CN106888097B - Identity authentication method based on zero-knowledge proof in HCE mode - Google Patents

Identity authentication method based on zero-knowledge proof in HCE mode Download PDF

Info

Publication number
CN106888097B
CN106888097B CN201710200926.9A CN201710200926A CN106888097B CN 106888097 B CN106888097 B CN 106888097B CN 201710200926 A CN201710200926 A CN 201710200926A CN 106888097 B CN106888097 B CN 106888097B
Authority
CN
China
Prior art keywords
cloud
mobile phone
identity
data
index
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710200926.9A
Other languages
Chinese (zh)
Other versions
CN106888097A (en
Inventor
陈明志
刘川葆
杨小权
林伟宁
冯映燕
康年华
李光耀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Beika Technology Co ltd
Original Assignee
Beijing Beika Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Beika Technology Co ltd filed Critical Beijing Beika Technology Co ltd
Priority to CN201710200926.9A priority Critical patent/CN106888097B/en
Publication of CN106888097A publication Critical patent/CN106888097A/en
Application granted granted Critical
Publication of CN106888097B publication Critical patent/CN106888097B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs

Abstract

The invention relates to an identity authentication method based on zero knowledge proof in an HCE mode. According to the particularity of the HCE mode and the relevant characteristics of the FFS protocol, the method is provided, identity information is submitted by a user, two certificates are generated by a cloud and used for bidirectional authentication of the user and the cloud, and then interaction is carried out according to the scheme for improving the ZMAP in the daily use process, so that the identity authentication process is completed. The method of the invention hides the local certificate in the residual storage space, locally indexes the position anchor point, the cloud provides a relative index position method to hide and protect the local certificate, the random sub-identity certificate generation is used for ensuring that no reliable data position index is generated in the interaction process, the zero-knowledge proof method is used for ensuring that no information related to the certificate is leaked in the data interaction process so as to protect the certificate from being intercepted and stolen by a third party, and the mutual authentication of the cloud and the local identity is completed in the above way.

Description

Identity authentication method based on zero-knowledge proof in HCE mode
Technical Field
The invention relates to an identity authentication method based on zero knowledge proof in an HCE mode.
Background
Data published by the well-known research institute Frost & Sullivan show that in 2015, 38% of the mobile phones sold in europe will be equipped with NFC functionality. In-Stat release report of American scientific research company, 2015, the NFC market will increase by 30% to 3.75 billion users and 12 billion chips. The large growth in the number of NFC devices and NFC users has led to a continuous increase in the number of NFC applications.
NFC devices have three modes of operation: reader/writer mode, point-to-point mode (P2Pmode), Card emulation mode [1 ]. Most commonly used in the card emulation mode. NFC technology is rapidly developed in the world, and Google Wallet can store credit card membership card information in a virtual Wallet and realize transactions through NFC terminal equipment. Germany, austria, finland, new zealand, italy, iran and turkey have tested the NFC ticketing system for public transport [2 ]. In China, NFC equipment has been applied to a small range in 2006, a novel intelligent access control technology based on the NFC technology is adopted in enterprises, and Android Beam is used for data sharing and transmission [3] in a parking lot, a library, a gymnasium and other public occasions as payment means, but the development is still very slow on the whole.
Devices using NFC generally use the SE scheme to protect the security of locally sensitive data. The SE scheme is to locally use an intelligent unit with a storage space, and the unit operates independently of the system, so as to ensure the security of NFC independently of the system. The SE module can be generally controlled by NFC manufacturers, service providers, and storage device providers, which results in a competitive relationship among manufacturers in various links in an industrial chain, and does not give away from each other in order to compete for exclusive rights of the SE module, which ultimately seriously affects the popularization of NFC devices, and meanwhile, the very limited storage space on the SE module also limits the development and use of NFC applications [4 ].
On 09/19 2012, SimplyTapp implements Host-based Card Emulation (HCE) in Android third party CyanogenMod firmware. 12.13.2013, Google releases the latest android4.4 operating system, and supports the host card simulation HCE technology. 19/02/2014 Visa and mastercard simultaneously announced that cloud mobile payments will be pushed based on HCE technology. The HCE scheme bypasses the SE unit, thereby greatly improving the convenience of NFC application development and use. However, the HCE scheme is a less secure alternative. Since the SE module is actually stored in the cloud, that is, the sensitive data is actually stored in the cloud, security needs to be ensured in the data transmission process leading to the SE in the cloud. While there is still a need to use locally stored identity credentials to verify identity, the security of local data also requires sufficient assurance [5 ].
A research group at the university of saliy, uk successfully intercepts a contactless payment transmission signal with a distance of 45 to 80 cm with unobtrusive equipment, which makes the originally hard-to-listen characteristic of NFC devices unreliable, and this unreliable trend becomes more obvious with further development of technology. Meanwhile, a man-in-the-middle attack recently appeared in Apple Pay is reported, which also presents a new challenge to the reliability of the data transmission process in the HCE scheme. The high-level product president Kaushik Roy from TSM and mobile commerce software and provider Sequent considers that it is not enough to ensure the security of mobile payment to have Tokenization, and the software in the device still plays an important role in the security of mobile payment.
Aiming at the problems of eavesdropping, man-in-the-middle attack and local certificate safety in data transmission, the HCE identity authentication scheme based on zero-knowledge proof is provided, the position of a designated part of a certificate is explained through indexing, extracted certificates are calculated, calculation results are transmitted, and a cloud end verification message is used for authenticating a user and equipment. The method can effectively prevent man-in-the-middle attacks by means of zero-knowledge proof, and the local certificate is hidden in the storage device to protect the security of the local certificate.
1 HCE mode
Near Field Communication (NFC), a technology that enables wireless Communication between devices [6], is a short-range Near Field Communication protocol [7], which uses a comment of 13.56MHz, with a transmission distance within 20cm [8 ]. The security of the traditional NFC device depends on an underlying hardware device Secure Element (SE) module, and the application of the traditional NFC device needs to be based on the Trusted Service Management (TSM). There are mainly three ways of embedding SE, one in SIM card (taking mobile wing payment as an example), the other in mobile phone terminal or SD card, and the other in NFC device itself, so that the development of its application is necessarily limited by mobile operators, terminal manufacturers or financial institutions [9 ]. Since the SE module is a small intelligent chip, some data processing such as encryption of short data can be performed [10 ]. The related information for identity authentication, such as unique code, personal information, etc., is usually stored in the storage unit of SE, so as to achieve the purpose of isolating from other systems (such as the system of mobile phone), thus ensuring no interference from other systems to realize relative safety. The incoming and outgoing data are encrypted and decrypted independently through the SE module, so that the transmission process is relatively safe [11 ]. Under the SE mode, the POS machine sends out a request signal, the request signal is received by the NFC equipment of the mobile phone, data is sent to the SE module for processing through the router, and after the processing of the SE module is finished, the POS machine is informed through the router [12 ].
Host-Card Emulation (HCE) is an improvement over NFC. The HCE mode mainly bypasses the SE unit and stores the SE unit in the cloud.
The main differences between the HCE mode and the normal NFC mode are as shown in the following table [13 ]:
TABLE 1 HCE protocol vs SE protocol Performance comparison
Figure GDA0002416858210000021
From the security perspective of HCE, the greatest disadvantage is that once the terminal is root, its security is seriously damaged, and the root will obtain the right to access the terminal storage system, and then obtain various information stored in the mobile phone, although most important information of the user is stored in the cloud, if some complex encryption techniques are adopted to ensure the security of the data transmission channel, the transaction speed will be slow [14 ].
Smart terminals such as mobile phones belong to a common execution Environment (REE), and can be used to run a wide variety of general-purpose operating systems, such an execution Environment has great flexibility and functionality, and faces a great deal of security threats in many aspects, at this time, the concept of Trusted Execution Environment (TEE) is generated [15 ]. It coexists with the normal execution environment and is dedicated to providing a secure area for the device to execute trusted code. To be safe, the TEE must guarantee that all of its own code is highly reliable [16 ]. The TEE technology is used in NFC, key information such as identity certificates and the like is placed in a TEE part, the executed content of the TEE part is similar to SE, the encryption and decryption functions are realized, and the key information cannot be accessed by other parts, but the addition and subtraction of applications are quite difficult, so that the security is realized, and meanwhile, the REE part is opened for expanding some applications with lower security level. From a practical point of view, the TEE mode is a compromise between the SE mode and the HCE mode.
There are many methods for data transmission, one method is that data traffic is borne by a user, that is, a mobile phone end interacts with a cloud end through a mobile network, but this requires that the mobile phone of the user must be networked, and the requirement for the mobile network is very high, and when the user is located in a place with a weak mobile network, such as an underground store, a suburb, etc., a great influence is caused. The other method is that the data flow is borne by the merchant, namely, the mobile phone end gives the data to intermediate equipment such as a POS machine and the like, and then the intermediate equipment interacts with the cloud through a wired network, and the intermediate equipment is usually relatively reliable between the mobile network and the wired network, and between the mobile phone of the user and the POS machine.
The data flow is illustrated as follows:
(1) the POS machine provides an identity authentication request and can charge the NFC unit of the mobile phone of the user
(2) The user's handset responds, generating data in the manner described later herein, and handing it to the POS machine
(3) The POS machine transmits the data to the cloud end, and the cloud end responds and then transmits the data to the POS machine
(4) The POS machine delivers the cloud data to the mobile phone, and the mobile phone processes the data
The data processing flow can reduce the requirements of the network and the energy of the mobile phone end, so that the interaction process is completed by the POS machine under the condition that the mobile phone does not have energy processing data and does not have the interaction between the network and the cloud.
2 zero knowledge proof
Zero-knowledge proof is a protocol, one called prover, and the other as verifier, the prover trying to make the verifier believe that some argument is correct, but not wanting the verifier to reveal any useful information [17 ]. The idea of zero knowledge proof is often applied to identity authentication.
One of the classical protocols is the Feige-Fiat-Shamir identification protocol [18 ].
The safety of the FFS protocol depends on the difficulty of solving the secondary residue of the model n, and the algorithm has the advantages that the operation speed is high and is 1% -4% of that of RSA, meanwhile, the success rate of each round of deception is that the safety parameter K can be adjusted according to actual requirements, the algorithm is very suitable for being used under the condition that the energy of equipment is limited, and the updating period of the identity certificate can be prolonged.
On the basis of Feige-Fiat-Shamir identity recognition protocol, Schnorr fuses ELGamal signature algorithm and the like, and provides Schnorr identity recognition protocol [19], wherein the security of the Schnorr identity recognition protocol is established on the basis of discrete logarithm difficulty.
Disclosure of Invention
The invention aims to provide an identity authentication method based on zero knowledge proof in an HCE mode, which ensures that no information related to a certificate is leaked in a data interaction process through the zero knowledge proof method so as to protect the certificate from being intercepted and stolen by a third party and can finish mutual authentication between a cloud and a local identity.
In order to achieve the purpose, the technical scheme of the invention is as follows: an identity authentication method based on zero knowledge proof in HCE mode includes the following steps,
s1, user application:
the user delivers the identity information ID and the related information X to the cloud for registration according to the requirement of the cloud application; cloud generates identity voucher (I) according to preset rulesj,Sj) And transmitted back to the user mobile phone; identity credential (I) to be obtained by a userj,Sj) The data index is stored in the storage device after being split into a plurality of parts in pairs, a data index T is generated, then the data index T is sent to the cloud for storage, and meanwhile, the data index is destroyed locally;
s2, information interaction:
s21, generating a random number r by the user through the mobile phoneuAnd using formula Xu=±ru 2mod n is calculated, and then the result X is calculateduThe current time t of the mobile phone is sent to the cloud end through the POS machine;
s22, the cloud generates a random array F ═ { F ═ according to time t1,F2,...,Fk}、Rc={E1,E2,...,EkAnd generating a random number rcAnd picking through random arraySelecting parts to generate sub-certificates, i.e. Sj'=C(SjF) with S) also being generatedj' corresponding Ij'=P(Sj') and then generating a cloud index T' which is transmitted to the local user, namely Ch (F, T) according to the random array and the data index T uploaded by the mobile phone; then, X is calculatedc=±rc 2mod n; finally, the generated random array R is processedcCalculating the result XcAnd sending the index T' to the mobile phone end;
s23, the mobile phone side generates temporary calculation voucher through cloud index T' and local vernier index M
Figure GDA0002416858210000041
Using a random number ruCalculating
Figure GDA0002416858210000042
Is then destroyed
Figure GDA0002416858210000043
Regenerating a random array Ru={E1',E2',...,Ek'}; then Y is put inu、RuSending the data to a cloud end;
s24, cloud computing
Figure GDA0002416858210000051
And calculating the result YcSending back to the mobile phone end;
s25, mobile phone end passing formula
Figure GDA0002416858210000052
Verification of XC' whether the X is returned to the mobile phone end with the step S22cIf yes, the identity of the cloud is legal; cloud passing formula
Figure GDA0002416858210000053
Verification of Xu' whether or not to communicate with X transmitted to cloud in step S21uAnd if so, the identity of the mobile phone end is legal.
Compared with the prior art, the invention has the following beneficial effects: according to the method, the local certificate is hidden in the residual storage space, the local index position is anchored, the cloud provides a relative index position method to hide and protect the local certificate, the random sub-identity certificate is generated to ensure that no reliable data position index is generated in the interaction process, the zero-knowledge proof method is used for ensuring that no information related to the certificate is leaked in the data interaction process to protect the certificate from being intercepted and stolen by a third party, and the mutual authentication of the cloud and the identity can be completed.
Detailed Description
The following specifically describes the technical means of the present invention.
The identity authentication method based on zero knowledge proof in HCE mode of the invention comprises the following steps,
s1, user application:
the user delivers the identity information ID and the related information X to the cloud for registration according to the requirement of the cloud application; cloud generates identity voucher (I) according to preset rulesj,Sj) And transmitted back to the user mobile phone; identity credential (I) to be obtained by a userj,Sj) The data index is stored in the storage device after being split into a plurality of parts in pairs, a data index T is generated, then the data index T is sent to the cloud for storage, and meanwhile, the data index is destroyed locally;
s2, information interaction:
s21, generating a random number r by the user through the mobile phoneuAnd using formula Xu=±ru 2mod n is calculated, and then the result X is calculateduThe current time t of the mobile phone is sent to the cloud end through the POS machine;
s22, the cloud generates a random array F ═ { F ═ according to time t1,F2,...,Fk}、Rc={E1,E2,...,EkAnd generating a random number rcAnd sorting out the parts through a random array to generate a sub-certificate, Sj'=C(SjF) with S) also being generatedj' corresponding Ij'=P(Sj') and then according to the random array and the data uploaded by the mobile phone endAn index T, which generates a cloud index T' Ch (F, T) transmitted to local use; then, X is calculatedc=±rc 2mod n; finally, the generated random array R is processedcCalculating the result XcAnd sending the index T' to the mobile phone end;
s23, the mobile phone side generates temporary calculation voucher through cloud index T' and local vernier index M
Figure GDA0002416858210000061
Using a random number ruCalculating
Figure GDA0002416858210000062
Is then destroyed
Figure GDA0002416858210000063
Regenerating a random array Ru={E1',E2',...,Ek'}; then Y is put inu、RuSending the data to a cloud end;
s24, cloud computing
Figure GDA0002416858210000064
And calculating the result YcSending back to the mobile phone end;
s25, mobile phone end passing formula
Figure GDA0002416858210000065
Verification of XC' whether the X is returned to the mobile phone end with the step S22cIf yes, the identity of the cloud is legal; cloud passing formula
Figure GDA0002416858210000066
Verification of Xu' whether or not to communicate with X transmitted to cloud in step S21uAnd if so, the identity of the mobile phone end is legal.
The following is a specific implementation of the present invention.
The invention provides an identity authentication method based on zero knowledge proof according to the particularity of an HCE mode and the relevant characteristics of an FFS protocol. Firstly, identity information is submitted by a user, two certificates are generated by a cloud end and are used for bidirectional authentication of the user and the cloud end, then interaction is carried out according to the scheme of improving the ZMAP provided by the invention in the daily use process, so that the identity authentication process is completed, and the method specifically comprises the following steps:
1. user application phase
In the user application stage, data transmission is usually performed with the cloud under a relatively secure environment, so that the cloud can be regarded as a trusted third party to issue information interaction certificates of both parties. The process of interaction at this time is shown in table 2:
TABLE 2 user application phase
Figure GDA0002416858210000067
Firstly, a user delivers an identity information ID and other information X to a cloud for registration according to the requirement of cloud application;
② cloud generates identity certificate (I) according to certain rulej,Sj) And transmitted back to the user mobile phone;
③ user will get (I)j,Sj) The index T is divided into a plurality of parts in pairs, the parts are stored in the residual space of the mass storage device in a scattered manner, then the index T is sent to the cloud storage, and the index T is destroyed locally.
Therefore, the information of any data index is not retained locally, so that the relevant information is prevented from being directly stolen by malicious software.
Meanwhile, in order to prevent the POS part from being attacked through monitoring and selecting for many times, when the mobile phone logs in other modes, the mobile phone part generates an index position M at random and sends the index to the cloud, and the cloud calculates the relative index position of T according to M. The locally reserved index position M does not expose the real storage location of the credentials at the mobile phone side, and can also prevent the POS side and the listener from selecting attacks to gradually discover the real index position, as shown in table 3.
TABLE 3 update Anchor points
Figure GDA0002416858210000071
2 information interaction phase
The FFS protocol is proved to be a unilateral authentication protocol by zero knowledge, and is converted into a bilateral mutual authentication protocol according to the relevant characteristics of the FFS protocol. The specific interaction process is shown in table 4:
table 4 authentication procedure
Figure GDA0002416858210000072
The process is described as follows:
① A random number r is generated by the useruAnd calculating Xu=±ru 2mod n, after which the result X will be calculateduThe sum time t is sent to the cloud end through the POS machine;
② cloud end uses t sent from the cloud end to generate random array F ═ { F ═ F1,F2,...,FkUsing the random array to pick out the part to generate a sub-certificate, Sj'=C(SjF) with S) also being generatedj' corresponding Ij'=P(Sj') and then generates an index T' Ch (F, T) which is transmitted to local use according to the random array and the data index T uploaded by the mobile phone. Generating a random array R for calculation by using tc={E1,E2,...,EkAnd generating a random number rcAnd using the same to calculate Xc=±rc 2mod n. Finally, the generated random array R is processedcCalculating the result XcAnd sending the index T' to the mobile phone end;
③ generating temporary computing certificate by cloud index T' and local vernier index M
Figure GDA0002416858210000081
Using initially generated ruCalculating
Figure GDA0002416858210000082
After which the temporary generation is destroyed
Figure GDA0002416858210000083
Regenerating a random array Ru={E1',E2',...,Ek'}; then Y is put inu、RuSending the data to a cloud end;
④ cloud computing
Figure GDA0002416858210000084
Sending back to the mobile phone end;
then the mobile phone end passes through the formula
Figure GDA0002416858210000085
Verification of XC' whether to communicate with step ② to return X of mobile phone endcIf yes, the identity of the cloud is legal; cloud passing formula
Figure GDA0002416858210000086
Verification of Xu' whether or not to communicate with the X passed to the cloud in step ①uAnd if so, the identity of the mobile phone end is legal.
The completeness, the rationality and the zero-knowledge of the algorithm of the Feige-Fait-Shamir identity recognition protocol-based FFS protocol are proved, and the FFS protocol has the following characteristics:
(1) the security depends on the security of the own secret key;
(2) adopting a segmentation selection technology, using random questions and answers according to the questions, thereby preventing man-in-the-middle attacks and replay attacks;
(3) due to the characteristic of zero knowledge, the safety is not reduced due to repeated use.
The Hash-Lock is easy to attack and track because the safety on a propagation channel cannot be fully ensured; document [20] has only one-way authentication capability, and the authenticatee cannot know whether the verifier is legitimate for the authenticated authenticatee. The method has the capability of bidirectional authentication and the capability of resisting man-in-the-middle attack.
Document [21] uses an elliptic curve cryptography scheme, where both parties need to keep a synchronized certificate, however, if the attacker intercepts the last confirmation message, the server and the local certificate cannot be matched, and thus, the server and the local certificate are paralyzed. The method used herein uses random numbers and random locations and does not require strong synchronization to the credentials.
Compared with the strengthened protocol randomness, the document [22] protects the local certificate, so that the local certificate has better security at the mobile phone end with weak local environment.
The randomness is strengthened. Because the random number in the computer system has the characteristic of pseudo-random, the random number R used in the FFS protocol can repeatedly appear in actual use to a certain extent, so that a man in the middle can try to break through by using a method for selecting plaintext attack. Thus, the text generates S locally by being directed by the cloudjWhen the substrings are used, a random method is used again, and the size and scale of the substrings can be selected according to the specific conditions of the user behaviors at the cloud, so that the possibility of selecting plaintext attack is further reduced. The following effects can be achieved according to the improved protocol:
lower spatiotemporal complexity. The Feige-Fait-Shamir identity recognition protocol has dynamic security, the security level is increased along with the increase of the number of verification problems, and the security level can be automatically regulated and controlled by the cloud. The time complexity is O (n) and the space complexity is O (n), the efficiency is high, and the method can be used under the condition that the mobile phone end possibly enters the situation of insufficient energy in the HCE mode. The protocol only adds a random sub S with constant time on the basis of the original protocoljThe generated part of the method maintains the characteristics of high efficiency and low energy consumption, and further enhances the safety of the method.
The transmission times of sensitive information are reduced, and the consumption of token resources is reduced. In the present case, the HCE mode mostly uses the Tokennization technique [23 ]]The technology needs to locally reserve one or more tokens, the generation of the tokens is carried out by a trusted third party, the data security of the tokens depends on the security of a network and the security environment of a mobile phone system and a mobile phone, the security of the mobile phone system is actually worried, and the data is easily acquired and transmitted after the root authority is acquired by malicious software. When interacting with the cloud, the token needs to be passed, and the token needs to be frequently passed to ensure the securityNew tokens, the consumption of token resources rapidly expands as the number of people and usage increases. And the requirement on POS machine equipment is very high, once the POS machine is broken, a third party can intercept the token, forge the token or destroy the token, and great trouble and even loss can be caused to a cloud service provider by a user. All I's that remain locally after the scheme herein is employedj,SjThe combination of the identity certificates can ensure the safety before being used up, and is one of the characteristics of a zero-knowledge proof scheme, so that the number of times of transmission and updating of key identity certificates on the network can be greatly reduced, the difficulty of intercepting and deciphering the identity certificates by a third party can be enhanced, and the requirements on the safety of an intermediate POS machine and the network are further reduced.
Protection of locally sensitive data. The protocol utilizes the characteristic that zero knowledge proof has certain fault tolerance, the token is stored in an unused part of the storage device in a scattered manner, and a pointer of the token is not reserved locally, so that from the system perspective, only one piece of unused data is provided, and even if malicious software acquires a root authority, the malicious software cannot know which data are token data and which data are invalid and useless data. Meanwhile, even if the system imposes part of space in which token data is stored, the characteristic of randomly selecting the sub-token for many times can be carried out according to the characteristic of the protocol, and the task of identity authentication can be ensured to be completed after interaction for many times. After a certain time, when the number of the sub-tokens is insufficient, the operation of updating the token can be performed again. Therefore, the method has certain protection capability on local data and can reduce the intensity requirement of token updating.
Preventing third parties from obtaining identity information. The protocol prevents the local token position from being acquired by a third party by updating the index anchor M in the non-service process. For a third party or a POS machine, the index position used in the protocol interaction process is not the actual storage position of the token, even if the same data of the token is different under different anchor points M, the index data transmitted in each interaction is unreliable and has no reference value. Meanwhile, the calculation result of the random token is used in the interaction process, and no information about the token is available, so that the POS machine and a monitor cannot steal the token and cannot forge the identity to cheat. When a third party launches DDoS attack on the cloud, due to the characteristics of zero knowledge proof, service for updating the token cannot be continuously provided, the token can be updated only when the cloud considers that the resource of the local token is exhausted, and the token cannot be continuously provided without being updated in a non-service state, so that malicious attack on the token resource by the third party is prevented.
The identity authentication scheme based on zero knowledge proof is provided aiming at the characteristics of an HCE mode of NFC, the local certificate is hidden in the residual storage space, the local index position is anchored, the cloud provides a relative index position method to hide and protect the local certificate, the random sub-identity certificate is generated to ensure that no reliable data position index is generated in the interaction process, the zero knowledge proof method is used for ensuring that the data interaction process does not leak any information related to the certificate to protect the certificate from being intercepted and stolen by a third party, and the mutual authentication between the cloud and the identity is completed in the above mode. Through analysis, the identity authentication scheme used in the method inherits that the time and space complexity of the FFS is only O (n), and has the advantage of dynamic security, and after a small amount of linear time is added, the security and the applicability of the identity authentication scheme in the HCE mode are further enhanced.
Reference documents:
[1] Ecma.ECMA-340.Near Field Communication Interface and Protocol (NFCIP-1) [ S ]. GENEVA: ecma International,2nd edition, 2004, month 12.
[2] Jiangxing, design and implementation of an NFC service framework based on an Android platform [ D ]. university of electronic technology, 2014.
[3] Pandan, development of NFC application system based on Android mobile phone [ D ]. university of south china, 2014.
[4]Pourghomi.Managing near field communication(NFC)paymentapplications through cloud computing[J].Brunel University,2014.
[5]Lepojevic B,Pavlovic B,Radulovic A.Implementing NFC servicesecurity–SE VS TEE VS HCE[C]//Symorg.2014.
[6]Coskun V,Ozdenizci B,Ok K.A Survey on Near Field Communication(NFC)Technology[J].Wireless Personal Communications,2013,71(3):2259-2294.
[7]K.Curran,A.Millar,and C.M.Garvey,"Near Field Communication,"International Journal of Electrical and Computer Engineering(IJECE),vol.2,no.3,Jun.2012.
[8]M.O.Derawi,S.McCallum,H.Witte,and P.Bours,"Biometric AccessControl using Near Field Communication and Smart Phones,"Biometrics(ICB),20125th IAPR International Conference on,2012.
[9] Application of the zhanbo HCE technology in mobile payments research [ D ]. seian university of electronic technology, 2014.
[10] Yang is a key technology research of campus card based on Android and NFC technology [ D ]. Beijing post and electric university, 2015.
[11]Chen W D,Mayes K E,Lien Y H,et al.NFC mobile payment with CitizenDigital Certificate[C]//The,International Conference on Next GenerationInformation Technology.IEEE,2011:120-126.
[12]Coskun V,Ozdenizci B,Ok K.A Survey on Near Field Communication(NFC)Technology[J].Wireless Personal Communications,2013,71(3):2259-2294.
[13]Alattar M,Achemlal M.Host-Based Card Emulation:Development,Security,and Ecosystem Impact Analysis[C]//High PERFORMANCE Computing andCommunications,2014 IEEE,Intl Symp on Cyberspace Safety and Security,2014IEEE,Intl Conf on Embedded Software and Syst.IEEE,2014:506-509.
[14] Rocoggan, design and implementation of NFC mobile payment management system [ D ]. beijing post and telecommunications university, 2015.
[15]GlobalPlatform Device Technology Trusted User Interface APIVersion 1.0[EB/OL].http://www.trustedcomputinggroup.org,2013.
[16] And 4, Rojing, research and realization of safe payment based on the trusted operating system of the intelligent terminal [ D ]. university of electronic technology, 2014.
[17]Blum M,Feldman P,Micali S.Non-Interactive Zero-Knowledge ProofSystems and Applications[M]//Non-interactive zero-knowledge and itsapplications.1988:103-112.
[18]Fiege,U,Fiat,et al.Zero knowledge proofs of identity[J].Journalof Cryptology,1988,1(2):77-94.
[19]Schnorr C P.Efficient signature generation by smart cards[J].Journal of Cryptology,1991,4(3):161-174.
[20]Syamsuddin I,Dillon T,Chang E,et al.A Survey of RFIDAuthentication Protocols Based on Hash-Chain Method[C]//InternationalConference on Convergence and Hybrid Information Technology.IEEE,2008:559-564.
[21]Martinez S,Valls M,Roig C,et al.A Secure Elliptic Curve-BasedRFID Protocol[J].Journal of Computer Science and Technology,2009,24(2):309-318.
[22] Wangkun, Zhouqing Lei, a new Internet of things under the RFID mutual authentication protocol [ J ]. Small-sized microcomputer system, 2015,36(4):732 once 738.
[23]Cha B,Kim J.Design of NFC Based Micro-payment to Support MDAuthentication and Privacy for Trade Safety in NFC Applications[C]//International Conference on Complex.IEEE Computer Society,2013:710-713.。
The above are preferred embodiments of the present invention, and all changes made according to the technical scheme of the present invention that produce functional effects do not exceed the scope of the technical scheme of the present invention belong to the protection scope of the present invention.

Claims (1)

1. An identity authentication method based on zero knowledge proof in HCE mode is characterized in that: comprises the following steps of (a) carrying out,
s1, user application:
the user delivers the identity information ID and the related information X to the cloud for registration according to the requirement of the cloud application; the cloud generates an identity certificate according to a preset rule (I j ,S j ) And transmitted back to the user mobile phone; identity credentials the user will get (I j ,S j ) Divided into several parts in pairsStoring the data into a storage device and generating a data indexTThen sending the data index to a cloud for storage, and destroying the data index locally;
s2, information interaction:
s21, generating a random number by the user through the mobile phoner u And using a formulaX u =±r u 2 modnCalculating, and then calculating the resultX u The current time t of the mobile phone is sent to the cloud end through the POS machine;
s22, the cloud generates a random array F ═ { F ═ according to time t1,F2,...,Fk}、Rc={E1,E2,...,EkAnd generating random numbersr c And sorting out parts by random arrays to generate sub-certificates, i.e.S j 'C(S j ,F)And also simultaneously generateS j 'Corresponding toI j 'P(S j ')Then, according to the random array and the data index uploaded by the mobile phone terminalTTo generate a cloud index for transmission to local useT'Ch(F,T)(ii) a Then, calculateX c =±r c 2 modn(ii) a Finally, the generated random array is processedR c Calculating the resultX c And an indexT'Sending the data to a mobile phone end;
s23, the mobile phone end indexes through the cloud endT'And local vernier index M to generate temporary computing certificate
Figure FDA0002405361550000011
Using random numbersr u Calculating
Figure FDA0002405361550000012
Is then destroyed
Figure FDA0002405361550000013
Regenerating random arrayR u ={E1',E2',...,Ek' }; then will beY u R u Sending the data to a cloud end;
s24, cloud computing
Figure FDA0002405361550000014
And will calculate the resultY c Sending back to the mobile phone end;
s25, mobile phone end passing formula
Figure FDA0002405361550000015
AuthenticationX C 'Whether to return the information to the mobile phone terminal in step S22X c If yes, the identity of the cloud is legal; cloud passing formula
Figure FDA0002405361550000016
AuthenticationX u 'Whether or not to communicate with the cloud terminal in step S21X u And if so, the identity of the mobile phone end is legal.
CN201710200926.9A 2017-03-30 2017-03-30 Identity authentication method based on zero-knowledge proof in HCE mode Active CN106888097B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710200926.9A CN106888097B (en) 2017-03-30 2017-03-30 Identity authentication method based on zero-knowledge proof in HCE mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710200926.9A CN106888097B (en) 2017-03-30 2017-03-30 Identity authentication method based on zero-knowledge proof in HCE mode

Publications (2)

Publication Number Publication Date
CN106888097A CN106888097A (en) 2017-06-23
CN106888097B true CN106888097B (en) 2020-08-11

Family

ID=59181375

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710200926.9A Active CN106888097B (en) 2017-03-30 2017-03-30 Identity authentication method based on zero-knowledge proof in HCE mode

Country Status (1)

Country Link
CN (1) CN106888097B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107464105A (en) * 2017-09-15 2017-12-12 深圳天珑无线科技有限公司 Device pays interactive authentication method and its system
CN110932846B (en) * 2019-06-25 2022-07-22 南京汽车集团有限公司 Vehicle-mounted virtual key communication method
CN113360948A (en) * 2021-06-30 2021-09-07 令牌云(上海)科技有限公司 Method and device for protecting user secret data

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100769482B1 (en) * 2000-06-05 2007-10-24 피닉스 테크놀로지 리미티드 Systems, methods and software for remote password authentication using multiple servers
CN101969377B (en) * 2010-10-09 2012-09-05 成都市华为赛门铁克科技有限公司 Zero-knowledge identity authentication method and system
CN102231666A (en) * 2011-06-29 2011-11-02 电子科技大学 Zero knowledge identity authentication method based on strong primes
KR101428865B1 (en) * 2012-10-25 2014-08-12 순천향대학교 산학협력단 Zero Knowledge Proof System and Method based on NTRU For the Protection of NFC Mobile Payment Information
CN105024823B (en) * 2015-07-27 2018-03-23 中国船舶重工集团公司第七0九研究所 User identity method for secret protection and system based on zero-knowledge proof

Also Published As

Publication number Publication date
CN106888097A (en) 2017-06-23

Similar Documents

Publication Publication Date Title
US8689290B2 (en) System and method for securing a credential via user and server verification
US8214890B2 (en) Login authentication using a trusted device
CN103020825B (en) A kind of secure payment authentication method based on software client
CN107148019B (en) It is a kind of for connecting the method and apparatus of wireless access point
US20120211558A1 (en) System and method for binding a smartcard and a smartcard reader
WO2001084761A1 (en) Method for securing communications between a terminal and an additional user equipment
CN113301022B (en) Internet of things equipment identity security authentication method based on block chain and fog calculation
CN110147666B (en) Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform
CN110020524A (en) A kind of mutual authentication method based on smart card
Tsai et al. The application of multi-server authentication scheme in internet banking transaction environments
CN102710611A (en) Network security authentication method and system
CN106888097B (en) Identity authentication method based on zero-knowledge proof in HCE mode
CN109359464A (en) A kind of wireless security authentication method based on block chain technology
Ma NFC Communications-based Mutual Authentication Scheme for the Internet of Things.
CN110572392A (en) Identity authentication method based on HyperLegger network
CN106230840A (en) A kind of command identifying method of high security
Han et al. Efficient multifactor two-server authenticated scheme under mobile cloud computing
Ivanov et al. AutoThing: A Secure Transaction Framework for Self-Service Things
Ahamad et al. A biometric based secure mobile payment framework
Ngo et al. Formal verification of a secure mobile banking protocol
Arnosti et al. Secure physical access with NFC-enabled smartphones
Ji et al. Improved Chameleon: A Lightweight Method for Identity Verification in Near Field Communication
Gruntz et al. MOONACS: a mobile on-/offline NFC-based physical access control system
Fan et al. A Near Field Communication (NFC) security model based on OSI reference model
Me Security overview for m-payed virtual ticketing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 350108 Room 132, Room 1, Building 10, Innovation Park, Haixi High-tech Industrial Park, East Science and Technology Road, Minhou County, Fuzhou City, Fujian Province

Applicant after: BEIJING BEIKA TECHNOLOGY Co.,Ltd.

Address before: 350108 Room 132, Room 1, Building 10, Innovation Park, Haixi High-tech Industrial Park, East Science and Technology Road, Minhou County, Fuzhou City, Fujian Province

Applicant before: FUJIAN NORCA TECH Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant