CN108737390A - Protect the authentication method and system of user name privacy - Google Patents

Protect the authentication method and system of user name privacy Download PDF

Info

Publication number
CN108737390A
CN108737390A CN201810412772.4A CN201810412772A CN108737390A CN 108737390 A CN108737390 A CN 108737390A CN 201810412772 A CN201810412772 A CN 201810412772A CN 108737390 A CN108737390 A CN 108737390A
Authority
CN
China
Prior art keywords
server
user name
sent
controller
median
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810412772.4A
Other languages
Chinese (zh)
Other versions
CN108737390B (en
Inventor
马莎
凌云浩
董家辉
黄琼
李西明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Rongzhan Information Technology Co ltd
Original Assignee
South China Agricultural University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China Agricultural University filed Critical South China Agricultural University
Priority to CN201810412772.4A priority Critical patent/CN108737390B/en
Publication of CN108737390A publication Critical patent/CN108737390A/en
Application granted granted Critical
Publication of CN108737390B publication Critical patent/CN108737390B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Abstract

The invention discloses it is a kind of protection user name privacy authentication method and system, the method includes:Client is encrypted the user name of registration and is sent to controller;The user name ciphertext of registration is sent to first server by controller;Client is encrypted the user name of login and is sent to controller;The user name ciphertext of login is sent to second server by controller;First server calculates the first median and is sent to second server according to the user name ciphertext of registration;Second server calculates the second median and is sent to first server according to the user name ciphertext of login;First server calculates the first end value and is sent to controller according to the second median;Second server calculates the second end value and is sent to controller according to the first median;Controller judges whether user identity is legal according to the first end value and the second end value.The present invention can be resisted effectively and be resumed the attack under line, significantly increase safety.

Description

Protect the authentication method and system of user name privacy
Technical field
The present invention relates to a kind of authentication method and systems, especially a kind of to protect the authentication method of user name privacy and be System, belongs to the security fields of user name.
Background technology
With popularizing for internet, information system need to identify user's body when providing Internet resources by authentication The legitimacy of part --- only validated user is just allowed to use the Internet resources.As the first guard of system safety, identity The effect of authentication techniques is especially prominent.The identity identifying technology of mainstream has static password mode, dynamic password, smart card at present Certification, USB Key certifications, biological characteristic authentication and multifactor authentication.Smart card authentication, USB Key certifications, biology Though the technologies such as feature verification can realize safe and reliable authentication, must all use specific hardware device, have compared with Big limitation.
Make in view of this, user name encrypted code is still most widely used for network user in website, software and mobile phone Identity ensures that the safety of user account is very important for enterprise.Currently, enterprise's protection user account is main Means are to carry out symmetric cryptography, using hash function algorithm, PBKDF2 algorithms and BCRYPT algorithms etc. to user password.These Though scheme protects user password, user name to store in the database all in the form of plaintext, entirely authenticated well Journey, there is no any protection, is easy to send out in currently widely used cell-phone number is as the system of user name to the operation of user name Raw leakage of information.
The safety of protection user name starts to be taken seriously, and has Chinese invention patent application (application number: CN201610311876.7, publication date 2016.08.24) a kind of user name that proposes and encrypted message encryption and authentication Method, this method are first by user name and password into storage to database after row information encryption, when each user logs in all Need with same information ciphering method generate encryption information be compared with the information in database, comparison result be it is identical, Then user is allowed to log in.However, the patent requirements encryption method must being to determine property.Key storage based on symmetric cryptography Expense is excessive not to be difficult to resist the problems such as message recovery is attacked under line very much with user's name space in practical application, weighs system The safety of storage overhead and system, selection use asymmetric encryption.In practical applications, if using probabilistic non- Symmetric encryption method will be fallen into subscriber authentication by the user name of public key encryption together with the mandate generated by private key for user Door is sent to server together, after server receives the ciphertext transmitted by user terminal, is carried out etc. with the content of ciphertext database Value is tested --- in ciphertext database search with the presence or absence of the ciphertext generated by same plaintext.However it is difficult under single server mode It is resumed the attack under line with resisting, because the server can complete alone equivalent test:Given some ciphertext C and user's awards Trapdoor is weighed, server can be by way of exhaustive plaintext, the ciphertext C' generated in plain text with conjecture, testing results algorithm, directly Until searching out the C' being successfully tested with ciphertext C, to learn the cleartext information in ciphertext, cause the leakage of information.
Invention content
The purpose of the present invention is to solve in place of above-mentioned the deficiencies in the prior art, a kind of protection user name privacy is provided Authentication method, this method can resist effectively and be resumed the attack under line, significantly increase safety, can at present mostly Number user name encrypted code system is connected to each other.
Another object of the present invention is to provide a kind of Verification Systems of protection user name privacy.
The purpose of the present invention can be reached by adopting the following technical scheme that:
A kind of authentication method of protection user name privacy, the method includes:
Client is encrypted the user name of registration and is sent to controller;
The user name ciphertext of registration is sent to first server by controller;
Client is encrypted the user name of login and is sent to controller;
The user name ciphertext of login is sent to second server by controller;
First server calculates the first median and is sent to second server according to the user name ciphertext of registration;
Second server calculates the second median and is sent to first server according to the user name ciphertext of login;
First server calculates the first end value and is sent to controller according to the second median;
Second server calculates the second end value and is sent to controller according to the first median;
Controller judges whether user identity is legal according to the first end value and the second end value.
Further, the user name of registration is encrypted and is sent to controller in the client, specifically includes:
When user is in the user name M of client input registrationiAfterwards, client calculates the cryptographic Hash H of the user name of registration (Mi);
Client obtains first server public key X=g1 x1g2 x2, and obtain second server public key Y=g1 y1g2 y2, with Machine selects ri ∈ Zp, modular multiplication component, mould exponentiation component are called, the user name ciphertext C of registration is calculatedi1=g1 ri, Ci2=g2 ri, Ci3 =(g1 x1g2 x2)ri(g1 y1g2 y2)riH(Mi);
The user name ciphertext of registration is respectively transmitted to controller by client.
Further, the user name of login is encrypted and is sent to controller in the client, specifically includes:
As the user name M that user logs in client inputjAfterwards, client calculates the cryptographic Hash H of the user name logged in (Mj);Client obtains first server public key X=g1 x1g2 x2, and obtain second server public key Y=g1 y1g2 y2, at random Select rj ∈ Zp, modular multiplication component, mould exponentiation component are called, the user name ciphertext C of login is calculatedj1=g1 rj, Cj2=g2 rj, Cj3= (g1 x1g2 x2)rj(g1 y1g2 y2)rjH(Mj);
The user name ciphertext of login is respectively transmitted to controller by client.
Further, the first server is according to the user name ciphertext of registration, calculates the first median and is sent to the Two servers, specifically include:
First server randomly chooses r1S∈Gp, use its private key, CiAnd r1S, call modular multiplication component, mould exponentiation component Calculate the first median, such as following formula:
IV1S=((Ci1)x1﹡ (Ci2)x2)-1﹡ r1S=((g1 ri)x1﹡ (g2 ri)x2)-1﹡ r1S=(g1 x1g2 x2)-ri﹡ r1S
First server is by IV1SAnd CiIt is sent to second server.
Further, the second server is according to the user name ciphertext of login, calculates the second median and is sent to the One server, specifically includes:
Second server randomly chooses r2S∈Gp, use its private key, CjAnd r2S, call modular multiplication component, mould exponentiation component Calculate the second median, such as following formula:
IV2S=((Cj1)y1﹡ (Cj2)y2)-1﹡ r2S=((g1 rj)y1﹡ (g2 rj)y2)-1﹡ r2S=(g1 y1g2 y2)-rj﹡ r2S
Second server is by IV2SAnd CjIt is sent to first server.
Further, the first server calculates the first end value and is sent to controller according to the second median, It specifically includes:
First server receives the second median IV2S, use its private key, Cj、r1SAnd IV2S, calling modular multiplication component, Mould exponentiation component calculates the first end value, such as following formula:
FV1S=Cj3﹡ IV2S﹡ ((Cj1)x1﹡ (Cj2)x2)-1﹡ r1S=Cj3﹡ IV2S﹡ ((g1 rj)x1﹡ (g2 rj)x2)-1
r1S=H (Mj) ﹡ r2S﹡ r1S
First server is by FV1SIt is sent to controller.
Further, the second server calculates the second end value and is sent to controller according to the first median, It specifically includes:
Second server receives the first median IV1S, use its private key, Ci、r2SAnd IV1S, calling modular multiplication component, Mould exponentiation component calculates the second end value, such as following formula:
FV2S=Ci3﹡ IV1S﹡ ((Ci1)y1﹡ (Ci2)y2)-1﹡ r2S=Ci3﹡ IV1S﹡ ((g1 ri)y1﹡ (g2 ri)y2)-1
r2S=H (Mi) ﹡ r1S﹡ r2S
Second server is by FV2SIt is sent to controller.
Further, the controller judges whether user identity is legal according to the first end value and the second end value, It specifically includes:
Controller compares the first end value and the second end value, if the first end value is equal to the second end value, judges to close Otherwise method judges illegal.
Further, the method further includes before client encryption:
First server and second server call modular multiplication component, mould exponentiation component to generate respective key pair respectively.
Another object of the present invention can be reached by adopting the following technical scheme that:
It is a kind of protection user name privacy Verification System, the system comprises client, controller, first server and Second server;
The client is encrypted for the user name to registration and is sent to controller, and the user to login Name is encrypted and is sent to controller;
The controller, for the user name ciphertext of registration to be sent to first server, by the user name ciphertext of login Be sent to second server, and the first end value and second server sent according to first server send second most Final value judges whether user identity is legal;
The first server calculates the first median and is sent to the second clothes for the user name ciphertext according to registration Business device, and according to the second median of second server transmission, calculate the first end value and be simultaneously sent to controller;
The second server calculates the second median and is sent to the first clothes for the user name ciphertext according to login Business device, and according to the first median of first server transmission, calculate the second end value and be simultaneously sent to controller.
The present invention has following advantageous effect compared with the existing technology:
1, the two server paralleling model taken of the present invention, on the one hand two servers can concurrent operation, efficiency is more double Server series model is high;On the other hand the series model of two servers can lead to the back-end services that can obtain test result Device right is excessive, and front-end server, which can not be prevented, to be initiated the back-end server that message recovery under line is attacked and utilized, and in parallel Pattern then evades such situation well.
2, the present invention is based on the examples of Decisional Diffie-Hellman assumption, replace current mainstream using modular multiplication It is equivalent test applied Bilinear map operation, therefore operational efficiency is tested than the support equivalence constructed based on Bilinear map Public key cryptography scheme it is high, it is most important that, two servers can not learn test result, therefore can effectively resist line Under resume the attack, significantly increase safety.
Description of the drawings
Fig. 1 is the flow diagram of the authentication method of the protection user name privacy of the embodiment of the present invention 1.
Fig. 2 is registration phase flow chart in the authentication method of the protection user name privacy of the embodiment of the present invention 1.
Entry stage flow chart in the authentication method of the protection user name privacy of Fig. 3 embodiment of the present invention 1.
Fig. 4 is the Verification System structure diagram of the protection user name privacy of the embodiment of the present invention 2.
Specific implementation mode
Present invention will now be described in further detail with reference to the embodiments and the accompanying drawings, but embodiments of the present invention are not It is limited to this.
Embodiment 1:
As shown in FIG. 1 to 3, a kind of authentication method of protection user name privacy is present embodiments provided, this method includes Following steps:
(1) key generates
First server calls modular multiplication component, mould exponentiation component to generate the key pair (pk of oneself1S=X=g1 x1g2 x2, sk1S=(x1,x2)), and by pk1SIt is open.
Second server calls modular multiplication component, mould exponentiation component to generate respective key pair
(2) it encrypts
A, registration phase
1) user passes through client registers;
2) user name of registration is encrypted and is sent to controller in client, specifically includes:
2.1) user name M of the user in client input registrationi
2.2) client calculates the cryptographic Hash H (M of the user name of registrationi);
2.3) client obtains first server public key X=g1 x1g2 x2, and obtain second server public key Y= g1 y1g2 y2, random selection ri ∈ Zp, modular multiplication component, mould exponentiation component are called, the user name ciphertext C of registration is calculatedi1=g1 ri, Ci2 =g2 ri, Ci3=(g1 x1g2 x2)ri(g1 y1g2 y2)riH(Mi);
3) the user name ciphertext of registration is sent to first server by controller, by first server storage to ciphertext number According in library.
B, entry stage
1) user is logged in by client;
2) user name of login is encrypted and is sent to controller in client, specifically includes:
2.1) the user name M that user logs in client inputj
2.2) client calculates the cryptographic Hash H (M of the user name logged inj);
3.2) controller obtains first server public key X=g1 x1g2 x2, and obtain second server public key Y= g1 y1g2 y2, random selection rj ∈ Zp, modular multiplication component, mould exponentiation component are called, the user name ciphertext C of login is calculatedj1=g1 rj, Cj2 =g2 rj, Cj3=(g1 x1g2 x2)rj(g1 y1g2 y2)rjH(Mj);
3) the user name ciphertext of login is sent to second server by controller, by second server storage to ciphertext number According in library.
(3) it inquires
The search algorithm of the present embodiment is an agreement, and first server, second server and controller is needed to interact At.
1) first server calculates the first median and is sent to second server, have according to the user name ciphertext of registration Body includes:
1.1) first server randomly chooses r1S∈Gp, use its private key, CiAnd r1S, call modular multiplication component, mould exponentiation Component calculates the first median, such as following formula:
IV1S=((Ci1)x1﹡ (Ci2)x2)-1﹡ r1S=((g1 ri)x1﹡ (g2 ri)x2)-1﹡ r1S=(g1 x1g2 x2)-ri﹡ r1S
1.2) first server is by IV1SAnd CiIt is sent to second server.
2) second server calculates the second median and is sent to first server, have according to the user name ciphertext of login Body includes:
2.1) second server randomly chooses r2S∈Gp, use its private key, CjAnd r2S, call modular multiplication component, mould exponentiation Component calculates the second median, such as following formula:
IV2S=((Cj1)y1﹡ (Cj2)y2)-1﹡ r2S=((g1 rj)y1﹡ (g2 rj)y2)-1﹡ r2S=(g1 y1g2 y2)-rj﹡ r2S
2.2) second server is by IV2SAnd CjIt is sent to first server.
Above-mentioned steps 1) and step 2) in the operation of first server and second server be carried out at the same time, have no elder generation Point afterwards.
3) first server calculates the first end value and is sent to controller, specifically include according to the second median:
3.1) first server receives the second median IV2S, use its private key, Cj、r1SAnd IV2S, call modular multiplication Component, mould exponentiation component calculate the first end value, such as following formula:
FV1S=Cj3﹡ IV2S﹡ ((Cj1)x1﹡ (Cj2)x2)-1﹡ r1S=Cj3﹡ IV2S﹡ ((g1 rj)x1﹡ (g2 rj)x2)-1
r1S=H (Mj) ﹡ r2S﹡ r1S
3.2) first server is by FV1SIt is sent to controller.
4) second server calculates the second end value and is sent to controller, specifically include according to the first median:
4.1) second server receives the first median IV1S, use its private key, Ci、r2SAnd IV1S, call modular multiplication Component, mould exponentiation component calculate the second end value, such as following formula:
FV2S=Ci3﹡ IV1S﹡ ((Ci1)y1﹡ (Ci2)y2)-1﹡ r2S=Ci3﹡ IV1S﹡ ((g1 ri)y1﹡ (g2 ri)y2)-1
r2S=H (Mi) ﹡ r1S﹡ r2S
4.2) second server is by FV2SIt is sent to controller.
It is understood that above-mentioned steps 3) and step 4) in the operation of first server and second server be simultaneously It carries out, has no point of priority.
5) controller judges whether user identity is legal, specifically includes according to the first end value and the second end value:
Controller compares the first end value FV1SWith the second end value FV2SIf the first end value is equal to the second end value, That is FV1S=FV2S, then it is legal to judge, allows user to log at this time, otherwise, judges illegal, does not allow user to log at this time.
Embodiment 2:
As shown in figure 4, present embodiments providing a kind of Verification System of protection user name privacy, the system and above-mentioned side Method is corresponding comprising client, controller, first server and second server;
The client has encrypting module, and controller is encrypted and be sent to for the user name to registration, and The user name of login is encrypted and is sent to controller;
The controller has query execution module, will for the user name ciphertext of registration to be sent to first server The user name ciphertext of login is sent to second server, and the first end value sent according to first server and second takes The second end value that business device is sent, judges whether user identity is legal;
The first server calculates the first median and is sent to the second clothes for the user name ciphertext according to registration Business device, and according to the second median of second server transmission, calculate the first end value and be simultaneously sent to controller;
The second server calculates the second median and is sent to the first clothes for the user name ciphertext according to login Business device, and according to the first median of first server transmission, calculate the second end value and be simultaneously sent to controller.
Term " first ", " second " etc. used in the system of the various embodiments described above can be used for describing various parts, but this A little components should not be limited by these terms.These terms are only used to distinguish first component and another component.For example, Without departing from the scope of the invention, first server can be referred to as and is known as second server, and similarly, it can Second server is known as first server, first server and second server both server, but it is not same Server, such as first server are used as left end server, and second server is used as right end server.
In conclusion the two server paralleling model that the present invention takes, on the one hand two servers can concurrent operation, Efficiency is high compared with two server series model;On the other hand the series model of two servers can lead to that test result can be obtained Back-end server right is excessive, and front-end server can not prevent the back-end server institute profit for being initiated that message recovery is attacked under line With, and paralleling model then evades such situation well;In addition, the present invention is based on Decisional Diffie-Hellman assumptions Example replaces the equivalent of current mainstream to test applied Bilinear map operation using modular multiplication, therefore operational efficiency compares base It is high in the public key cryptography scheme of the support equivalence test of Bilinear map construction, it is most important that, two servers can not be learnt Test result, therefore can effectively resist and resume the attack under line, significantly increase safety.
The above, patent preferred embodiment only of the present invention, but the protection domain of patent of the present invention is not limited to This, any one skilled in the art is in the range disclosed in patent of the present invention, according to the skill of patent of the present invention Art scheme and its inventive concept are subject to equivalent substitution or change, belong to the protection domain of patent of the present invention.

Claims (10)

1. a kind of authentication method of protection user name privacy, it is characterised in that:The method includes:
Client is encrypted the user name of registration and is sent to controller;
The user name ciphertext of registration is sent to first server by controller;
Client is encrypted the user name of login and is sent to controller;
The user name ciphertext of login is sent to second server by controller;
First server calculates the first median and is sent to second server according to the user name ciphertext of registration;
Second server calculates the second median and is sent to first server according to the user name ciphertext of login;
First server calculates the first end value and is sent to controller according to the second median;
Second server calculates the second end value and is sent to controller according to the first median;
Controller judges whether user identity is legal according to the first end value and the second end value.
2. a kind of authentication method of protection user name privacy according to claim 1, it is characterised in that:The client pair The user name of registration is encrypted and is sent to controller, specifically includes:
When user is in the user name M of client input registrationiAfterwards, client calculates the cryptographic Hash H (M of the user name of registrationi);
Client obtains first server public key X=g1 x1g2 x2, and obtain second server public key Y=g1 y1g2 y2, random to select Select ri ∈ Zp, modular multiplication component, mould exponentiation component are called, the user name ciphertext C of registration is calculatedi1=g1 ri, Ci2=g2 ri, Ci3= (g1 x1g2 x2)ri(g1 y1g2 y2)riH(Mi);
The user name ciphertext of registration is respectively transmitted to controller by client.
3. a kind of authentication method of protection user name privacy according to claim 1, it is characterised in that:The client pair The user name of login is encrypted and is sent to controller, specifically includes:
As the user name M that user logs in client inputjAfterwards, client calculates the cryptographic Hash H (M of the user name logged inj);Visitor Family end obtains first server public key X=g1 x1g2 x2, and obtain second server public key Y=g1 y1g2 y2, random selection rj ∈ Zp, modular multiplication component, mould exponentiation component are called, the user name ciphertext C of login is calculatedj1=g1 rj, Cj2=g2 rj, Cj3=(g1 x1g2 x2)rj (g1 y1g2 y2)rjH(Mj);
The user name ciphertext of login is respectively transmitted to controller by client.
4. a kind of authentication method of protection user name privacy according to claim 1, it is characterised in that:The first service Device calculates the first median and is sent to second server, specifically include according to the user name ciphertext of registration:
First server randomly chooses r1S∈Gp, use its private key, CiAnd r1S, modular multiplication component, mould exponentiation component is called to calculate First median, such as following formula:
IV1S=((Ci1)x1﹡ (Ci2)x2)-1﹡ r1S=((g1 ri)x1﹡ (g2 ri)x2)-1﹡ r1S=(g1 x1g2 x2)-ri﹡ r1S
First server is by IV1SAnd CiIt is sent to second server.
5. a kind of authentication method of protection user name privacy according to claim 1, it is characterised in that:The second service Device calculates the second median and is sent to first server, specifically include according to the user name ciphertext of login:
Second server randomly chooses r2S∈Gp, use its private key, CjAnd r2S, modular multiplication component, mould exponentiation component is called to calculate Second median, such as following formula:
IV2S=((Cj1)y1﹡ (Cj2)y2)-1﹡ r2S=((g1 rj)y1﹡ (g2 rj)y2)-1﹡ r2S=(g1 y1g2 y2)-rj﹡ r2S
Second server is by IV2SAnd CjIt is sent to first server.
6. a kind of authentication method of protection user name privacy according to claim 1, it is characterised in that:The first service Device calculates the first end value and is sent to controller, specifically include according to the second median:
First server receives the second median IV2S, use its private key, Cj、r1SAnd IV2S, call modular multiplication component, mould exponentiation Component calculates the first end value, such as following formula:
FV1S=Cj3﹡ IV2S﹡ ((Cj1)x1﹡ (Cj2)x2)-1﹡ r1S=Cj3﹡ IV2S﹡ ((g1 rj)x1﹡ (g2 rj)x2)-1﹡ r1S=H (Mj)*r2S* r1S
First server is by FV1SIt is sent to controller.
7. a kind of authentication method of protection user name privacy according to claim 1, it is characterised in that:The second service Device calculates the second end value and is sent to controller, specifically include according to the first median:
Second server receives the first median IV1S, use its private key, Ci、r2SAnd IV1S, call modular multiplication component, mould exponentiation Component calculates the second end value, such as following formula:
FV2S=Ci3﹡ IV1S﹡ ((Ci1)y1﹡ (Ci2)y2)-1﹡ r2S=Ci3﹡ IV1S﹡ ((g1 ri)y1﹡ (g2 ri)y2)-1﹡ r2S=H (Mi) ﹡ r1S﹡ r2S
Second server is by FV2SIt is sent to controller.
8. according to a kind of authentication method of protection user name privacy of claim 1-7 any one of them, it is characterised in that:It is described Controller judges whether user identity is legal, specifically includes according to the first end value and the second end value:
Controller compares the first end value and the second end value, if the first end value is equal to the second end value, it is legal to judge, no Then, judge illegal.
9. according to a kind of authentication method of protection user name privacy of claim 1-7 any one of them, it is characterised in that:It is described Method client encryption before, further include:
First server and second server call modular multiplication component, mould exponentiation component to generate respective key pair respectively.
10. a kind of Verification System of protection user name privacy, it is characterised in that:The system comprises client, controller, first Server and second server;
The client, is encrypted for the user name to registration and is sent to controller, and to the user name of login into Row encrypting and transmitting is to controller;
The controller sends the user name ciphertext of login for the user name ciphertext of registration to be sent to first server Second end value of the first end value and second server transmission to second server, and according to first server transmission, Judge whether user identity is legal;
The first server calculates the first median and is sent to second server for the user name ciphertext according to registration, And the second median sent according to second server, it calculates the first end value and is sent to controller;
The second server calculates the second median and is sent to first server for the user name ciphertext according to login, And the first median sent according to first server, it calculates the second end value and is sent to controller.
CN201810412772.4A 2018-05-03 2018-05-03 Authentication method and system for protecting user name privacy Active CN108737390B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810412772.4A CN108737390B (en) 2018-05-03 2018-05-03 Authentication method and system for protecting user name privacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810412772.4A CN108737390B (en) 2018-05-03 2018-05-03 Authentication method and system for protecting user name privacy

Publications (2)

Publication Number Publication Date
CN108737390A true CN108737390A (en) 2018-11-02
CN108737390B CN108737390B (en) 2020-05-15

Family

ID=63936916

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810412772.4A Active CN108737390B (en) 2018-05-03 2018-05-03 Authentication method and system for protecting user name privacy

Country Status (1)

Country Link
CN (1) CN108737390B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110162998A (en) * 2019-04-29 2019-08-23 华南农业大学 Identity ciphering equivalence test method, device, system and medium based on user group
CN111310210A (en) * 2020-02-17 2020-06-19 复旦大学 Double-authentication symmetric searchable encryption algorithm based on password and secret signcryption
CN112069263A (en) * 2020-09-09 2020-12-11 上海万向区块链股份公司 Process data auditing method, system and medium based on block chain
CN113067702A (en) * 2021-03-17 2021-07-02 西安电子科技大学 Identity-based encryption method supporting ciphertext equivalence test function

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130212392A1 (en) * 2012-02-15 2013-08-15 Qnx Software Systems Limited Key management on device for perimeters
CN105409186A (en) * 2013-06-06 2016-03-16 耐瑞唯信有限公司 System and method for user authentication
CN106790064A (en) * 2016-12-20 2017-05-31 北京工业大学 The method that both sides are communicated in credible root server cloud computing server model

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130212392A1 (en) * 2012-02-15 2013-08-15 Qnx Software Systems Limited Key management on device for perimeters
CN105409186A (en) * 2013-06-06 2016-03-16 耐瑞唯信有限公司 System and method for user authentication
CN106790064A (en) * 2016-12-20 2017-05-31 北京工业大学 The method that both sides are communicated in credible root server cloud computing server model

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
RONGMAO CHEN等: "Dual-Server Public-Key Encryption With Keyword Search for Secure Cloud Storage", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110162998A (en) * 2019-04-29 2019-08-23 华南农业大学 Identity ciphering equivalence test method, device, system and medium based on user group
CN111310210A (en) * 2020-02-17 2020-06-19 复旦大学 Double-authentication symmetric searchable encryption algorithm based on password and secret signcryption
CN111310210B (en) * 2020-02-17 2022-06-17 复旦大学 Double-authentication symmetric searchable encryption method based on password and secret signcryption
CN112069263A (en) * 2020-09-09 2020-12-11 上海万向区块链股份公司 Process data auditing method, system and medium based on block chain
CN112069263B (en) * 2020-09-09 2023-08-25 上海万向区块链股份公司 Flow data auditing method, system and medium based on block chain
CN113067702A (en) * 2021-03-17 2021-07-02 西安电子科技大学 Identity-based encryption method supporting ciphertext equivalence test function

Also Published As

Publication number Publication date
CN108737390B (en) 2020-05-15

Similar Documents

Publication Publication Date Title
KR102493744B1 (en) Security Verification Method Based on Biometric Characteristics, Client Terminal, and Server
Wei et al. Mobishare: Flexible privacy-preserving location sharing in mobile online social networks
CN104065652B (en) A kind of auth method, device, system and relevant device
Arora et al. Cloud security ecosystem for data security and privacy
Zhang et al. Cryptographic public verification of data integrity for cloud storage systems
CN103916244B (en) Verification method and device
CN108737390A (en) Protect the authentication method and system of user name privacy
KR102065993B1 (en) Systems and methods to verify ownership of a telephone number and to track ownership reassignments
CN105791274B (en) A kind of distributed cryptographic storage and method for authenticating based on local area network
Yeh et al. Cryptanalysis of Hsiang‐Shih's authentication scheme for multi‐server architecture
CN113569263A (en) Secure processing method and device for cross-private-domain data and electronic equipment
Zhang et al. EL PASSO: efficient and lightweight privacy-preserving single sign on
CN106657002A (en) Novel crash-proof base correlation time multi-password identity authentication method
Niu et al. An effective and secure access control system scheme in the cloud
Zhang et al. El passo: privacy-preserving, asynchronous single sign-on
CN109726578B (en) Dynamic two-dimensional code anti-counterfeiting solution
CN105812356B (en) Anonymous query processing method facing cloud service system
Kumar et al. Ultra-lightweight blockchain-enabled RFID authentication protocol for supply chain in the domain of 5G mobile edge computing
CN110572392A (en) Identity authentication method based on HyperLegger network
US11445374B2 (en) Systems and methods for authenticating a subscriber identity module swap
Bhattacharya et al. ASPA-MOSN: An efficient user authentication scheme for phishing attack detection in mobile online social networks
Kaaniche et al. BDUA: Blockchain-based data usage auditing
Palit et al. AUGChain: blockchain-based mobile user authentication scheme in global mobility network
CN105743859B (en) A kind of method, apparatus and system of light application certification
Rajamanickam et al. EAPIOD: ECC based authentication protocol for insider attack protection in IoD scenario

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20231214

Address after: Room 308-A19, Building 1, No. 1963 Huaguan Road, Tianhe District, Guangzhou City, Guangdong Province, 510000 (office only)

Patentee after: GUANGZHOU RONGZHAN INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 510642 No. five, 483 mountain road, Guangzhou, Guangdong, Tianhe District

Patentee before: SOUTH CHINA AGRICULTURAL University

TR01 Transfer of patent right