CN109088888A - A kind of safety communicating method and its system based on smart card - Google Patents
A kind of safety communicating method and its system based on smart card Download PDFInfo
- Publication number
- CN109088888A CN109088888A CN201811198551.8A CN201811198551A CN109088888A CN 109088888 A CN109088888 A CN 109088888A CN 201811198551 A CN201811198551 A CN 201811198551A CN 109088888 A CN109088888 A CN 109088888A
- Authority
- CN
- China
- Prior art keywords
- user
- server
- smart card
- password
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention provides a kind of safety communicating method based on smart card, wherein, the described method includes: input step: the username and password that the smart card and user for receiving insertion are inputted, wherein, the smart card memory contains the result data calculated in the registration information that server completes registration the user;Verification step: according to user described in the user name and the password authentification that the result data and the user are inputted whether be the smart card holder;Output step: after verifying the holder that the user is the smart card, the user name for being inputted the user using preset algorithm and the password carry out operation, and are sent to the server for operation result as log-on message.The present invention also provides a kind of safe communication systems based on smart card.Technical solution provided by the invention can effectively improve the safety of data.
Description
Technical field
The present invention relates to technical field of data security more particularly to a kind of safety communicating method based on smart card and its it is
System.
Background technique
The progress of computer network and the communications field expedites the emergence of out application system largely based on Internet of Things, such as Web bank
System, cloud storage system, Telemedicine System etc..In such applications, user can at any time, and any place is stepped on
Recording system handles personal dependencies.However, the information interchange between these application systems and user uses public letter
Road, attacker can obtain the information of both sides' transmission by means such as monitorings, if only if using plaintext transmission data, that
Some private informations of user are just completely exposed in face of attacker.
Therefore, the reliability and safety for how guaranteeing communication are exactly that industry needs improved target always.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of safety communicating method and its system based on smart card, purport
In the safety for solving the problems, such as how to improve communication data in the prior art.
The present invention proposes a kind of safety communicating method based on smart card, is applied to client device, this method comprises:
Input step: the username and password that the smart card and user for receiving insertion are inputted, wherein the smart card
Inside it is stored with the result data calculated in the registration information that server completes registration the user;
First verification step: the user name inputted according to the result data and the user and the password
Verify the user whether be the smart card holder;
Output step: after verifying the holder that the user is the smart card, using preset algorithm by the use
The user name and the password that family is inputted carry out operation, and are sent to operation result as log-on message and the visitor
The server of family end equipment communication;
Second verification step: return information is received from the server, and according to the return information to the server
It is verified;
It calculates step: after the server is by verifying, calculating the session key with the server communication.
Preferably, in the input step, the user specifically includes the step of server completes registration:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, lead to
Cross generating algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWi}
The server is sent to as registration information, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruct
Parameter, | | indicate attended operation.
Preferably, described that the user is carried out in the registration information that server completes registration in the input step
The step of calculating, specifically includes:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h (), P } make
It is stored in after the smart card for the result data and the smart card is sent to user Ui, wherein PpubFor the service
The public key of device, h () are hash function, and P is the server on an elliptic curve selected in initialization relevant parameter
Basic point, and Ppub=xP, x are the private key of the server,Indicate xor operation.
Preferably, in first verification step, the verifying user whether be the smart card holder
The step of specifically include:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information
BIOi, according to restructing algorithmExtract the user UiBiological characteristic privately owned parameter Ri;
Calculate RPWi=h (PWi||Ri) and Ci'=h (IDi||RPWi), and verify ci'=ciIt is whether true;
If set up, the holder that the user is the smart card is verified;
If invalid, login is terminated.
Preferably, in the output step, the step of preset algorithm, is specifically included:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP,
And Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, TiBe sent to as log-on message and communicated with the client device described in
Server.
On the other hand, the present invention also provides a kind of safe communication systems based on smart card, are applied to client device, should
System includes:
Input module, the username and password that smart card and user for receiving insertion are inputted, wherein the intelligence
The result data calculated in the registration information that server completes registration the user can be stored in card;
First authentication module, the user name for being inputted according to the result data and the user and described
User described in password authentification whether be the smart card holder;
Output module, for after verifying the holder that the user is the smart card, using preset algorithm by institute
It states the user name that user is inputted and the password carries out operation, and operation result is sent to as log-on message and institute
State the server of client device communication;
Second authentication module, for receiving return information from the server, and according to the return information to the clothes
Business device is verified;
Computing module, for calculating the session key with the server communication after server is by verifying.
Preferably, in the input module, the user specifically includes the step of server completes registration:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, lead to
Cross generating algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWi}
The server is sent to as registration information, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruct
Parameter, | | indicate attended operation.
Preferably, described that the user is carried out in the registration information that server completes registration in the input module
The step of calculating, specifically includes:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h ((), P }
It is stored in after the smart card as the result data and the smart card is sent to user Ui, wherein PpubFor the clothes
The public key of business device, h () are hash function, and P is server elliptic curve selected in initialization relevant parameter
On basic point, and Ppub=xP, x are the private key of the server,Indicate xor operation.
Preferably, first authentication module is specifically used for:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information
BIOi, according to restructing algorithmExtract the user UiBiological characteristic privately owned parameter Ri;
Calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=CiIt is whether true;
If set up, the holder that the user is the smart card is verified;
If invalid, login is terminated.
Preferably, the output module is specifically used for:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP,
And Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, TiBe sent to as log-on message and communicated with the client device described in
Server.
Another aspect, the present invention also provides a kind of safety communicating methods based on smart card, are applied to server, wherein
The described method includes:
Checking step: after receiving above-mentioned log-on message, T is checkedi-T′iWhether < Δ T is true, wherein TiIt is
User sends timestamp when information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold;
It calculates step: calculating H 'i=xEi=x α P,F′i=h (ID 'i||A′i||
Ei||H′i||Ti) and examine F 'i=FiIt is whether true, if set up, to i-th of user UiCertification pass through;
Sending step: to i-th of user UiCertification pass through after, select a random number β and calculate Mi=β P,
Gi=h (ID 'i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of user Ui,
By i-th of user UiThe server is authenticated;
Key generation step: as i-th of user UiAfter passing through to the certification of the server, calculate and the client
Session key SK=h (the α M of equipment communicationi||Ai||Ti||Ts)=h (β Ei||A′i||Ti||Ts)。
Another aspect, the present invention also provides a kind of safe communication systems based on smart card, are applied to server, wherein
The system comprises:
Module is checked, for checking T after receiving above-mentioned log-on messagei-T′iWhether < Δ T is true, wherein
TiIt is timestamp when user sends information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold;
Computing module, for calculating H 'i=xEi=x α P,F′i=h (ID 'i||
A′i||Ei| | Hi ' | | it Ti and examines Fi '=Fi whether true, if set up, the certification of i-th of user Ui is passed through;
Sending module, for i-th of user UiCertification pass through after, select a random number β and calculate Mi=
β P, Gi=h ((ID 'i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of use
Family Ui, by i-th of user UiThe server is authenticated;
Key production module, for as i-th of user UiAfter passing through to the certification of the server, calculate and the visitor
Session key SK=h (the α M of family end equipment communicationi||Ai||Ti||Ts)=h ((β Ei||A′i||Ti||Ts)。
Technical solution provided by the invention uses the registration information of smart cards for storage user and sets in the client of user side
It is standby to carry out authentication, to greatly improve the efficiency of certification, and authentication is carried out in server end due to having abandoned
Design greatly alleviate the pressure of server end so server end does not need to store the registration information of a large amount of user,
A possibility that server end is attacked is also reduced, to also greatly improve the safety of data.
Detailed description of the invention
Fig. 1 is the safety communicating method flow chart based on smart card in an embodiment of the present invention;
Fig. 2 is the schematic diagram of internal structure of the safe communication system 10 based on smart card in an embodiment of the present invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
A kind of safety communicating method based on smart card provided by the present invention will be described in detail below.
Referring to Fig. 1, for the safety communicating method flow chart based on smart card in an embodiment of the present invention.
In the present embodiment, the client device of user side should be applied to based on the safety communicating method of smart card,
In, which is in communication with each other with long-range server, and authentication key exchanges (Authentication Key
Exchange, AKE) it is a kind of authentication and key agreement mechanisms, the authenticity and confidentiality of demand for security are realized,
AKE is operated in front of real session, is needed the authentication between the client device of user side and server and is negotiated
This time key of communication.This remote user authentication and key exchange based on smart card (such as USB flash disk etc.) proposed by the present invention
Scheme mainly includes 5 stages, is respectively as follows: initial phase, registration phase, entry stage, authentication phase and password modification
Stage.
In initial phase, the relevant parameter of server initiation mainly selects an elliptic curve and in ellipse
A basic point on curve, selects a hash function h (), selects a private key x and calculates Ppub=xP, wherein
PpubFor the public key of the server, P is base of the server on an elliptic curve selected in initialization relevant parameter
Point, x are the private key of the server.
In step sl, input step: the username and password that the smart card and user for receiving insertion are inputted,
In, the smart card memory contains the result data calculated in the registration information that server completes registration the user.
In the present embodiment, in the input step, the user completes the step of registering in server and specifically wraps
It includes:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, lead to
Cross generating algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWi}
The server is sent to as registration information, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruct
Parameter, | | indicate attended operation.
In the present embodiment, in the input step, the registration for completing registration in server to the user
The step of information is calculated specifically includes:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h (), P } make
It is stored in after the smart card for the result data and the smart card is sent to user Ui, wherein PpubFor the service
The public key of device, h () are hash function, and P is the server on an elliptic curve selected in initialization relevant parameter
Basic point, and Ppub=xP, x are the private key of the server,Indicate xor operation.Server is by { Bi, Ci, Ppub, h
() P } it is stored in after the smart card as the result data, the smart card can be returned to user Ui。
As user UiIt, also can be by user U after the smart card for receiving server returniBiological characteristic reconstruct ginseng
Number PiDeposit is wherein.
So far, registration phase is completed.
In step s 2, the first verification step: the user inputted according to the result data and the user
Name and the password authentification described in user whether be the smart card holder.
In the present embodiment, chartered user UiLogging request can be sent to server.
In the present embodiment, in the verification step, whether the verifying user is holding for the smart card
The step of person of having, specifically includes:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information
BIOi, according to restructing algorithm Rep (BIO*i, Pi)=RiExtract the user UiBiological characteristic privately owned parameter Ri;
Calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=CiIt is whether true;
If set up, the holder that the user is the smart card is verified;
If invalid, login is terminated.
In step s3, it exports step: after verifying the holder that the user is the smart card, utilizing pre- imputation
The user name and the password that method is inputted the user carry out operation, and send operation result as log-on message
Give the server of the client device communication.
In the present embodiment, in the output step, the step of preset algorithm, is specifically included:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP,
And Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, TiIt is used as log-on message to be sent to the server.
In the present embodiment, above-mentioned verification step S1-S3 is carried out on the client device of the user Ui.
So far, entry stage is completed.
In step s 4, the second verification step: return information is received from the server, and according to the return information pair
The server is verified;
In step s 5, it calculates step: after the server is by verifying, calculating the meeting with the server communication
Talk about key.
The user U is received in serveriLanding request information after, authentication and key agreement will be carried out, this
The step of process belongs to authentication phase, and the process in this conscientious stage is completed on the server, certification including the following steps:
Checking step: user U is being receivediLog-on message after, check Ti-T′iWhether < Δ T is true, wherein Ti
It is timestamp when user sends information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold;Its
In, if set up, execute subsequent step, if invalid, terminate user side client device and remote server it
Between session;
It calculates step: calculating H 'i=xEi=x α P,F′i=h (ID 'i||A′i||
Ei||H′i||Ti) and examine F 'i=FiIt is whether true, if set up, to i-th of user UiCertification pass through, if not at
It is vertical, then terminate the session between the client device of user side and remote server;
Sending step: to i-th of user UiCertification pass through after, select a random number β and calculate Mi=β P,
Gi=h (ID 'i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of user Ui,
By i-th of user UiThe server is authenticated;Wherein, i-th of user UiIt examines the server whether to authenticate to pass through
The step of include: in i-th of user UiInspection receives information { Mi, Gi, TsAfter, examine Ts-T′sWhether < Δ T is true, if
It sets up, then executes subsequent step, if invalid, terminate the meeting between the client device of user side and remote server
Words, wherein TsIndicate timestamp when server sends information, T 'sIt indicates timestamp when server receives information, is judging
Ts-T′sAfter < Δ T is set up, user UiCalculate G 'i=h (IDi||Ai||Mi||Hi||Ts), and examine G 'i=GiWhether at
It is vertical, if set up, execute subsequent step, if invalid, terminate user side client device and remote server it
Between session;
Key generation step: as i-th of user UiAfter passing through to the certification of the server, calculate and the client
Session key SK=h (the α M of equipment communicationi||Ai||Ti||Ts)=h (β Ei||A′i||Ti||Ts)。
In the present embodiment, as user UiWhen the password for perceiving itself has the risk of leakage, password can be used
The modification of modification stage completion password.The stage does not need any auxiliary from server, and main steps are as follows:
(1) user UiInput user name IDiWith password PWi, then input the biological information BIO of itselfiTo user UiVisitor
Family end, user UiClient according to restructing algorithmExtract Ri。
(2) user UiClient calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=Ci
It is whether true.If set up, illustrate user UiIt is the holder of smart card, then executes (3) step;Otherwise, it terminates close
Code modification.
(3) user UiInput user name IDiWith password PWi, smart card, which calculates, generates HPWi=h (PWi| | b) andAnd compareAnd BiIt is whether equal.If equal, illustrate user UiIt is the smart card
Owner continues to execute subsequent step;Otherwise, Modify password request is terminated.
(4) user UiInput new passwordUser UiClient calculate generate parameter With
(5) user UiClient useWithTo replace BiAnd Ci, and will newly be worth write-in smart card.
Referring to Fig. 2, the structure for showing the safe communication system 10 in an embodiment of the present invention based on smart card is shown
It is intended to.
In the present embodiment, the safe communication system 10 based on smart card mainly includes that input module 11, first is verified
Module 12, output module 13, the second authentication module 14 and computing module 15, the safe communication system 10 based on smart card are applied to
The client device of user side, the client device of the user side and long-range server communication.
Input module 11, the username and password that smart card and user for receiving insertion are inputted, wherein described
Smart card memory contains the result data calculated in the registration information that server completes registration the user.
In the present embodiment, in the input module 11, the user is specific the step of server completes registration
Include:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, lead to
Cross generating algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWi}
The server is sent to as registration information, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruct
Parameter, | | indicate attended operation.
In the present embodiment, in the input module 11, the note for completing registration in server to the user
The step of volume information is calculated specifically includes:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h (), P } make
It is stored in after the smart card for the result data and the smart card is sent to user Ui, wherein PpubFor the service
The public key of device, h () are hash function, and P is the server on an elliptic curve selected in initialization relevant parameter
Basic point, and Ppub=xP, x are the private key of the server,Indicate xor operation.
First authentication module 12, the user name and institute for being inputted according to the result data and the user
State user described in password authentification whether be the smart card holder.
In the present embodiment, the authentication module 12 is specifically used for:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information
BIOi, according to restructing algorithmExtract the user UiBiological characteristic privately owned parameter Ri;
Calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=CiIt is whether true;
If set up, the holder that the user is the smart card is verified;
If invalid, login is terminated.
Output module 13, for being incited somebody to action using preset algorithm after verifying the holder that the user is the smart card
The user name that the user is inputted and the password carry out operation, and operation result is sent to as log-on message and
The server of the client device communication.
In the present embodiment, the output module is specifically used for:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP,
And Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, TiBe sent to as log-on message and communicated with the client device described in
Server.
Second authentication module 14, for receiving return information from the server, and according to the return information to described
Server is verified;
Computing module 15, for calculating close with the session of the server communication after server is by verifying
Key.
In addition, the present invention also provides a kind of safe communication system based on smart card, be applied to server, the server with
The client device of remote user side communicates, wherein the system comprises:
Module is checked, for checking T after receiving above-mentioned log-on messagei-T′iWhether < Δ T is true, wherein
TiIt is timestamp when user sends information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold;
Computing module, for calculating H 'i=xEi=x α P,F′i=h (ID 'i||
A′i||Ei| | Hi ' | | it Ti and examines Fi '=Fi whether true, if set up, the certification of i-th of user Ui is passed through;
Sending module, for i-th of user UiCertification pass through after, select a random number β and calculate Mi=
β P, Gi=h (ID 'i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of user
Ui, by i-th of user UiThe server is authenticated;
Key production module, for as i-th of user UiAfter passing through to the certification of the server, calculate and the visitor
Session key SK=h (the α M of family end equipment communicationi||Ai||Ti||Ts)=h (β Ei||A′i||Ti||Ts)。
Technical solution provided by the invention uses the registration information of smart cards for storage user and sets in the client of user side
It is standby to carry out authentication, to greatly improve the efficiency of certification, and authentication is carried out in server end due to having abandoned
Design greatly alleviate the pressure of server end so server end does not need to store the registration information of a large amount of user,
A possibility that server end is attacked is also reduced, to also greatly improve the safety of data.
It is worth noting that, included each unit is only divided according to the functional logic in above-described embodiment,
But it is not limited to the above division, as long as corresponding functions can be realized;In addition, the specific name of each functional unit
It is only for convenience of distinguishing each other, the protection scope being not intended to restrict the invention.
In addition, those of ordinary skill in the art will appreciate that realizing all or part of the steps in the various embodiments described above method
It is that relevant hardware can be instructed to complete by program, corresponding program can store to be situated between in a computer-readable storage
In matter, the storage medium, such as ROM/RAM, disk or CD.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.
Claims (12)
1. a kind of safety communicating method based on smart card is applied to client device, which is characterized in that the described method includes:
Input step: the username and password that the smart card and user for receiving insertion are inputted, wherein the smart card memory
Contain the result data calculated in the registration information that server completes registration the user;
First verification step: the user name and the password authentification inputted according to the result data and the user
The user whether be the smart card holder;
Output step: after verifying the holder that the user is the smart card, using preset algorithm by the user institute
The user name of input and the password carry out operation, and are sent to operation result as log-on message and the client
The server of equipment communication;
Second verification step: return information is received from the server, and the server is carried out according to the return information
Verifying;
It calculates step: after the server is by verifying, calculating the session key with the server communication.
2. as described in claim 1 based on the safety communicating method of smart card, which is characterized in that in the input step,
The user specifically includes the step of server completes registration:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, pass through life
At algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWiConduct
Registration information is sent to the server, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruction parameter,
| | indicate attended operation.
3. as claimed in claim 2 based on the safety communicating method of smart card, which is characterized in that in the input step,
It is described that the user is specifically included the step of the registration information that server completes registration calculates:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h (), P } and it is used as institute
It states result data and is stored in after the smart card and the smart card is sent to user Ui, wherein PpubFor the server
Public key, h () are hash function, and P is base of the server on an elliptic curve selected in initialization relevant parameter
Point, and Ppub=xP, x are the private key of the server,Indicate xor operation.
4. as claimed in claim 3 based on the safety communicating method of smart card, which is characterized in that in first verification step
In, it is described to verify that the step of whether user is the holder of the smart card specifically includes:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information BIOi, root
According to restructing algorithmExtract the user UiBiological characteristic privately owned parameter Ri;
Calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=CiIt is whether true;
If set up, the holder that the user Ui is the smart card is verified;
If invalid, login is terminated.
5. as claimed in claim 4 based on the safety communicating method of smart card, which is characterized in that in the output step,
The step of preset algorithm, specifically includes:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP,And
Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, TiThe service communicated with the client device is sent to as log-on message
Device.
6. a kind of safe communication system based on smart card is applied to client device, which is characterized in that the system comprises:
Input module, the username and password that smart card and user for receiving insertion are inputted, wherein the smart card
Inside it is stored with the result data calculated in the registration information that server completes registration the user;
First authentication module, the user name and the password for being inputted according to the result data and the user
Verify the user whether be the smart card holder;
Output module, for after verifying the holder that the user is the smart card, using preset algorithm by the use
The user name and the password that family is inputted carry out operation, and are sent to operation result as log-on message and the visitor
The server of family end equipment communication;
Second authentication module, for receiving return information from the server, and according to the return information to the server
It is verified;
Computing module, for calculating the session key with the server communication after server is by verifying.
7. as claimed in claim 6 based on the safe communication system of smart card, which is characterized in that in the input module,
The user specifically includes the step of server completes registration:
The user selects the user name IDiWith the password PWi, and input the biological information BIO of the useri, pass through life
At algorithm Gen (BIOi)=(Ri, Pi) extract (Ri, Pi), and calculate RPWi=h (PWi||Ri), then by { IDi, RPWiConduct
Registration information is sent to the server, wherein Ri, PiIt is user U respectivelyiBiological characteristic privately owned parameter and reconstruction parameter,
| | indicate attended operation.
8. as claimed in claim 7 based on the safe communication system of smart card, which is characterized in that in the input module,
It is described that the user is specifically included the step of the registration information that server completes registration calculates:
It calculatesCi=h (IDi||RPWi), and by { Bi, Ci, Ppub, h (), P } and it is used as institute
It states result data and is stored in after the smart card and the smart card is sent to user Ui, wherein PpubFor the server
Public key, h () are hash function, and P is base of the server on an elliptic curve selected in initialization relevant parameter
Point, and Ppub=xP, x are the private key of the server,Indicate xor operation.
9. as claimed in claim 8 based on the safe communication system of smart card, which is characterized in that the first authentication module tool
Body is used for:
The user UiInput the user name IDiWith the password PWi, and input the user UiBiological information BIOi, root
According to restructing algorithmExtract the user UiBiological characteristic privately owned parameter Ri;
Calculate RPWi=h (PWi||Ri) and C 'i=h (IDi||RPWi), and verify C 'i=CiIt is whether true;
If set up, the holder that the user is the smart card is verified;
If invalid, login is terminated.
10. as claimed in claim 9 based on the safe communication system of smart card, which is characterized in that the output module is specific
For:
It selects a random number α and calculates Ei=α P, Hi=α Ppub=α xP,And
Fi=h (IDi||Ai||Ei||Hi||Ti);
By operation result { AIDi, Ei, Fi, FiThe service communicated with the client device is sent to as log-on message
Device.
11. a kind of safety communicating method based on smart card is applied to server, which is characterized in that the described method includes:
Checking step: after receiving log-on message described in claim 5, T is checkedi-T′iWhether < Δ T is true, wherein
TiIt is timestamp when user sends information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold;
It calculates step: calculating H 'i=xEi=x α P,F′i=h (ID 'i||Ai′//
It Ei//Hi ' //Ti and examines Fi '=Fi whether true, if set up, the certification of i-th of user Ui is passed through;
Sending step: to i-th of user UiCertification pass through after, select a random number β and calculate Mi=β P, Gi=h
(ID′i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of user Ui, with by
I-th of user UiThe server is authenticated;
Key generation step: as i-th of user UiAfter passing through to the certification of the server, calculate and the client device
Session key Sk=h (the α M of communicationi||Ai||Ti||Ts)=h (β Ei||A′i||Ti||Ts)。
12. a kind of safe communication system based on smart card is applied to server, which is characterized in that the system comprises:
Module is checked, for checking T after receiving log-on message described in any one of claim 10i-T′iWhether < Δ T is true,
Wherein, TiIt is timestamp when user sends information, T 'iIt is timestamp when user receives information, Δ T is preset time threshold
Value;
Computing module, for calculating H 'i=xEi=x α P,F′i=h (ID 'i||A′i
||Ei||H′i||Ti) and examine F 'i=FiIt is whether true, if set up, to i-th of user UiCertification pass through;
Sending module, for i-th of user UiCertification pass through after, select a random number β and calculate Mi=β P,
Gi=((ID 'i||A′i||Mi||H′i||Ts), then by { Mi, Gi, TsIt is used as the return information to return to i-th of user Ui,
By i-th of user UiThe server is authenticated;
Key production module, for as i-th of user UiAfter passing through to the certification of the server, calculate and the client
Session key SK=h (the α M of equipment communicationi||Ai||Ti||Ts)=h (β Ei||A′i||Ti||Ts)。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811198551.8A CN109088888B (en) | 2018-10-15 | 2018-10-15 | Secure communication method and system based on smart card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811198551.8A CN109088888B (en) | 2018-10-15 | 2018-10-15 | Secure communication method and system based on smart card |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109088888A true CN109088888A (en) | 2018-12-25 |
CN109088888B CN109088888B (en) | 2021-02-05 |
Family
ID=64843490
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811198551.8A Expired - Fee Related CN109088888B (en) | 2018-10-15 | 2018-10-15 | Secure communication method and system based on smart card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109088888B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714167A (en) * | 2019-03-15 | 2019-05-03 | 北京邮电大学 | Authentication and cryptographic key negotiation method and equipment suitable for mobile application signature |
CN113765856A (en) * | 2020-06-04 | 2021-12-07 | 中移(成都)信息通信科技有限公司 | Identity authentication method, device, equipment and medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1463117A (en) * | 2003-05-22 | 2003-12-24 | 中国科学院计算技术研究所 | Safety communication method between communication system of networking computer and user oriented network layer |
CN103338201A (en) * | 2013-07-02 | 2013-10-02 | 山东科技大学 | Remote identity authentication method participated in by registration center under multi-sever environment |
CN105119721A (en) * | 2015-08-06 | 2015-12-02 | 山东科技大学 | Three-factor remote identity authentication method based on intelligent card |
-
2018
- 2018-10-15 CN CN201811198551.8A patent/CN109088888B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1463117A (en) * | 2003-05-22 | 2003-12-24 | 中国科学院计算技术研究所 | Safety communication method between communication system of networking computer and user oriented network layer |
CN103338201A (en) * | 2013-07-02 | 2013-10-02 | 山东科技大学 | Remote identity authentication method participated in by registration center under multi-sever environment |
CN105119721A (en) * | 2015-08-06 | 2015-12-02 | 山东科技大学 | Three-factor remote identity authentication method based on intelligent card |
Non-Patent Citations (3)
Title |
---|
CHIEN MING CHEN 等: "《On the Security of a Mutual Authentication and Key Agreement Protocol Based on Chaotic Maps》", 《2015 THIRD INTERNATIONAL CONFERENCE ON ROBOT, VISION AND SIGNAL PROCESSING (RVSP)》 * |
娄进举: "《高速公路信息管理模式与应用研究》", 《中国优秀硕士学位论文全文数据库工程科技Ⅱ辑》 * |
王倩: "《基于口令的智能卡认证密钥协商协议的研究与设计》", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714167A (en) * | 2019-03-15 | 2019-05-03 | 北京邮电大学 | Authentication and cryptographic key negotiation method and equipment suitable for mobile application signature |
CN109714167B (en) * | 2019-03-15 | 2020-08-25 | 北京邮电大学 | Identity authentication and key agreement method and equipment suitable for mobile application signature |
CN113765856A (en) * | 2020-06-04 | 2021-12-07 | 中移(成都)信息通信科技有限公司 | Identity authentication method, device, equipment and medium |
CN113765856B (en) * | 2020-06-04 | 2023-09-08 | 中移(成都)信息通信科技有限公司 | Identity authentication method, device, equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
CN109088888B (en) | 2021-02-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220058655A1 (en) | Authentication system | |
CN103795534B (en) | Authentication method and apparatus for carrying out the method based on password | |
Gunasinghe et al. | PrivBioMTAuth: Privacy preserving biometrics-based and user centric protocol for user authentication from mobile phones | |
US8627424B1 (en) | Device bound OTP generation | |
EP2737656B1 (en) | Credential validation | |
CN109983466A (en) | A kind of account management system and management method, storage medium based on block chain | |
CN102983971B (en) | Certificateless signature algorithm for user identity authentication in network environment | |
CN110337797A (en) | Method for executing two-factor authentication | |
US9882890B2 (en) | Reissue of cryptographic credentials | |
CN106790303B (en) | The data integrity verification method completed in cloud storage by third party | |
CN106130716A (en) | Cipher key exchange system based on authentication information and method | |
CN101216915B (en) | A secured mobile payment method | |
CN103853950A (en) | Authentication method based on mobile terminal and mobile terminal | |
CN109844787A (en) | A kind of hardware wallet, transaction system and storage medium based on block chain | |
KR20120007509A (en) | Method for authenticating identity and generating share key | |
CN104660412A (en) | Password-less security authentication method and system for mobile equipment | |
CN110099048A (en) | A kind of cloud storage method and apparatus | |
US11810110B2 (en) | Method of processing a transaction sent from a proof entity | |
CN111222879A (en) | Certificateless authentication method and certificateless authentication system suitable for alliance chain | |
CN109039656A (en) | SM9 Combination with Digital endorsement method, device and computer equipment | |
CN109067544A (en) | A kind of private key verification method, the apparatus and system of soft or hard combination | |
CN103297237B (en) | Identity registration and authentication method, system, personal authentication apparatus and certificate server | |
CN109088888A (en) | A kind of safety communicating method and its system based on smart card | |
CN107248997A (en) | Authentication method based on smart card under environment of multi-server | |
CN111353780A (en) | Authorization verification method, device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210205 Termination date: 20211015 |