CN105119721B - A kind of three factor remote identity authentication methods based on smart card - Google Patents
A kind of three factor remote identity authentication methods based on smart card Download PDFInfo
- Publication number
- CN105119721B CN105119721B CN201510477113.5A CN201510477113A CN105119721B CN 105119721 B CN105119721 B CN 105119721B CN 201510477113 A CN201510477113 A CN 201510477113A CN 105119721 B CN105119721 B CN 105119721B
- Authority
- CN
- China
- Prior art keywords
- smart card
- server
- registration center
- user
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of three factor remote identity authentication methods based on smart card, include the following steps:User and server are registered to registration center, wherein, smart card includes encryption information;User logs in;Smart card local verification;Registration center's authentication server and user;Server authentication registration center;Smart card authentication server.The present invention realizes user anonymity, has successfully resisted Denial of Service attack, eavesdropping attack and smart card and has been stolen the attack patterns such as attack.
Description
Technical field
The present invention relates to information security and network technique field, more particularly to a kind of long-range body of three factors based on smart card
Identity authentication method.
Background technology
Network communication technology is quickly grown so that more and more people's custom is serviced by network, such as electronics business
Business, E-Government, E-logistics etc..User obtains information from server or enjoys the service that server provides, and needs first
Log on to server.Therefore, need there are one the long-distance identity-certifying scheme for being applied to network, to verify the legitimacy of user.But
It is that internet is a public environment, anyone can intercept the message between user and server, so how to protect
User information prevents that illegal communication is extremely important.
In practical application, the Dual-factor identity authentication method under environment of multi-server is widely used, but such method is still not
The environment of high safety, such as finance, military, national security field can be met the requirements.Biological characteristic, such as fingerprint, iris, have
Uniqueness, and it is not easy to lose, not malleable, be not easy to usurp, just meet the needs of high safety occasion.Twentieth century 70 years
Generation, some researchers begin to focus on biological information, but due to technology restriction, can not efficiently extract, store biological information,
The correctness of biological information can not be verified with digital means, so biological identification technology is failed to be used widely.With finger
The development of line identification technology, iris recognition technology and voice recognition technology, biological identification technology have come into multiple fields, wherein
One important field is exactly identity identifying method.
Three factor identity identifying methods are verified by three factors (" known to user ", " user owns ", " whom user is ")
User identity, using biological information it is uniquely constant the characteristics of, enhance the security of identity identifying method.User wants login service
During device, in addition to password and identity are provided, input biological information is also needed;If it is gathered when biological information and the registration of input
The matching degree of biological information is not up to secure threshold, and server will not provide service to registrant.
But the certain methods provided in the prior art, such as credit identity verification method generally used now, exist
Denial of Service attack can not be resisted, the problem of eavesdropping attack, smart card are stolen attack and anonymous sexual assault.
The content of the invention
For disadvantages described above, it is an object of the invention to provide intelligence is based under a kind of safer environment of multi-server
Card three factor remote identity authentication methods, can resist Denial of Service attack, eavesdropping attack, smart card be stolen attack, simultaneously
With fingerprint identification function.
In order to achieve the above objectives, the present invention adopts the following technical scheme that:
A kind of three factor remote identity authentication methods based on smart card, the described method includes:By server in registration
The heart is registered as the legal server in multi-server system;User submits application for registration, after succeeding in registration, user to registration center
The smart card for having specific information is obtained, the specific information is { Pi,Di,Ci,Gi,Vi,Zi,Bi, h () }, wherein, Pi、Di、Ci、
Gi、Vi、ZiAnd BiIt is encryption information, Pi provides password PW by useriCryptographic Hash P twicei=h (h (PWi)), Di is use
Family identity UIDiSecret valueCiFor the secret value of userRUi=
h(UIDi| | x), GiFor the secret value of systematic parameterViFor the secret value of fingerprint feature pointZiAnd BiFor the encryption information of registration center generationb
For the random number of smart card generation, z and the key that x, y are registration center;User uses the smart card login service device;
The entry password that the smart card is provided according to user carries out local verification, if password is correct, smart card further verifies user
Biological characteristic, if being verified, generate first verification data and send it to the server, otherwise terminate session;
After the server receives first verification data, generate to prove the second verification data of the server identity, and by the
One verification data and the second verification data issue the registration center;The registration center is first according to the second verification number received
According to the legitimacy of authentication server identity, then according to the legitimacy of first verification data verification user identity, server and use
After the identity at family is all verified, the 3rd verification data of registration center's generation and the 4th verification data, and the 3rd and four are verified
Data sending gives the server;The server tests registration center's identity according to the 3rd received verification data
Card, if server authentication the 3rd verifies that data are sent out really by the registration center, the server generates server end meeting
Key is talked about, and gives the 4th verification data sending to the smart card;Whether the 4th verification data that the smart card authentication receives
Legal, if by verification, smart card completes the inspection of server identity legitimacy, and generation smart card end session key is described
Smart card is encrypted and is communicated using the session key and symmetrical encipher-decipher method of each self-generating with the server, is otherwise terminated
Session.
Further, a kind of the step of three factor remote identity authentication methods based on smart card, server registration, is into one
Step includes:Registration center uses key y encryption server identity SIDj, generation cryptographic Hash RSj=h (SIDj| | y), and will
{RSj, g, h () } and by safe lane deposit server, wherein g is the parameter of system.
Further, a kind of three factor remote identity authentication methods based on smart card, user are noted in registration center
The step of volume, further comprises:User submits User Identity UID to registration centeriWith password PWi, and typing fingerprint;It is described
Registration center extracts digitized fingerprint feature point Fi, generate the cryptographic Hash P twice of passwordi=h (h (PWi)), identity adds
Close valueThe secret value RU of useri=h (UIDi| | x) andSystematic parameter
Secret valueAnd the secret value of fingerprint feature pointThe smart card generates one
Random number b, the registration center calculateAnd then it generatesX, y and z are registration centers
Key;The registration center is by encryption information { Pi,Di,Ci,Gi,Vi,Zi,Bi, h () } and it is stored in smart card.
Further, a kind of three factor remote identity authentication methods based on smart card, user's login step are further wrapped
It includes:The user inputs the password PW of oneself by smart cardi *, smart card judges equation Pi=h (h (PWi *)) whether true, if
It sets up, smart card prompting user's typing fingerprint, and extracts its characteristic value Fi *, otherwise terminate session;The smart card passes through calculating
Reduce registered fingerprint characteristic valueAnd examine Fi *With FiMatching degree, if the matching degree of the two does not have
More than the secure threshold of setting, then login is terminated, if more than the threshold value, logined successfully.
Further, a kind of three factor remote identity authentication methods based on smart card, smart card generate and send first
The step of verifying data further comprises:The smart card generation random number ruAnd bnew, and reduce user identifierIt calculatesWithReductionAnd it counts
Calculate first verification dataWherein TiIt is the timestamp that smart card end represents current time;Intelligence
It can block and auxiliary is verified into dataWith first verification data M1It is sent to server.
Further, a kind of three factor remote identity authentication methods based on smart card, server are sent to registration center
The step of first verification data and the second verification data, further comprises:The server receives the verification data of smart card transmission
Afterwards, its time stamp T is verifiediValidity, if timestamp terminates communication not in service time scope;Otherwise, server is given birth to
Into random numberFor the multiplication of integers group of mould q, q is Big prime, and calculates the second verification dataWherein TjIt is the timestamp that server end represents current time;The server is by first
Verify data, the second verification data and related auxiliary verification data such as
Registration center is issued Deng whole.
Further, a kind of three factor remote identity authentication methods based on smart card, registration center examine server and
User identity legitimacy further comprises:The registration center first verifies that time stamp TiAnd TjWhether effectively, if invalid,
Session is terminated, otherwise carries out following steps, the registration center calculates RS'j=h (SIDj| | y) andThen equation M' is examined2=M2Whether true, if set up, it is legal that server has
Property, otherwise terminate session;The registration center calculatesWithAnd reduce User IdentityCalculate RU 'i=h (UIDi| | x) andJudge M '1With M1Whether
Equal, if equal, the identity of user is legal.
Further, a kind of three factor remote identity authentication methods based on smart card, registration center generate simultaneously
The step of sending the 3rd verification data and the 4th verification data further comprises:The registration center calculates3rd verification dataWith the 4th verification
DataAnd by { Qj,M3,M4Issue server.
Further, pair of a kind of three factor remote identity authentication methods based on smart card, server and user identity
Further comprise to verification step:The server authentication the 3rd verifies whether data are sent out by registration center, if by verifying,
Server verifies message to the 4th verification data of smart card forwarding and auxiliaryIt is close to generate server end simultaneously
Otherwise key terminates session;The smart card authentication the 4th verifies whether data are sent out by registration center, if by verification, gives birth to
Into smart card end key, session is otherwise terminated.
Further, a kind of three factor remote identity authentication methods based on smart card, smart card authentication server identity
Following steps are further included after legal:Smart card calculatesAnd with { Znew,BnewReplace it the preceding { Z storedi,
Bi}。
{ P is stored in smart card in the inventive solutionsi,Di,Ci,Gi,Vi,Zi,Bi, h () }, except hash function
Outside, other information is all secret value, even if being stolen by attacker, will not reveal sensitive information, and intelligence is resisted so as to reach
The stolen attack of card and the target for resisting eavesdropping attack.P in smart cardi=h (h (PWi)), user is after password is inputted, smart card
The cryptographic Hash twice of password will be calculated, and verified whether and PiIt is equal, so as in the correctness of local verification password, make up
The prior art can not local verification password correctness the defects of, well resisted Denial of Service attack.Moreover, the present invention improves
The storage of fingerprint and verification method, using feature point extraction and the matched method of threshold value so that fingerprint recognition is easier to realize.
In addition, by the present invention in that realize good anonymity with the method that random number encryption and smart card update storage, can resist
Anonymous sexual assault.
Description of the drawings
Fig. 1 is the schematic diagram of the specific embodiment server registration stage etch of the present invention;
Fig. 2 is the schematic diagram of the specific embodiment user's registration stage etch of the present invention;
Fig. 3 is the specific embodiment entry stage of the present invention and the schematic diagram of Qualify Phase step.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, it is right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, not
For limiting the present invention.
Include three participants, user U in the technical solution that the present invention is announcedi, registration center RC and server Sj;
Including three phases, registration phase, entry stage and Qualify Phase.
As shown in Figure 1,2 and 3, a kind of three factor remote identity authentication methods based on smart card, the described method includes:It will
Legal server of the server in registration center is registered as multi-server system;User submits application for registration to registration center,
After succeeding in registration, user obtains the smart card for having specific information, and the specific information is { Pi,Di,Ci,Gi,Vi,Zi,Bi,h
() }, wherein, Pi、Di、Ci、Gi、Vi、ZiAnd BiIt is encryption information, PiPassword PW is provided by useriCryptographic Hash P twicei=
h(h(PWi)), DiFor User Identity UIDiSecret valueCiFor the secret value of userRUi=h (UIDi| | x), GiFor the secret value of systematic parameterViIt is special for fingerprint
Levy the secret value of pointZiAnd BiFor the encryption information of registration center generationB is the random number of smart card generation, x, y and the key that z is registration center;
User uses the smart card login service device;The entry password that the smart card is provided according to user carries out local verification, if
Password is correct, and smart card further verifies the biological characteristic of user, if being verified, generating first verification data and being sent out
The server is given, otherwise terminates session;After the server receives first verification data, generate to prove the service
Second verification data of device identity, and first verification data and the second verification data are issued into the registration center;The registration
It according to the legitimacy of the second verification data verification server identity received, is then verified first according to first verification data at center
After the identity of the legitimacy of user identity, server and user are all verified, the 3rd verification data of registration center's generation and the
Four verification data, and give the 3rd and four verification data sendings to the server;The server is according to the received the 3rd
Verification data verify registration center's identity, if server authentication the 3rd verifies that data are really the institute of registration center
Hair, then the server generation server end session key, and give the 4th verification data sending to the smart card;The intelligence
Whether the 4th verification data that card verification receives are legal, if by verification, smart card completes the inspection of server identity legitimacy
It tests, generation smart card end session key, the smart card is added with the server using the session key of each self-generating and symmetrically
Communication is encrypted in decryption method, otherwise terminates session.
{ P is stored in smart card in the inventive solutionsi,Di,Ci,Gi,Vi,Zi,Bi, h () }, except hash function
Outside, other information is all secret value, even if being stolen by attacker, will not reveal sensitive information, and intelligence is resisted so as to reach
The stolen attack of card and the target for resisting eavesdropping attack.P in smart cardi=h (h (PWi)), user is after password is inputted, smart card
It will calculate the cryptographic Hash twice of password, and with verifying whether and PiIt is equal, so as in the correctness of local verification password, this
Compensate for the defects of prior art can not carry out local password verification.Moreover, storage and authentication present invention improves over fingerprint
Method, using feature point extraction and the matched method of threshold value so that fingerprint recognition is easier to realize.In addition, the present invention is by by the
One verification data realize good anonymity using the method that random number encryption and smart card update storage, and can resist anonymity
Attack.Authentication server and smart card are carried out by registration center, then server authentication registration center, smart card authentication service
Device, this verification method integrally can be achieved to resist the technique effect of server simulated strike.
Further, the step of server registration further comprises:Registration center uses key y encryption server identity marks
Know SIDj, obtain cryptographic Hash RSj=h (SIDj| | y), and by { RSj, g, h () } and by safe lane deposit server, wherein g is comprehensive
The parameter of collaboration system.The system that integrated system refers to the compositions such as registration center, smart card, server.
Further, user further comprises the step of registration center is registered:When registration phase starts, Yong Huxiang
User Identity UID submits in registration centeriWith password PWi, and typing fingerprint;The registration center extracts digitized fingerprint
Characteristic point Fi, calculate the cryptographic Hash P twice of passwordi=h (h (PWi)), identity secret valueWith
Family secret value RUi=h (UIDi| | x) andThe secret value of integrated system parameterWith
And the secret value of fingerprint feature pointThe smart card generates a random number b, and the registration center calculatesAnd then it calculatesX, y and z herein is the key of registration center;The registration center
By encryption information { Pi,Di,Ci,Gi,Vi,Zi,Bi, h () } and it is stored in smart card, and pass through safe lane and smart card is issued into use
Family.
Further, login step further comprises:The user inputs the password PW of oneself by smart cardi *, intelligence
Card is by judging equation Pi=h (h (PWi *)) whether correct into Rob Roy inspection user password.Only in password by correct defeated
After entering, smart card prompting user's typing fingerprint, and extract its characteristic value Fi *;The smart card is special by calculating reduction registered fingerprint
Value indicativeAnd examine Fi *With FiMatching degree, if the matching degree of the two be not above setting safety
Threshold value (such as 90%), then terminate login, if more than the threshold value, smart card may be considered the login that the user implements
Operation.
Further, smart card generates and sends the step of first verification data and further comprises:The smart card generation
Random number ruAnd bnew, and reduce user identifierIt calculatesWithReductionAnd calculate first verification data
Wherein TiIt is the timestamp that smart card end represents current time, finally, auxiliary will be verified data by smart cardWith first verification data M1It is sent to server.
Further, the step of server sends first verification data and the second verification data to registration center is further wrapped
It includes:After the server receives the verification data of smart card transmission, its time stamp T is verifiediValidity, if timestamp does not exist
Service time scope then terminates communication, otherwise server generation random numberWherein,For the multiplication of integers group of mould q,
Q is Big prime, and calculates the second verification dataWherein TjIt is that server end represents current
The timestamp of time;The server all sends out first verification data and the second verification data and related auxiliary verification data
To registration center, includingWith
Further, registration center examines server and user identity legitimacy to further comprise:The registration center is first
First verify time stamp TiAnd TjIt is whether effective, if effectively, then the identity of authentication server identity legitimacy, then verification user
Legitimacy;On the premise of server and user are legal, registration center to server send the 3rd verification data, server and
User completes the two-way authentication of the two according to the 3rd verification data.
Further, registration center examines server identity legitimacy to further comprise:The registration center calculates RS'j
=h (SIDj| | y) andThen equation M' is examined2=M2It is whether true, if set up,
Prove the information that the message that the server is sent includes key y, also turned out the legitimacy of server, if equation not into
Vertical, then registration center terminates this session.
Further, registration center examines user identity legitimacy to further comprise:The registration center calculatesWithAnd reduce User IdentityCalculate RU 'i=h (UIDi|
| x) andJudge M '1With M1It is whether equal, if equal, the identity of provable user
It is legal.
Further, registration center generate and send the 3rd verification data and the 4th verification data the step of further wrap
It includes:The registration center calculatesWithAnd the 3rd verification dataWith the 4th verification dataAnd by { Qj,M3,
M4Issue server.
Further, the bi-directional authentication steps of server and user identity further comprise:The server passes through confirmation
3rd verification data are sent out the identity of indirect verification user by registration center really, after demonstrating user identity, server to
While the 4th verification data of smart card forwarding, also need to send auxiliary verification messageThe smart card passes through true
Recognize the identity that the 4th verification data are sent out indirect verification server by registration center really.
Further, further included after smart card authentication server identity is legal:Update the storage content of smart card;Smart card
It calculatesAnd with { Znew,BnewReplace it the preceding { Z storedi,Bi}。
Further, identical session key is calculated after smart card and server authentication
Another as the present invention is more nearly the specific embodiment of application, and registration phase completes user UiAnd service
Device SjIn the registration work of registration center, communicate and carried out in safe lane.It is as follows described:
For legal server, it is necessary to submit its identity SID to registration centerj, registration center's calculating secret value
RSj=h (SIDj| | y), and by { RSj, g, h () } and by safe lane deposit server, wherein g is the parameter of system.
For validated user, when registration, needs to submit User Identity UID to registration centeriWith password PWi, and typing
Fingerprint, registration center extract digitized fingerprint feature point Fi.Then, registration center follows the steps below:
1. registration centers of Step calculate the cryptographic Hash P twice of passwordi=h (h (PWi)), identity secret valueThe secret value RU of useri=h (UIDi| | x) andThe encryption of systematic parameter
ValueAnd the secret value of fingerprint feature point
2. smart cards of Step generate a random number b, and registration center calculatesAnd thenZ and x, y herein is the key of registration center.
3. registration centers of Step are by { Pi,Di,Ci,Gi,Vi,Zi,Bi, h () } and it is stored in smart card, and pass through safe lane
Smart card is issued into user.
It logs in and Qualify Phase will complete verification, the service of smart card local verification, registration center to server and user
The verification for the verification data that device and user send registration center.It is as follows:
1. users of Step want login service device, it is necessary to which smart card is inserted into card reader, then input password PWi *, intelligence
Card is by judging equation Pi=h(h(PWi *)) whether into Rob Roy examine user password it is whether correct.It is only correct in password
After input, smart card prompting user's typing fingerprint, and extract its characteristic value Fi *.Smart card reduces registered fingerprint feature by calculating
ValueAnd examine Fi *With FiMatching degree, if the matching degree of the two be not above setting threshold value
(threshold value can be set according to the requirement of security), then terminate login, if more than threshold value, is regarded as user's login.
Smart card continues to generate random number ruAnd bnew, and reduce user identifierIt calculatesWithReductionAnd calculate first verification dataFinally, smart card willIt is sent to server.
2. servers of Step receive the landing request information of userAfterwards, its time will be verified
Stab TiValidity, if timestamp terminates communication, otherwise continues below step not in service time scope.
3. servers of Step generate random numberFor the multiplication of integers group of mould q, q is Big prime, and is calculated
Second verification dataWherein TjIt is the timestamp of server end current time.Then service
The landing request information that device sends smart cardRegistration center is transmitted to, and simultaneously into registration
The heart sends the verification information of server
4. registration centers of Step receiveWithAfterwards, T will be first verified thati
And TjWhether effectively, it is all legal in server and user if effectively, then verifying server and whether the identity of user is legal
Under the premise of, registration center will send identity authentication message to server, and server and user can complete according to this certification message
Authentication.Refer to following sub-step.
Step 4-1. registration centers calculate RS'j=h (SIDj| | y) andThen examine
Test equation M'2=M2It is whether true, if so, then prove the message information that include key y that server is sent, it was demonstrated that service
The legitimacy of device.If equation is invalid, registration center terminates this session.
Step 4-2. registration centers calculateWithAnd reduce User IdentityCalculate RU 'i=h (UIDi| | x) andJudge M '1With M1Whether
Equal, if equal, the identity of provable user is legal.If unequal, registration center notice server the user does not conform to
Method.
After the identity of Step 4-3. servers and user are all by verification, registration center calculates secret valueWithAnd the 3rd verification data of authentication are completed for user and serverWith the 4th verification dataAnd by { Qj,M3,
M4Issue server.
5. servers of Step receive { Qj,M3,M4After, it calculatesAnd verify M '3
Whether the M of registration center transmission is equal to3.If equal, it is really this login process registration center hair to prove the message,
And sent out after the authenticated user information of registration center, that is to say, that server completes the authentication to user at this time.
Server calculates the session key of this time serviceIt and willIt is sent to user.
6. users of Step receive the feedback information that server is beamed backAfterwards, identity authentication message is calculatedVerify M'4The M sent with server4It is whether equal, if equal, prove M4It is
What registration center was calculated, and registration center only have first authentication server identity it is legal after can just calculate this value, so with
Family also completes the authentication to server.Then, smart card calculatesAnd with { Znew,BnewReplace
{ the Z stored beforei,Bi}.Last smart card calculates the session key identical with serverSo far, log in
It is completed with verification process.
In conclusion the present invention by encrypted smart card be locally stored data, smart cards for storage password twice cryptographic Hash, with
The methods of machine number is encrypted and updates smart cards for storage, solves Chen et al. and proposes easily to be hidden present in identity identifying method
The problems such as name sexual assault, eavesdropping attack, smart card are stolen attack and can not verify password correctness.Meanwhile the present invention has
Local verification, password can be changed, without advantageous effects such as proof list, preceding backward securities.
The foregoing is merely presently preferred embodiments of the present invention, is not used for limiting the practical range of the present invention;If it does not take off
It from the spirit and scope of the present invention, modifies or equivalently replaces the present invention, should all cover in the claims in the present invention
Among protection domain.
Claims (3)
1. a kind of three factor remote identity authentication methods based on smart card, which is characterized in that the described method includes:
By legal server of the server in registration center is registered as multi-server system, registration center is encrypted using key y
Server identity identifies SIDj, generation cryptographic Hash RSj=h (SIDj| | y), and by { RSj, g, h () } and it is taken by safe lane deposit
Business device, wherein g are systematic parameter;
User submits application for registration to registration center, and after succeeding in registration, user obtains the smart card for having specific information, the spy
Information is determined for { Pi,Di,Ci,Gi,Vi,Zi,Bi, h () }, wherein, Pi、Di、Ci、Gi、Vi、ZiAnd BiIt is encryption information, h () is Kazakhstan
Uncommon function, PiPassword PW is provided by useriCryptographic Hash P twicei=h (h (PWi)), DiFor User Identity UIDiPlus
Close valueCiFor the secret value of userRUi=h (UIDi| | x), GiFor system
The secret value of parameter gViFor fingerprint feature point FiSecret valueZiAnd BiTo be described
The encryption information of registration center's generationB be the smart card generation random number, z with
X, y are the key of registration center;
User uses the smart card login service device, and the user inputs the password PW of oneself by smart cardi *, smart card sentences
Disconnected equation Pi=h (h (PWi *)) whether true, if so, smart card prompts user's typing fingerprint, and extracts its characteristic value Fi *, it is no
Then terminate session;
The smart card reduces registered fingerprint characteristic value by calculatingAnd examine Fi *With FiMatching journey
Degree if the matching degree of the two is not above the secure threshold of setting, terminates logins, if more than the threshold value, login into
Work(;
The smart card generation random number ruAnd bnew, and reduce user identifierIt calculatesWithReductionAnd calculate first verification dataWherein TiBe smart card end represent current time timestamp, SIDjFor in registration center
The identity of the server of lawful registration;Smart card will aid in verifying dataAnd first verification data
M1It is sent to server;
After the server receives the verification data of smart card transmission, its time stamp T is verifiediValidity, if timestamp does not exist
Service time scope then terminates communication, otherwise, server generation random numberWherein,For integer mould q multiplicative groups, q
For Big prime, data are verified in then server calculating secondWherein TjIt is server end table
Show the timestamp of current time;First verification data and the second verification data and related auxiliary are verified data by the server
Registration center all is issued, includingWith
The registration center first verifies that time stamp TiAnd TjWhether effectively, if invalid, session is terminated, otherwise carried out as follows
Step, the registration center calculate RS'j=h (SIDj| | y) andThen equation M' is examined2
=M2Whether true, if set up, server has legitimacy, otherwise terminates session;The registration center calculatesWithAnd reduce User IdentityCalculate RU 'i=h (UIDi||
X) andJudge M '1With M1Whether equal, if equal, the identity of user is legal;
The registration center calculates and generatesWithAnd the 3rd verification dataWith the 4th verification dataBy { Qj,M3,M4Hair
To server;
The server authentication the 3rd verifies whether data are sent out by registration center, if by verification, server turns to smart card
Send out the 4th verification data and auxiliary verification messageServer end key is generated simultaneously, otherwise terminates session;Institute
It states smart card authentication the 4th and verifies whether data are sent out by registration center, if by verifying, indirect verification server identity
Legitimacy, while generate smart card end key, otherwise terminate session.
2. according to the method described in claim 1, it is characterized in that, user further wraps the step of registration center is registered
It includes:
User submits User Identity UID to registration centeriWith password PWi, and typing fingerprint;
The registration center extracts digitized fingerprint feature point Fi, generate the cryptographic Hash P twice of passwordi=h (h (PWi)), body
Part mark secret valueThe secret value of userWherein RUi=h (UIDi| | x),
The secret value of systematic parameterAnd the secret value of fingerprint feature point
The smart card generates a random number b, and the registration center calculatesAnd then it generatesZ and x, y are the keys of registration center;
The registration center is by encryption information { Pi,Di,Ci,Gi,Vi,Zi,Bi, h () } and it is stored in smart card.
3. it according to the method described in claim 1, it is characterized in that, is further included after smart card authentication server identity is legal as follows
Step:
Smart card calculatesAnd with { Znew,BnewReplace it the preceding { Z storedi,Bi}。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510477113.5A CN105119721B (en) | 2015-08-06 | 2015-08-06 | A kind of three factor remote identity authentication methods based on smart card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510477113.5A CN105119721B (en) | 2015-08-06 | 2015-08-06 | A kind of three factor remote identity authentication methods based on smart card |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105119721A CN105119721A (en) | 2015-12-02 |
| CN105119721B true CN105119721B (en) | 2018-05-29 |
Family
ID=54667621
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510477113.5A Active CN105119721B (en) | 2015-08-06 | 2015-08-06 | A kind of three factor remote identity authentication methods based on smart card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105119721B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107294725A (en) * | 2016-04-05 | 2017-10-24 | 电子科技大学 | A kind of three factor authentication methods under environment of multi-server |
| CN106230840B (en) * | 2016-08-04 | 2019-09-10 | 南京邮电大学 | A kind of command identifying method of high security |
| CN108400962B (en) * | 2017-02-08 | 2022-03-29 | 格尔软件股份有限公司 | Authentication and key agreement method under multi-server architecture |
| CN107425964A (en) * | 2017-05-09 | 2017-12-01 | 哈尔滨工业大学深圳研究生院 | Three-side password authentication and key agreement protocol based on the fault-tolerant smart card of information leakage |
| CN109088888B (en) * | 2018-10-15 | 2021-02-05 | 山东科技大学 | Secure communication method and system based on smart card |
| CN110708337B (en) * | 2019-10-30 | 2022-06-28 | 浪潮软件科技有限公司 | Big data security framework system based on identity authentication |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045170A (en) * | 2010-12-28 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Method and system for protecting safety of password |
| CN103338201A (en) * | 2013-07-02 | 2013-10-02 | 山东科技大学 | Remote identity authentication method participated in by registration center under multi-sever environment |
| CN103368954A (en) * | 2013-07-02 | 2013-10-23 | 山东科技大学 | Smart card registration entry method based on password and biological characteristics |
-
2015
- 2015-08-06 CN CN201510477113.5A patent/CN105119721B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045170A (en) * | 2010-12-28 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Method and system for protecting safety of password |
| CN103338201A (en) * | 2013-07-02 | 2013-10-02 | 山东科技大学 | Remote identity authentication method participated in by registration center under multi-sever environment |
| CN103368954A (en) * | 2013-07-02 | 2013-10-23 | 山东科技大学 | Smart card registration entry method based on password and biological characteristics |
Non-Patent Citations (2)
| Title |
|---|
| Towards secure and efficient user authentication scheme using smart card for multi-server environments;Te-Yu Chen等;《The Journal of Supercomputing》;20130607;全文 * |
| Weaknesses of a dynamic based remote user authentication protocol for multi-server environmentID;R. Madhusudhan等;《Journal of Computer and Communications》;20141231;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105119721A (en) | 2015-12-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105119721B (en) | A kind of three factor remote identity authentication methods based on smart card | |
| Li et al. | A robust biometrics based three-factor authentication scheme for global mobility networks in smart city | |
| CN106657124B (en) | Anonymous authentication and key agreement optimization authentication method and optimization authentication analysis method based on pseudonym for Internet of things | |
| US8689306B2 (en) | Method for the unique authentication of a user by service providers | |
| CN109327313A (en) | A kind of Bidirectional identity authentication method with secret protection characteristic, server | |
| CN111818039A (en) | Three-factor anonymous user authentication protocol method based on PUF in Internet of things | |
| CN101902476B (en) | Method for authenticating identity of mobile peer-to-peer user | |
| CN103338201B (en) | The remote identity authentication method that under a kind of environment of multi-server, registration center participates in | |
| CN103905437B (en) | Remote protocol authentication method based on passwords | |
| CN105871553A (en) | Identity-free three-factor remote user authentication method | |
| Nagaraju et al. | SecAuthn: Provably secure multi-factor authentication for the cloud computing systems | |
| CN113727296B (en) | Anonymous privacy protection authentication protocol method based on wireless sensor system in intelligent medical treatment | |
| CN109347626B (en) | Safety identity authentication method with anti-tracking characteristic | |
| CN103347018A (en) | Long-distance identity authentication method based on intelligent card and under multiple-service environment | |
| CN104767624A (en) | Remote protocol authentication method based on biological features | |
| CN106789032A (en) | The single password tripartite authentication method of privacy sharing between server and mobile device | |
| CN105187405A (en) | Reputation-based cloud computing identity management method | |
| CN113360943A (en) | Block chain private data protection method and device | |
| CN112329519A (en) | Safe online fingerprint matching method | |
| CN109379176A (en) | A kind of certifiede-mail protocol method of anti-password leakage | |
| CN106059764A (en) | Password and fingerprint third-party authentication method based on halting key derivation function | |
| Kumar et al. | A construction of post quantum secure and signal leakage resistant authenticated key agreement protocol for mobile communication | |
| Kim et al. | Further improved remote user authentication scheme | |
| CN110784305A (en) | Single sign-on authentication method based on careless pseudorandom function and signcryption | |
| CN116388995A (en) | Lightweight smart grid authentication method based on PUF |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20151202 Assignee: Qingdao Huaheng Shengtai Electronic Technology Co.,Ltd. Assignor: SHANDONG University OF SCIENCE AND TECHNOLOGY Contract record no.: X2023370010006 Denomination of invention: A three-factor remote identity authentication method based on smart card Granted publication date: 20180529 License type: Common License Record date: 20230106 |