CN108737099B - 虎符密钥认证技术方法 - Google Patents
虎符密钥认证技术方法 Download PDFInfo
- Publication number
- CN108737099B CN108737099B CN201710259165.4A CN201710259165A CN108737099B CN 108737099 B CN108737099 B CN 108737099B CN 201710259165 A CN201710259165 A CN 201710259165A CN 108737099 B CN108737099 B CN 108737099B
- Authority
- CN
- China
- Prior art keywords
- authentication
- tiger
- private key
- user
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本发明为虎符密钥认证技术方法,属于信息安全技术领域,涉及密钥认证体制。当前的认证方法主要有证书认证、标识认证、基于标识的证书认证。不管对于哪种认证体制,在用户的认证设备丢失的情况下,一般需要进行挂失,这就使得认证过程无法去中心化,为此,我们发明了虎符密钥认证技术方法。本发明用户的工作私钥为多组。本发明认证过程去中心化,支持进程认证、现场认证、及时认证、快速认证。
Description
技术领域
本发明属于信息安全技术领域,涉及密钥认证体制。
背景技术
当前的正在应用的认证体制主要有PKI、IBC、CFL认证体制。PKI是证书认证体制,IBC是标识认证体制,CFL是基于标识的证书认证体制。不管对于哪种认证体制,在用户的认证设备丢失的情况下,一般需要进行挂失。这就需要认证中心存储认证设备的挂失信息,在用户之间认证时,都要到认证中心访问被认证方的挂失信息,这种认证方式,使得认证过程无法去中心化,不能支持进程认证、现场认证、及时认证、快速认证等问题,且认证资源消耗大,不能满足当前大规模网络认证的需求,为此,我们发明了虎符密钥认证技术方法。
发明内容
本发明目的是给出一种认证过程去中心化,支持进程认证、现场认证、及时认证、快速认证的认证方法。本发明为虎符密钥认证技术方法,解决了上述需求。
本发明描述如下:
(1)用户的工作私钥由两组构成,即虎符私钥1、虎符私钥2;
(2)虎符私钥1对应的虎符公钥1可绑定在用户的证书中,或者标识中;虎符私钥2对应的虎符公钥2同样可绑定在用户的证书中,或者标识中;
(3)用户的认证设备在应用时,内部含有虎符私钥1,从认证设备外部安全输入虎符私钥2;在离线时,虎符私钥2自动从认证设备中消失;
(4)虎符私钥1的签名、虎符私钥2的签名以及它们的动态签名都认证通过后,才能认证通过;此处的动态签名是在认证设备应用时,添加时间戳的再次扩展签名;
(5)本发明中的认证设备在离线丢失情况下,无需挂失,重新申请即可;
(6)本发明可用于证书认证、标识认证、基于标识的证书认证中。
虎符密钥认证技术方法的安全性分析:
命题1 虎符密钥认证技术方法,理论上是可证明安全的。
命题2 虎符密钥认证技术方法是满足统计零知识交互的。
命题3 本发明中的认证设备在离线丢失情况下,无需挂失,仍然是安全的。
证明 因为在认证设备离线丢失的情况下,虎符私钥2仍然是保密的,因此是安全的。
命题4 本发明中的认证过程是可以去中心化的。
证明 由命题3可知,因为无须挂失仍是安全的,因此,本命题成立。
命题5 本发明满足认证过程去中心化,支持进程认证、现场认证、及时认证、快速认证。
证明 由命题4可知,本命题成立。
Claims (1)
1.一种认证技术方法,其特征在于包括:
虎符私钥认证技术方法:
(1)用户的工作私钥由两组构成,即虎符私钥1、虎符私钥2;
(2)虎符私钥1对应的虎符公钥1,可绑定在用户的证书中,或者标识中;虎符私钥2对应的虎符公钥2,同样可绑定在用户的证书中,或者标识中;
(3)用户的认证设备在应用时,内部含有虎符私钥1,从认证设备外部安全输入虎符私钥2;在离线时,虎符私钥2自动从认证设备中消失;
(4)虎符私钥1的签名、虎符私钥2的签名以及它们的动态签名都认证通过后,才能认证通过;此处的动态签名是在认证设备应用时,添加时间戳的再次扩展签名;
(5)本方法中的认证设备在离线丢失情况下,无需挂失,重新申请即可;
(6)本方法可用于证书认证、标识认证。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710259165.4A CN108737099B (zh) | 2017-04-20 | 2017-04-20 | 虎符密钥认证技术方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710259165.4A CN108737099B (zh) | 2017-04-20 | 2017-04-20 | 虎符密钥认证技术方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108737099A CN108737099A (zh) | 2018-11-02 |
CN108737099B true CN108737099B (zh) | 2021-04-30 |
Family
ID=63925386
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710259165.4A Active CN108737099B (zh) | 2017-04-20 | 2017-04-20 | 虎符密钥认证技术方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108737099B (zh) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102170357A (zh) * | 2011-05-31 | 2011-08-31 | 北京虎符科技有限公司 | 组合密钥动态安全管理系统 |
CN103546284A (zh) * | 2012-07-10 | 2014-01-29 | 北京虎符科技有限公司 | 虎符令牌认证系统 |
CN105247833A (zh) * | 2013-05-16 | 2016-01-13 | 迅安科技私人有限公司 | 自认证设备与方法 |
WO2016177674A1 (en) * | 2015-05-01 | 2016-11-10 | Assa Abloy Ab | Wearable misplacement |
CN106161035A (zh) * | 2016-06-07 | 2016-11-23 | 北京博文广成信息安全技术有限公司 | Cfl个人隐私保护模式实现方法 |
-
2017
- 2017-04-20 CN CN201710259165.4A patent/CN108737099B/zh active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102170357A (zh) * | 2011-05-31 | 2011-08-31 | 北京虎符科技有限公司 | 组合密钥动态安全管理系统 |
CN103546284A (zh) * | 2012-07-10 | 2014-01-29 | 北京虎符科技有限公司 | 虎符令牌认证系统 |
CN105247833A (zh) * | 2013-05-16 | 2016-01-13 | 迅安科技私人有限公司 | 自认证设备与方法 |
WO2016177674A1 (en) * | 2015-05-01 | 2016-11-10 | Assa Abloy Ab | Wearable misplacement |
CN106161035A (zh) * | 2016-06-07 | 2016-11-23 | 北京博文广成信息安全技术有限公司 | Cfl个人隐私保护模式实现方法 |
Non-Patent Citations (1)
Title |
---|
CFL认证体制及其在区块链中的应用;杜春玲、范修斌;《信息安全研究》;20170331;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN108737099A (zh) | 2018-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104735068B (zh) | 基于国密的sip安全认证的方法 | |
WO2010077910A3 (en) | Enhanced security for direct link communications | |
CN101917272B (zh) | 一种邻居用户终端间保密通信方法及系统 | |
WO2015157693A3 (en) | System and method for an efficient authentication and key exchange protocol | |
CN102682506A (zh) | 基于对称密码技术的智能蓝牙门禁控制方法及装置 | |
CN105721153B (zh) | 基于认证信息的密钥交换系统及方法 | |
CN104202170B (zh) | 一种基于标识的身份认证系统和方法 | |
CN102664739A (zh) | 一种基于安全证书的pki实现方法 | |
CN101814991A (zh) | 基于身份的双向认证方法及系统 | |
CN105790938A (zh) | 基于可信执行环境的安全单元密钥生成系统及方法 | |
CN103634265B (zh) | 安全认证的方法、设备及系统 | |
CN111314074A (zh) | 基于秘密共享和时间戳的量子保密通信密钥分发和协商系统 | |
CN102036235A (zh) | 一种用于身份认证的装置和方法 | |
CN103338202A (zh) | 一种基于智能卡的远程用户密码双重验证方法 | |
CN107733747A (zh) | 面向多业务承载的公共通信接入系统 | |
CN102045716B (zh) | 一种无线局域网中端站的安全配置方法和系统 | |
CN103916363A (zh) | 加密机的通讯安全管理方法和系统 | |
CN111182497A (zh) | V2x匿名认证方法、设备及存储介质 | |
CN106357394A (zh) | 一种母pos灌装密钥的安全方法 | |
CN112671710A (zh) | 一种基于国密算法的安全加密装置、双向认证及加密方法 | |
CN103856330A (zh) | 一种基于非对称加密体系的集群组呼密钥分发的方法 | |
CN107070642A (zh) | 多品牌密码机异构资源池复用技术 | |
CN103354637B (zh) | 一种物联网终端m2m通信加密方法 | |
CN106789845A (zh) | 一种网络数据安全传输的方法 | |
CN104753682A (zh) | 一种会话秘钥的生成系统及方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |