received information encrypted, at first use the private key d of oneself _SBe decrypted, obtain message

Then according to user ID in the database _UCryptographic Hash h (pwd) with

Carry out XOR, obtain x, calculate g ^x, and compare to confirm user ID with the information of receiving _UThe correctness of password pwd come identifying user identity; At last, mail server is selected a disposable dynamic password y, with this user's identity ID _UEncrypting messages M=x||y also sends to this user;

(6) user deciphers x||y, and compares the authentication server identity with he x of transmission.

2. identity according to claim 1 and the mailing system bidirectional identity authentication method that password merges mutually is characterized in that: the private key d in the described step (3) _UThe step that is generated by server is as follows:

With ID _UBe mapped to elliptic curve E (F _p) on some Q _U, i.e. function H in the step (1.4) ₁

Calculate private key: d _U=sQ _U

3. identity according to claim 1 and the mailing system bidirectional identity authentication method that password merges mutually, it is characterized in that: the user in the described step (4) uses the sign ID of mail server _SThe step that information is encrypted is as follows:

With server identification ID _SBe mapped to elliptic curve E (F _p) on the some Q on q rank _S

Select a random train σ, r=H is set ₁(σ, M), wherein M is above-mentioned message: $M=h\left(\mathrm{pwd}\right)\&CirclePlus;\left|\right|g^x\left|\right|{\mathrm{ID}}_U;$

Calculate ciphertext $C=<\mathrm{rP},\mathrm{\&sigma;}\&CirclePlus;H\left(g_{\mathrm{ID}}^r\right),M\&CirclePlus;I_1\left(\mathrm{\&sigma;}\right)>;$ Wherein $g_{\mathrm{ID}}=e(Q_S,P_{\mathrm{pub}})\&Element;F_{p^2},$ E is the bilinearity mapping function of a weil pairing.

4. identity according to claim 1 and the mailing system bidirectional identity authentication method that password merges mutually is characterized in that: the mail server in the described step (5) is selected a disposable dynamic password y, with this user's identity ID _UEncrypting messages M=x||y and to send to this user's encrypting step as follows:

Identify label ID with the user _UBe mapped to elliptic curve E (F _p) on the some Q on q rank _U

Select a random train σ, r=H is set ₁(σ, M), wherein M is above-mentioned message: M=x||y;

Calculate ciphertext $C=<\mathrm{rP},\mathrm{\&sigma;}\&CirclePlus;H\left(g_{\mathrm{ID}}^r\right),M\&CirclePlus;I_1\left(\mathrm{\&sigma;}\right)>,$ Wherein $g_{\mathrm{ID}}=e(Q_U,P_{\mathrm{pub}})\&Element;F_{p^2},$ E is the bilinearity mapping function of a weil pairing.