CN109088888A - A kind of safety communicating method and its system based on smart card - Google Patents

A kind of safety communicating method and its system based on smart card Download PDF

Info

Publication number
CN109088888A
CN109088888A CN201811198551.8A CN201811198551A CN109088888A CN 109088888 A CN109088888 A CN 109088888A CN 201811198551 A CN201811198551 A CN 201811198551A CN 109088888 A CN109088888 A CN 109088888A
Authority
CN
China
Prior art keywords
user
server
smart card
password
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811198551.8A
Other languages
Chinese (zh)
Other versions
CN109088888B (en
Inventor
陈建铭
项斌
王景行
吴祖扬
吴明泰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong University of Science and Technology
Original Assignee
Shandong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong University of Science and Technology filed Critical Shandong University of Science and Technology
Priority to CN201811198551.8A priority Critical patent/CN109088888B/en
Publication of CN109088888A publication Critical patent/CN109088888A/en
Application granted granted Critical
Publication of CN109088888B publication Critical patent/CN109088888B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention provides a kind of safety communicating method based on smart card, wherein, the described method includes: input step: the username and password that the smart card and user for receiving insertion are inputted, wherein, the smart card memory contains the result data calculated in the registration information that server completes registration the user;Verification step: according to user described in the user name and the password authentification that the result data and the user are inputted whether be the smart card holder;Output step: after verifying the holder that the user is the smart card, the user name for being inputted the user using preset algorithm and the password carry out operation, and are sent to the server for operation result as log-on message.The present invention also provides a kind of safe communication systems based on smart card.Technical solution provided by the invention can effectively improve the safety of data.

Description

A kind of safety communicating method and its system based on smart card
Technical field
The present invention relates to technical field of data security more particularly to a kind of safety communicating method based on smart card and its it is System.
Background technique
The progress of computer network and the communications field expedites the emergence of out application system largely based on Internet of Things, such as Web bank System, cloud storage system, Telemedicine System etc..In such applications, user can at any time, and any place is stepped on Recording system handles personal dependencies.However, the information interchange between these application systems and user uses public letter Road, attacker can obtain the information of both sides' transmission by means such as monitorings, if only if using plaintext transmission data, that Some private informations of user are just completely exposed in face of attacker.
Therefore, the reliability and safety for how guaranteeing communication are exactly that industry needs improved target always.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of safety communicating method and its system based on smart card, purport In the safety for solving the problems, such as how to improve communication data in the prior art.
The present invention proposes a kind of safety communicating method based on smart card, is applied to client device, this method comprises:
Input step: the username and password that the smart card and user for receiving insertion are inputted, wherein the smart card Inside it is stored with the result data calculated in the registration information that server completes registration the user;
First verification step: the user name inputted according to the result data and the user and the password Verify the user whether be the smart card holder;
Output step: after verifying the holder that the user is the smart card, using preset algorithm by the use The user name and the password that family is inputted carry out operation, and are sent to operation result as log-on message and the visitor The server of family end equipment communication;
Second verification step: return information is received from the server, and according to the return information to the server It is verified;
It calculates step: after the server is by verifying, calculating the session key with the server communication.
Preferably, in the input step, the user specifically includes the step of server completes registration:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, lead to Cross generating algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWi} The server is sent to as registration information, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruct Parameter, | | indicate attended operation.
Preferably, described that the user is carried out in the registration information that server completes registration in the input step The step of calculating, specifically includes:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h (), P } make It is stored in after the smart card for the result data and the smart card is sent to user Ui, wherein PpubFor the service The public key of device, h () are hash function, and P is the server on an elliptic curve selected in initialization relevant parameter Basic point, and Ppub=xP, x are the private key of the server,Indicate xor operation.
Preferably, in first verification step, the verifying user whether be the smart card holder The step of specifically include:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information BIOi, according to restructing algorithmExtract the user UiBiological characteristic privately owned parameter Ri
Calculate RPWi=h (PWi||Ri) and Ci'=h (IDi||RPWi), and verify ci'=ciIt is whether true;
If set up, the holder that the user is the smart card is verified;
If invalid, login is terminated.
Preferably, in the output step, the step of preset algorithm, is specifically included:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP, And Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, TiBe sent to as log-on message and communicated with the client device described in Server.
On the other hand, the present invention also provides a kind of safe communication systems based on smart card, are applied to client device, should System includes:
Input module, the username and password that smart card and user for receiving insertion are inputted, wherein the intelligence The result data calculated in the registration information that server completes registration the user can be stored in card;
First authentication module, the user name for being inputted according to the result data and the user and described User described in password authentification whether be the smart card holder;
Output module, for after verifying the holder that the user is the smart card, using preset algorithm by institute It states the user name that user is inputted and the password carries out operation, and operation result is sent to as log-on message and institute State the server of client device communication;
Second authentication module, for receiving return information from the server, and according to the return information to the clothes Business device is verified;
Computing module, for calculating the session key with the server communication after server is by verifying.
Preferably, in the input module, the user specifically includes the step of server completes registration:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, lead to Cross generating algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWi} The server is sent to as registration information, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruct Parameter, | | indicate attended operation.
Preferably, described that the user is carried out in the registration information that server completes registration in the input module The step of calculating, specifically includes:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h ((), P } It is stored in after the smart card as the result data and the smart card is sent to user Ui, wherein PpubFor the clothes The public key of business device, h () are hash function, and P is server elliptic curve selected in initialization relevant parameter On basic point, and Ppub=xP, x are the private key of the server,Indicate xor operation.
Preferably, first authentication module is specifically used for:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information BIOi, according to restructing algorithmExtract the user UiBiological characteristic privately owned parameter Ri
Calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=CiIt is whether true;
If set up, the holder that the user is the smart card is verified;
If invalid, login is terminated.
Preferably, the output module is specifically used for:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP, And Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, TiBe sent to as log-on message and communicated with the client device described in Server.
Another aspect, the present invention also provides a kind of safety communicating methods based on smart card, are applied to server, wherein The described method includes:
Checking step: after receiving above-mentioned log-on message, T is checkedi-T′iWhether < Δ T is true, wherein TiIt is User sends timestamp when information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold;
It calculates step: calculating H 'i=xEi=x α P,F′i=h (ID 'i||A′i|| Ei||H′i||Ti) and examine F 'i=FiIt is whether true, if set up, to i-th of user UiCertification pass through;
Sending step: to i-th of user UiCertification pass through after, select a random number β and calculate Mi=β P, Gi=h (ID 'i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of user Ui, By i-th of user UiThe server is authenticated;
Key generation step: as i-th of user UiAfter passing through to the certification of the server, calculate and the client Session key SK=h (the α M of equipment communicationi||Ai||Ti||Ts)=h (β Ei||A′i||Ti||Ts)。
Another aspect, the present invention also provides a kind of safe communication systems based on smart card, are applied to server, wherein The system comprises:
Module is checked, for checking T after receiving above-mentioned log-on messagei-T′iWhether < Δ T is true, wherein TiIt is timestamp when user sends information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold;
Computing module, for calculating H 'i=xEi=x α P,F′i=h (ID 'i|| A′i||Ei| | Hi ' | | it Ti and examines Fi '=Fi whether true, if set up, the certification of i-th of user Ui is passed through;
Sending module, for i-th of user UiCertification pass through after, select a random number β and calculate Mi= β P, Gi=h ((ID 'i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of use Family Ui, by i-th of user UiThe server is authenticated;
Key production module, for as i-th of user UiAfter passing through to the certification of the server, calculate and the visitor Session key SK=h (the α M of family end equipment communicationi||Ai||Ti||Ts)=h ((β Ei||A′i||Ti||Ts)。
Technical solution provided by the invention uses the registration information of smart cards for storage user and sets in the client of user side It is standby to carry out authentication, to greatly improve the efficiency of certification, and authentication is carried out in server end due to having abandoned Design greatly alleviate the pressure of server end so server end does not need to store the registration information of a large amount of user, A possibility that server end is attacked is also reduced, to also greatly improve the safety of data.
Detailed description of the invention
Fig. 1 is the safety communicating method flow chart based on smart card in an embodiment of the present invention;
Fig. 2 is the schematic diagram of internal structure of the safe communication system 10 based on smart card in an embodiment of the present invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
A kind of safety communicating method based on smart card provided by the present invention will be described in detail below.
Referring to Fig. 1, for the safety communicating method flow chart based on smart card in an embodiment of the present invention.
In the present embodiment, the client device of user side should be applied to based on the safety communicating method of smart card, In, which is in communication with each other with long-range server, and authentication key exchanges (Authentication Key Exchange, AKE) it is a kind of authentication and key agreement mechanisms, the authenticity and confidentiality of demand for security are realized, AKE is operated in front of real session, is needed the authentication between the client device of user side and server and is negotiated This time key of communication.This remote user authentication and key exchange based on smart card (such as USB flash disk etc.) proposed by the present invention Scheme mainly includes 5 stages, is respectively as follows: initial phase, registration phase, entry stage, authentication phase and password modification Stage.
In initial phase, the relevant parameter of server initiation mainly selects an elliptic curve and in ellipse A basic point on curve, selects a hash function h (), selects a private key x and calculates Ppub=xP, wherein PpubFor the public key of the server, P is base of the server on an elliptic curve selected in initialization relevant parameter Point, x are the private key of the server.
In step sl, input step: the username and password that the smart card and user for receiving insertion are inputted, In, the smart card memory contains the result data calculated in the registration information that server completes registration the user.
In the present embodiment, in the input step, the user completes the step of registering in server and specifically wraps It includes:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, lead to Cross generating algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWi} The server is sent to as registration information, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruct Parameter, | | indicate attended operation.
In the present embodiment, in the input step, the registration for completing registration in server to the user The step of information is calculated specifically includes:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h (), P } make It is stored in after the smart card for the result data and the smart card is sent to user Ui, wherein PpubFor the service The public key of device, h () are hash function, and P is the server on an elliptic curve selected in initialization relevant parameter Basic point, and Ppub=xP, x are the private key of the server,Indicate xor operation.Server is by { Bi, Ci, Ppub, h () P } it is stored in after the smart card as the result data, the smart card can be returned to user Ui
As user UiIt, also can be by user U after the smart card for receiving server returniBiological characteristic reconstruct ginseng Number PiDeposit is wherein.
So far, registration phase is completed.
In step s 2, the first verification step: the user inputted according to the result data and the user Name and the password authentification described in user whether be the smart card holder.
In the present embodiment, chartered user UiLogging request can be sent to server.
In the present embodiment, in the verification step, whether the verifying user is holding for the smart card The step of person of having, specifically includes:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information BIOi, according to restructing algorithm Rep (BIO*i, Pi)=RiExtract the user UiBiological characteristic privately owned parameter Ri
Calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=CiIt is whether true;
If set up, the holder that the user is the smart card is verified;
If invalid, login is terminated.
In step s3, it exports step: after verifying the holder that the user is the smart card, utilizing pre- imputation The user name and the password that method is inputted the user carry out operation, and send operation result as log-on message Give the server of the client device communication.
In the present embodiment, in the output step, the step of preset algorithm, is specifically included:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP, And Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, TiIt is used as log-on message to be sent to the server.
In the present embodiment, above-mentioned verification step S1-S3 is carried out on the client device of the user Ui.
So far, entry stage is completed.
In step s 4, the second verification step: return information is received from the server, and according to the return information pair The server is verified;
In step s 5, it calculates step: after the server is by verifying, calculating the meeting with the server communication Talk about key.
The user U is received in serveriLanding request information after, authentication and key agreement will be carried out, this The step of process belongs to authentication phase, and the process in this conscientious stage is completed on the server, certification including the following steps:
Checking step: user U is being receivediLog-on message after, check Ti-T′iWhether < Δ T is true, wherein Ti It is timestamp when user sends information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold;Its In, if set up, execute subsequent step, if invalid, terminate user side client device and remote server it Between session;
It calculates step: calculating H 'i=xEi=x α P,F′i=h (ID 'i||A′i|| Ei||H′i||Ti) and examine F 'i=FiIt is whether true, if set up, to i-th of user UiCertification pass through, if not at It is vertical, then terminate the session between the client device of user side and remote server;
Sending step: to i-th of user UiCertification pass through after, select a random number β and calculate Mi=β P, Gi=h (ID 'i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of user Ui, By i-th of user UiThe server is authenticated;Wherein, i-th of user UiIt examines the server whether to authenticate to pass through The step of include: in i-th of user UiInspection receives information { Mi, Gi, TsAfter, examine Ts-T′sWhether < Δ T is true, if It sets up, then executes subsequent step, if invalid, terminate the meeting between the client device of user side and remote server Words, wherein TsIndicate timestamp when server sends information, T 'sIt indicates timestamp when server receives information, is judging Ts-T′sAfter < Δ T is set up, user UiCalculate G 'i=h (IDi||Ai||Mi||Hi||Ts), and examine G 'i=GiWhether at It is vertical, if set up, execute subsequent step, if invalid, terminate user side client device and remote server it Between session;
Key generation step: as i-th of user UiAfter passing through to the certification of the server, calculate and the client Session key SK=h (the α M of equipment communicationi||Ai||Ti||Ts)=h (β Ei||A′i||Ti||Ts)。
In the present embodiment, as user UiWhen the password for perceiving itself has the risk of leakage, password can be used The modification of modification stage completion password.The stage does not need any auxiliary from server, and main steps are as follows:
(1) user UiInput user name IDiWith password PWi, then input the biological information BIO of itselfiTo user UiVisitor Family end, user UiClient according to restructing algorithmExtract Ri
(2) user UiClient calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=Ci It is whether true.If set up, illustrate user UiIt is the holder of smart card, then executes (3) step;Otherwise, it terminates close Code modification.
(3) user UiInput user name IDiWith password PWi, smart card, which calculates, generates HPWi=h (PWi| | b) andAnd compareAnd BiIt is whether equal.If equal, illustrate user UiIt is the smart card Owner continues to execute subsequent step;Otherwise, Modify password request is terminated.
(4) user UiInput new passwordUser UiClient calculate generate parameter With
(5) user UiClient useWithTo replace BiAnd Ci, and will newly be worth write-in smart card.
Referring to Fig. 2, the structure for showing the safe communication system 10 in an embodiment of the present invention based on smart card is shown It is intended to.
In the present embodiment, the safe communication system 10 based on smart card mainly includes that input module 11, first is verified Module 12, output module 13, the second authentication module 14 and computing module 15, the safe communication system 10 based on smart card are applied to The client device of user side, the client device of the user side and long-range server communication.
Input module 11, the username and password that smart card and user for receiving insertion are inputted, wherein described Smart card memory contains the result data calculated in the registration information that server completes registration the user.
In the present embodiment, in the input module 11, the user is specific the step of server completes registration Include:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, lead to Cross generating algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWi} The server is sent to as registration information, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruct Parameter, | | indicate attended operation.
In the present embodiment, in the input module 11, the note for completing registration in server to the user The step of volume information is calculated specifically includes:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h (), P } make It is stored in after the smart card for the result data and the smart card is sent to user Ui, wherein PpubFor the service The public key of device, h () are hash function, and P is the server on an elliptic curve selected in initialization relevant parameter Basic point, and Ppub=xP, x are the private key of the server,Indicate xor operation.
First authentication module 12, the user name and institute for being inputted according to the result data and the user State user described in password authentification whether be the smart card holder.
In the present embodiment, the authentication module 12 is specifically used for:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information BIOi, according to restructing algorithmExtract the user UiBiological characteristic privately owned parameter Ri
Calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=CiIt is whether true;
If set up, the holder that the user is the smart card is verified;
If invalid, login is terminated.
Output module 13, for being incited somebody to action using preset algorithm after verifying the holder that the user is the smart card The user name that the user is inputted and the password carry out operation, and operation result is sent to as log-on message and The server of the client device communication.
In the present embodiment, the output module is specifically used for:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP, And Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, TiBe sent to as log-on message and communicated with the client device described in Server.
Second authentication module 14, for receiving return information from the server, and according to the return information to described Server is verified;
Computing module 15, for calculating close with the session of the server communication after server is by verifying Key.
In addition, the present invention also provides a kind of safe communication system based on smart card, be applied to server, the server with The client device of remote user side communicates, wherein the system comprises:
Module is checked, for checking T after receiving above-mentioned log-on messagei-T′iWhether < Δ T is true, wherein TiIt is timestamp when user sends information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold;
Computing module, for calculating H 'i=xEi=x α P,F′i=h (ID 'i|| A′i||Ei| | Hi ' | | it Ti and examines Fi '=Fi whether true, if set up, the certification of i-th of user Ui is passed through;
Sending module, for i-th of user UiCertification pass through after, select a random number β and calculate Mi= β P, Gi=h (ID 'i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of user Ui, by i-th of user UiThe server is authenticated;
Key production module, for as i-th of user UiAfter passing through to the certification of the server, calculate and the visitor Session key SK=h (the α M of family end equipment communicationi||Ai||Ti||Ts)=h (β Ei||A′i||Ti||Ts)。
Technical solution provided by the invention uses the registration information of smart cards for storage user and sets in the client of user side It is standby to carry out authentication, to greatly improve the efficiency of certification, and authentication is carried out in server end due to having abandoned Design greatly alleviate the pressure of server end so server end does not need to store the registration information of a large amount of user, A possibility that server end is attacked is also reduced, to also greatly improve the safety of data.
It is worth noting that, included each unit is only divided according to the functional logic in above-described embodiment, But it is not limited to the above division, as long as corresponding functions can be realized;In addition, the specific name of each functional unit It is only for convenience of distinguishing each other, the protection scope being not intended to restrict the invention.
In addition, those of ordinary skill in the art will appreciate that realizing all or part of the steps in the various embodiments described above method It is that relevant hardware can be instructed to complete by program, corresponding program can store to be situated between in a computer-readable storage In matter, the storage medium, such as ROM/RAM, disk or CD.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.

Claims (12)

1. a kind of safety communicating method based on smart card is applied to client device, which is characterized in that the described method includes:
Input step: the username and password that the smart card and user for receiving insertion are inputted, wherein the smart card memory Contain the result data calculated in the registration information that server completes registration the user;
First verification step: the user name and the password authentification inputted according to the result data and the user The user whether be the smart card holder;
Output step: after verifying the holder that the user is the smart card, using preset algorithm by the user institute The user name of input and the password carry out operation, and are sent to operation result as log-on message and the client The server of equipment communication;
Second verification step: return information is received from the server, and the server is carried out according to the return information Verifying;
It calculates step: after the server is by verifying, calculating the session key with the server communication.
2. as described in claim 1 based on the safety communicating method of smart card, which is characterized in that in the input step, The user specifically includes the step of server completes registration:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, pass through life At algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWiConduct Registration information is sent to the server, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruction parameter, | | indicate attended operation.
3. as claimed in claim 2 based on the safety communicating method of smart card, which is characterized in that in the input step, It is described that the user is specifically included the step of the registration information that server completes registration calculates:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h (), P } and it is used as institute It states result data and is stored in after the smart card and the smart card is sent to user Ui, wherein PpubFor the server Public key, h () are hash function, and P is base of the server on an elliptic curve selected in initialization relevant parameter Point, and Ppub=xP, x are the private key of the server,Indicate xor operation.
4. as claimed in claim 3 based on the safety communicating method of smart card, which is characterized in that in first verification step In, it is described to verify that the step of whether user is the holder of the smart card specifically includes:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information BIOi, root According to restructing algorithmExtract the user UiBiological characteristic privately owned parameter Ri
Calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=CiIt is whether true;
If set up, the holder that the user Ui is the smart card is verified;
If invalid, login is terminated.
5. as claimed in claim 4 based on the safety communicating method of smart card, which is characterized in that in the output step, The step of preset algorithm, specifically includes:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP,And Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, TiThe service communicated with the client device is sent to as log-on message Device.
6. a kind of safe communication system based on smart card is applied to client device, which is characterized in that the system comprises:
Input module, the username and password that smart card and user for receiving insertion are inputted, wherein the smart card Inside it is stored with the result data calculated in the registration information that server completes registration the user;
First authentication module, the user name and the password for being inputted according to the result data and the user Verify the user whether be the smart card holder;
Output module, for after verifying the holder that the user is the smart card, using preset algorithm by the use The user name and the password that family is inputted carry out operation, and are sent to operation result as log-on message and the visitor The server of family end equipment communication;
Second authentication module, for receiving return information from the server, and according to the return information to the server It is verified;
Computing module, for calculating the session key with the server communication after server is by verifying.
7. as claimed in claim 6 based on the safe communication system of smart card, which is characterized in that in the input module, The user specifically includes the step of server completes registration:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, pass through life At algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWiConduct Registration information is sent to the server, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruction parameter, | | indicate attended operation.
8. as claimed in claim 7 based on the safe communication system of smart card, which is characterized in that in the input module, It is described that the user is specifically included the step of the registration information that server completes registration calculates:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h (), P } and it is used as institute It states result data and is stored in after the smart card and the smart card is sent to user Ui, wherein PpubFor the server Public key, h () are hash function, and P is base of the server on an elliptic curve selected in initialization relevant parameter Point, and Ppub=xP, x are the private key of the server,Indicate xor operation.
9. as claimed in claim 8 based on the safe communication system of smart card, which is characterized in that the first authentication module tool Body is used for:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information BIOi, root According to restructing algorithmExtract the user UiBiological characteristic privately owned parameter Ri
Calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=CiIt is whether true;
If set up, the holder that the user is the smart card is verified;
If invalid, login is terminated.
10. as claimed in claim 9 based on the safe communication system of smart card, which is characterized in that the output module is specific For:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP,And Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, FiThe service communicated with the client device is sent to as log-on message Device.
11. a kind of safety communicating method based on smart card is applied to server, which is characterized in that the described method includes:
Checking step: after receiving log-on message described in claim 5, T is checkedi-T′iWhether < Δ T is true, wherein TiIt is timestamp when user sends information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold;
It calculates step: calculating H 'i=xEi=x α P,F′i=h (ID 'i||Ai′// It Ei//Hi ' //Ti and examines Fi '=Fi whether true, if set up, the certification of i-th of user Ui is passed through;
Sending step: to i-th of user UiCertification pass through after, select a random number β and calculate Mi=β P, Gi=h (ID′i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of user Ui, with by I-th of user UiThe server is authenticated;
Key generation step: as i-th of user UiAfter passing through to the certification of the server, calculate and the client device Session key Sk=h (the α M of communicationi||Ai||Ti||Ts)=h (β Ei||A′i||Ti||Ts)。
12. a kind of safe communication system based on smart card is applied to server, which is characterized in that the system comprises:
Module is checked, for checking T after receiving log-on message described in any one of claim 10i-T′iWhether < Δ T is true, Wherein, TiIt is timestamp when user sends information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold Value;
Computing module, for calculating H 'i=xEi=x α P,F′i=h (ID 'i||A′i ||Ei||H′i||Ti) and examine F 'i=FiIt is whether true, if set up, to i-th of user UiCertification pass through;
Sending module, for i-th of user UiCertification pass through after, select a random number β and calculate Mi=β P, Gi=((ID 'i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of user Ui, By i-th of user UiThe server is authenticated;
Key production module, for as i-th of user UiAfter passing through to the certification of the server, calculate and the client Session key SK=h (the α M of equipment communicationi||Ai||Ti||Ts)=h (β Ei||A′i||Ti||Ts)。
CN201811198551.8A 2018-10-15 2018-10-15 Secure communication method and system based on smart card Expired - Fee Related CN109088888B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811198551.8A CN109088888B (en) 2018-10-15 2018-10-15 Secure communication method and system based on smart card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811198551.8A CN109088888B (en) 2018-10-15 2018-10-15 Secure communication method and system based on smart card

Publications (2)

Publication Number Publication Date
CN109088888A true CN109088888A (en) 2018-12-25
CN109088888B CN109088888B (en) 2021-02-05

Family

ID=64843490

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811198551.8A Expired - Fee Related CN109088888B (en) 2018-10-15 2018-10-15 Secure communication method and system based on smart card

Country Status (1)

Country Link
CN (1) CN109088888B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109714167A (en) * 2019-03-15 2019-05-03 北京邮电大学 Authentication and cryptographic key negotiation method and equipment suitable for mobile application signature
CN113765856A (en) * 2020-06-04 2021-12-07 中移(成都)信息通信科技有限公司 Identity authentication method, device, equipment and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1463117A (en) * 2003-05-22 2003-12-24 中国科学院计算技术研究所 Safety communication method between communication system of networking computer and user oriented network layer
CN103338201A (en) * 2013-07-02 2013-10-02 山东科技大学 Remote identity authentication method participated in by registration center under multi-sever environment
CN105119721A (en) * 2015-08-06 2015-12-02 山东科技大学 Three-factor remote identity authentication method based on intelligent card

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1463117A (en) * 2003-05-22 2003-12-24 中国科学院计算技术研究所 Safety communication method between communication system of networking computer and user oriented network layer
CN103338201A (en) * 2013-07-02 2013-10-02 山东科技大学 Remote identity authentication method participated in by registration center under multi-sever environment
CN105119721A (en) * 2015-08-06 2015-12-02 山东科技大学 Three-factor remote identity authentication method based on intelligent card

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
CHIEN MING CHEN 等: "《On the Security of a Mutual Authentication and Key Agreement Protocol Based on Chaotic Maps》", 《2015 THIRD INTERNATIONAL CONFERENCE ON ROBOT, VISION AND SIGNAL PROCESSING (RVSP)》 *
娄进举: "《高速公路信息管理模式与应用研究》", 《中国优秀硕士学位论文全文数据库工程科技Ⅱ辑》 *
王倩: "《基于口令的智能卡认证密钥协商协议的研究与设计》", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109714167A (en) * 2019-03-15 2019-05-03 北京邮电大学 Authentication and cryptographic key negotiation method and equipment suitable for mobile application signature
CN109714167B (en) * 2019-03-15 2020-08-25 北京邮电大学 Identity authentication and key agreement method and equipment suitable for mobile application signature
CN113765856A (en) * 2020-06-04 2021-12-07 中移(成都)信息通信科技有限公司 Identity authentication method, device, equipment and medium
CN113765856B (en) * 2020-06-04 2023-09-08 中移(成都)信息通信科技有限公司 Identity authentication method, device, equipment and medium

Also Published As

Publication number Publication date
CN109088888B (en) 2021-02-05

Similar Documents

Publication Publication Date Title
US20220058655A1 (en) Authentication system
CN103795534B (en) Authentication method and apparatus for carrying out the method based on password
Gunasinghe et al. PrivBioMTAuth: Privacy preserving biometrics-based and user centric protocol for user authentication from mobile phones
US8627424B1 (en) Device bound OTP generation
EP2737656B1 (en) Credential validation
CN109983466A (en) A kind of account management system and management method, storage medium based on block chain
CN102983971B (en) Certificateless signature algorithm for user identity authentication in network environment
CN110337797A (en) Method for executing two-factor authentication
US9882890B2 (en) Reissue of cryptographic credentials
CN106790303B (en) The data integrity verification method completed in cloud storage by third party
CN106130716A (en) Cipher key exchange system based on authentication information and method
CN101216915B (en) A secured mobile payment method
CN103853950A (en) Authentication method based on mobile terminal and mobile terminal
CN109844787A (en) A kind of hardware wallet, transaction system and storage medium based on block chain
KR20120007509A (en) Method for authenticating identity and generating share key
CN104660412A (en) Password-less security authentication method and system for mobile equipment
CN110099048A (en) A kind of cloud storage method and apparatus
US11810110B2 (en) Method of processing a transaction sent from a proof entity
CN111222879A (en) Certificateless authentication method and certificateless authentication system suitable for alliance chain
CN109039656A (en) SM9 Combination with Digital endorsement method, device and computer equipment
CN109067544A (en) A kind of private key verification method, the apparatus and system of soft or hard combination
CN103297237B (en) Identity registration and authentication method, system, personal authentication apparatus and certificate server
CN109088888A (en) A kind of safety communicating method and its system based on smart card
CN107248997A (en) Authentication method based on smart card under environment of multi-server
CN111353780A (en) Authorization verification method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210205

Termination date: 20211015