CN109088888B - Secure communication method and system based on smart card - Google Patents
Secure communication method and system based on smart card Download PDFInfo
- Publication number
- CN109088888B CN109088888B CN201811198551.8A CN201811198551A CN109088888B CN 109088888 B CN109088888 B CN 109088888B CN 201811198551 A CN201811198551 A CN 201811198551A CN 109088888 B CN109088888 B CN 109088888B
- Authority
- CN
- China
- Prior art keywords
- user
- server
- smart card
- information
- bio
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The invention provides a secure communication method based on a smart card, wherein the method comprises the following steps: an input step: receiving an inserted smart card and a user name and a password input by a user, wherein result data for calculating registration information of the user registered in a server is stored in the smart card; a verification step: verifying whether the user is the holder of the smart card according to the result data and the user name and the password input by the user; an output step: after the user is verified to be the holder of the smart card, the user name and the password input by the user are operated by using a preset algorithm, and an operation result is sent to the server as login information. The invention also provides a secure communication system based on the smart card. The technical scheme provided by the invention can effectively improve the data security.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a secure communication method and a secure communication system based on a smart card.
Background
Advances in the field of computer networks and communications have led to a number of internet-of-things-based application systems, such as internet banking systems, cloud storage systems, telemedicine systems, and so on. In these applications, the user can log into the system at any time and any place, and the related matters of the individual are processed. However, the information exchange between these application systems and users uses a public channel, and an attacker can obtain information transmitted by both parties through monitoring and other means, and if only plaintext is used for transmitting data, some private information of the users is completely exposed to the attacker.
Therefore, how to ensure the reliability and security of communication is always an urgent objective in the industry.
Disclosure of Invention
In view of the above, the present invention provides a secure communication method and system based on a smart card, and aims to solve the problem of how to improve the security of communication data in the prior art.
The invention provides a safe communication method based on a smart card, which is applied to client equipment and comprises the following steps:
an input step: receiving an inserted smart card and a user name and a password input by a user, wherein result data for calculating registration information of the user registered in a server is stored in the smart card;
a first verification step: verifying whether the user is the holder of the smart card according to the result data and the user name and the password input by the user;
an output step: after the user is verified to be the holder of the smart card, operating the user name and the password input by the user by using a preset algorithm, and sending an operation result as login information to the server communicated with the client device;
a second verification step: receiving return information from the server, and verifying the server according to the return information;
a calculation step: after the server is authenticated, a session key for communicating with the server is calculated.
Preferably, in the inputting step, the step of completing registration of the user at the server specifically includes:
the user selects the username IDiAnd the password PWiAnd inputting the BIO-information BIO of the useriBy generating the algorithm Gen (BIO)i)=(Ri,Pi) Extraction (R)i,Pi) And calculating RPWi=h(PWi||Ri) Then { ID }i,RPWiSending R as registration information to the serveri,PiAre respectively a user UiThe private parameters and reconstruction parameters of the biometric of (1), and | represents the join operation.
Preferably, in the inputting step, the step of calculating the registration information of the user registered in the server specifically includes:
computingCi=h(IDi||RPWi) And will { Bi,Ci,PpubH (-) P } sending the smart card to user U after storing the smart card as the result dataiWherein P ispubH (-) is a hash function for the public key of the server, P is a base point on an elliptic curve selected by the server in initialization related parameters, and P ispubX is the private key of the server,indicating an exclusive or operation.
Preferably, in the first verification step, the step of verifying whether the user is the holder of the smart card specifically includes:
the user UiInputting the user name IDiAnd the password PWiAnd inputs said user UiBIO-information of (BIO)iAccording to a reconstruction algorithmExtracting the user UiIs a private parameter R of the biometric characteristic ofi;
Calculating RPWi=h(PWi||Ri) And Ci′=h(IDi||RPWi) And verify ci′=ciWhether the result is true or not;
if so, verifying that the user is the holder of the smart card;
if not, the login is terminated.
Preferably, in the outputting step, the step of presetting the algorithm specifically includes:
Will operation result { AIDi,Ei,Fi,TiSending it as login information to the server in communication with the client device.
In another aspect, the present invention further provides a secure communication system based on a smart card, applied to a client device, the system including:
the system comprises an input module, a server and a server, wherein the input module is used for receiving an inserted smart card and a user name and a password input by a user, and the smart card stores result data for calculating registration information registered by the user in the server;
a first verification module for verifying whether the user is the holder of the smart card according to the result data and the user name and the password input by the user;
the output module is used for operating the user name and the password input by the user by using a preset algorithm after the user is verified to be the holder of the smart card, and sending an operation result as login information to the server communicated with the client equipment;
the second verification module is used for receiving return information from the server and verifying the server according to the return information;
and the calculation module is used for calculating the session key communicated with the server after the server passes the verification.
Preferably, in the input module, the step of completing registration of the user at the server specifically includes:
the user selects the username IDiAnd the password PWiAnd inputting the BIO-information BIO of the useriBy generating the algorithm Gen (BIO)i)=(Ri,Pi) Extraction (R)i,Pi) And calculating RPWi=h(PWi||Ri) Then { ID }i,RPWiSending R as registration information to the serveri,PiAre respectively a user UiThe private parameters and reconstruction parameters of the biometric of (1), and | represents the join operation.
Preferably, in the input module, the step of calculating the registration information of the user registered in the server specifically includes:
computingCi=h(IDi||RPWi) And will { Bi,Ci,PpubH (·), P) sending the smart card to user U after storing the smart card as the result dataiWherein P ispubH (-) is a hash function for the public key of the server, P is a base point on an elliptic curve selected by the server in initialization related parameters, and P ispubX is the private key of the server,indicating an exclusive or operation.
Preferably, the first verification module is specifically configured to:
the user UiInputting the user name IDiAnd the password PWiAnd inputs said user UiBIO-information of (BIO)iAccording to a reconstruction algorithmExtracting the user UiIs a private parameter R of the biometric characteristic ofi;
Calculating RPWi=h(PWi||Ri) And C'i=h(IDi||RPWi) And verify C'i=CiWhether the result is true or not;
if so, verifying that the user is the holder of the smart card;
if not, the login is terminated.
Preferably, the output module is specifically configured to:
Will operation result { AIDi,Ei,Fi,TiSending it as login information to the server in communication with the client device.
In another aspect, the present invention further provides a secure communication method based on a smart card, applied to a server, wherein the method includes:
and (3) checking: after receiving the above-mentioned login information, check Ti-T′iIf < Δ T is true, where TiIs a time stamp, T ', of when the user transmits information'iIs the timestamp of the user when receiving the information, Δ T is a preset time threshold;
a calculation step: calculate H'i=xEi=xαP,F′i=h(ID′i||A′i||Ei||H′i||Ti) And check for F'i=FiIf yes, the user U is selected for the ith useriThe authentication of (2) is passed;
a sending step: for the ith user UiAfter passing the authentication, a random number β is selected and M is calculatedi=βP,Gi=h(ID′i||A′i||Mi||H′i||Ts) Then will { Mi,Gi,TsReturning to the ith user U as the return informationiTo be selected by the ith user UiAuthenticating the server;
a key generation step: when the ith user UiAfter the authentication of the server is passed, a session key SK ═ h (α M) for communication with the client device is calculatedi||Ai||Ti||Ts)=h(βEi||A′i||Ti||Ts)。
In another aspect, the present invention further provides a smart card-based secure communication system, applied to a server, wherein the system includes:
a checking module for checking T after receiving the login informationi-T′iIf < Δ T is true, where TiIs a time stamp, T ', of when the user transmits information'iIs the timestamp of the user when receiving the information, Δ T is a preset time threshold;
a calculation module to calculate H'i=xEi=xαP,F′i=h(ID′i||A′i||EiIf yes, the authentication on the ith user Ui is passed;
a sending module for the ith user UiAfter passing the authentication, a random number β is selected and M is calculatedi=βP,Gi=h((ID′i||A′i||Mi||H′i||Ts) Then will { Mi,Gi,TsReturning to the ith user U as the return informationiTo be selected by the ith user UiAuthenticating the server;
a key generation module for generating the I-th user UiAfter the authentication of the server is passed, a session key SK ═ h (α M) for communication with the client device is calculatedi||Ai||Ti||Ts)=h((βEi||A′i||Ti||Ts)。
The technical scheme provided by the invention adopts the intelligent card to store the registration information of the user and carry out identity verification on the client equipment at the user side, thereby greatly improving the authentication efficiency, and because the design of carrying out identity verification at the server side is abandoned, the server side does not need to store a large amount of registration information of the user, the pressure of the server side is greatly reduced, the possibility that the server side is attacked is also reduced, and the data security is greatly improved.
Drawings
FIG. 1 is a flow chart of a secure communication method based on a smart card according to an embodiment of the present invention;
fig. 2 is a schematic diagram of the internal structure of the secure communication system 10 based on a smart card according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
A smart card-based secure communication method provided by the present invention will be described in detail below.
Fig. 1 is a flowchart illustrating a secure communication method based on a smart card according to an embodiment of the present invention.
In this embodiment, the secure communication method based on the smart card is applied to the client device on the user side, where the client device communicates with a remote server, Authentication Key Exchange (AKE) is an Authentication and Key agreement mechanism, so as to implement authenticity and confidentiality of security requirements, and before the AKE operates in a real session, Authentication and negotiation between the client device on the user side and the server are required to obtain a Key for the communication. The remote user authentication and key exchange scheme based on the smart card (such as a U disk) mainly comprises 5 stages, which are respectively as follows: the method comprises an initialization stage, a registration stage, a login stage, an authentication stage and a password modification stage.
In the initialization phase, the server initializes the relevant parameters, mainly selecting an elliptic curve and a base point on the elliptic curve, selecting a hash function h (-), selecting a private key x and calculating Ppubx.P, wherein PpubThe public key of the server is represented by P, which is a base point on an elliptic curve selected by the server in initialization related parameters, and x is a private key of the server.
In step S1, the input step is: and receiving an inserted smart card and a user name and a password input by a user, wherein result data of calculation of registration information of the user registered in a server is stored in the smart card.
In this embodiment, in the inputting step, the step of completing registration of the user at the server specifically includes:
the user selects the username IDiAnd the password PWiAnd inputting the BIO-information BIO of the useriBy generating the algorithm Gen (BIO)i)=(Ri,Pi) Extraction (R)i,Pi) And calculating RPWi=h(PWi||Ri) Then { ID }i,RPWiSending R as registration information to the serveri,PiAre respectively a user UiThe private parameters and reconstruction parameters of the biometric of (1), and | represents the join operation.
In this embodiment, in the inputting step, the calculating the registration information of the user registered in the server specifically includes:
computingCi=h(IDi||RPWi) And will { Bi,Ci,PpubH (-) P } sending the smart card to user U after storing the smart card as the result dataiWherein P ispubH (-) is a hash function for the public key of the server, P is a base point on an elliptic curve selected by the server in initialization related parameters, and P ispubX is the private key of the server,indicating an exclusive or operation. The server is sending { Bi,Ci,PpubH (-) P } after storing the result data in the smart card, the smart card is returned to the user Ui。
When the user UiAfter receiving the smart card returned by the server, the user U is also sentiIs measured by the biometric sensoriStored in it.
At this point, the registration phase is completed.
In step S2, the first verification step: verifying whether the user is the holder of the smart card according to the result data and the user name and the password input by the user.
In the present embodiment, the registered user UiA login request may be sent to the server.
In this embodiment, in the verifying step, the step of verifying whether the user is the holder of the smart card may specifically include:
the user UiInputting the user name IDiAnd the password PWiAnd inputs said user UiBIO-information of (BIO)iAccording to a reconstruction algorithm Rep (BIO)i,Pi)=RiExtracting the user UiIs a private parameter R of the biometric characteristic ofi;
Calculating RPWi=h(PWi||Ri) And C'i=h(IDi||RPWi) And verify C'i=CiWhether the result is true or not;
if so, verifying that the user is the holder of the smart card;
if not, the login is terminated.
In step S3, the output step: after the user is authenticated to be the holder of the smart card, the user name and the password input by the user are operated by using a preset algorithm, and the operation result is sent to the server communicating with the client device as login information.
In this embodiment, in the outputting step, the step of presetting the algorithm specifically includes:
Will operation result { AIDi,Ei,Fi,TiSending the information to the server as login information.
In the present embodiment, the above-described verification steps S1-S3 are all performed on the client device of the user Ui.
To this end, the login phase is completed.
In step S4, the second verification step: receiving return information from the server, and verifying the server according to the return information;
in step S5, the calculation step: after the server is authenticated, a session key for communicating with the server is calculated.
Receiving the user U at the serveriAfter the login request message, performing identity verification and key agreement, wherein the process belongs to an authentication phase, and the process of the authentication phase is completed on the server, and the authentication step also comprises the following steps:
and (3) checking: upon receiving user UiAfter the login information of (2), check Ti-T′iIf < Δ T is true, where TiIs a time stamp, T ', of when the user transmits information'iIs the timestamp of the user when receiving the information, Δ T is a preset time threshold; if the answer is positive, executing the subsequent steps, and if the answer is negative, terminating the session between the client equipment at the user side and the remote server;
a calculation step: calculate H'i=xEi=xαP,F′i=h(ID′i||A′i||Ei||H′i||Ti) And check for F'i=FiIf yes, the user U is selected for the ith useriIf the authentication is not successful, terminating the session between the client device at the user side and the remote server;
a sending step: for the ith user UiAfter passing the authentication, a random number β is selected and M is calculatedi=βP,Gi=h(ID′i||A′i||Mi||H′i||Ts) Then will { Mi,Gi,TsReturning to the ith user U as the return informationiTo be selected by the ith user UiAuthenticating the server; wherein, the ith user UiThe step of verifying whether the server is authenticated comprises: at the ith user UiChecking received information Mi,Gi,TsAfter that, T is examineds-T′sIf < Δ T is true, performing the subsequent steps, if not, terminating the session between the client device of the user side and the remote server, wherein TsTime stamp, T 'indicating when the server transmits information'sA time stamp indicating when the server receives the information, and a judgment Ts-T′sAfter < Δ T is established, user UiCalculating G'i=h(IDi||Ai||Mi||Hi||Ts) And test G'i=GiIf the answer is positive, executing the subsequent steps, and if the answer is negative, terminating the session between the client equipment at the user side and the remote server;
a key generation step: when the ith user UiAfter the authentication of the server is passed, a session key SK ═ h (α M) for communication with the client device is calculatedi||Ai||Ti||Ts)=h(βEi||A′i||Ti||Ts)。
In this embodiment, when the user U is presentiAnd when the risk of leakage of the own password is sensed, the password modification stage can be used for completing the password modification. This phase does not require any assistance from the server, the main steps are as follows:
(1) user UiEnter a username IDiAnd password PWiThen inputting the biological information BIO of itselfiTo user UiClient, user UiAccording to a reconstruction algorithmExtracting Ri。
(2) User UiCalculates RPWi=h(PWi||Ri) And C'i=h(IDi||RPWi) And verify C'i=CiWhether or not this is true. If so, the user U is declarediIs the holder of the smart card, and then the step (3) is executed; otherwise, the password modification is terminated.
(3) User UiEnter a username IDiAnd password PWiSmart card computing to generate HPWi=h(PWiB) andand compareAnd BiWhether or not equal. If equal, indicate user UiThe owner of the smart card, and the subsequent steps are continuously executed; otherwise, the modify password request is terminated.
Referring to fig. 2, a schematic structural diagram of a secure communication system 10 based on a smart card according to an embodiment of the present invention is shown.
In this embodiment, the smart card based secure communication system 10 mainly includes an input module 11, a first authentication module 12, an output module 13, a second authentication module 14, and a calculation module 15, and the smart card based secure communication system 10 is applied to a client device on a user side, which communicates with a remote server.
And the input module 11 is configured to receive an inserted smart card and a user name and a password input by a user, where result data obtained by calculating registration information of the user registered in the server is stored in the smart card.
In this embodiment, in the input module 11, the step of completing registration of the user at the server specifically includes:
the user selects the username IDiAnd the password PWiAnd inputting the BIO-information BIO of the useriBy generating the algorithm gen (biei) ═ (R)i,Pi) Extraction (R)i,Pi) And calculating RPWi=h(PWi||Ri) Then { ID }i,RPWiSending R as registration information to the serveri,PiAre respectively a user UiThe private parameters and reconstruction parameters of the biometric of (1), and | represents the join operation.
In this embodiment, in the input module 11, the step of calculating the registration information of the user registered in the server specifically includes:
computingCi=h(IDi||RPWi) And will { Bi,Ci,PpubH (-) P } sending the smart card to user U after storing the smart card as the result dataiWherein P ispubH (-) is a hash function for the public key of the server, P is a base point on an elliptic curve selected by the server in initialization related parameters, and P ispubX is the private key of the server,indicating an exclusive or operation.
A first verification module 12, configured to verify whether the user is the holder of the smart card according to the result data and the user name and the password input by the user.
In this embodiment, the verification module 12 is specifically configured to:
the user UiInputting the user name IDiAnd the password PWiAnd inputs said user UiBIO-information of (BIO)iAccording to a reconstruction algorithmExtracting the user UiIs a private parameter R of the biometric characteristic ofi;
Calculating RPWi=h(PWi||Ri) And C'i=h(IDi||RPWi) And verify C'i=CiWhether the result is true or not;
if so, verifying that the user is the holder of the smart card;
if not, the login is terminated.
And the output module 13 is configured to, after the user is authenticated as the holder of the smart card, perform an operation on the user name and the password input by the user by using a preset algorithm, and send an operation result as login information to the server in communication with the client device.
In this embodiment, the output module is specifically configured to:
Will operation result { AIDi,Ei,Fi,TiSending it as login information to the server in communication with the client device.
A second verification module 14, configured to receive a return message from the server, and verify the server according to the return message;
a calculating module 15, configured to calculate a session key for communicating with the server after the server is authenticated.
In addition, the present invention also provides a secure communication system based on a smart card, which is applied to a server, the server communicates with a client device at a remote user side, wherein the system comprises:
a checking module for checking T after receiving the login informationi-T′iIf < Δ T is true, where TiIs a time stamp, T ', of when the user transmits information'iIs the timestamp of the user when receiving the information, Δ T is a preset time threshold;
a calculation module to calculate H'i=xEi=xαP,F′i=h(ID′i||A′i||EiIf yes, the authentication on the ith user Ui is passed;
a sending module for the ith user UiAfter passing the authentication, a random number β is selected and M is calculatedi=βP,Gi=h(ID′i||A′i||Mi||H′i||Ts) Then will { Mi,Gi,TsReturning to the ith user U as the return informationiTo be selected by the ith user UiAuthenticating the server;
a key generation module for generating the I-th user UiAfter the authentication of the server is passed, a session key SK ═ h (α M) for communication with the client device is calculatedi||Ai||Ti||Ts)=h(βEi||A′i||Ti||Ts)。
The technical scheme provided by the invention adopts the intelligent card to store the registration information of the user and carry out identity verification on the client equipment at the user side, thereby greatly improving the authentication efficiency, and because the design of carrying out identity verification at the server side is abandoned, the server side does not need to store a large amount of registration information of the user, the pressure of the server side is greatly reduced, the possibility that the server side is attacked is also reduced, and the data security is greatly improved.
It should be noted that, in the above embodiments, the included units are only divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be realized; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
In addition, it can be understood by those skilled in the art that all or part of the steps in the method for implementing the embodiments described above can be implemented by instructing the relevant hardware through a program, and the corresponding program can be stored in a computer-readable storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, or the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (4)
1. A secure communication method based on a smart card is applied to a client device, and is characterized by comprising the following steps:
an input step: receiving an inserted smart card and a user name and a password input by a user, wherein result data for calculating registration information of the user registered in a server is stored in the smart card;
a first verification step: verifying whether the user is the holder of the smart card according to the result data and the user name and the password input by the user;
an output step: after the user is verified to be the holder of the smart card, operating the user name and the password input by the user by using a preset algorithm, and sending an operation result as login information to the server communicated with the client device;
a second verification step: receiving return information from the server, and verifying the server according to the return information;
a calculation step: calculating a session key for communicating with the server after the server is authenticated;
in the inputting step, the step of completing registration of the user at the server specifically includes:
the user selects the username IDiAnd the password PWiAnd inputting the BIO-information BIO of the useriBy generating the algorithm Gen (BIO)i)=(Ri,Pi) Extraction (R)i,Pi) And calculating RPWi=h(PWi||Ri) Then { ID }i,RPWiSending R as registration information to the serveri,PiAre respectively a user UiThe private parameters and reconstruction parameters of the biological characteristics of (1), wherein | represents the connection operation;
in the inputting step, the calculating the registration information of the user registered in the server specifically includes:
computingCi=h(IDi||RPWi) And will { Bi,Ci,PpubH (-) P } sending the smart card to user U after storing the smart card as the result dataiWherein P ispubH (-) is a hash function for the public key of the server, P is a base point on an elliptic curve selected by the server in initialization related parameters, and P ispubX is the private key of the server,represents an exclusive or operation;
wherein, in the first verification step, the step of verifying whether the user is the holder of the smart card specifically includes:
the user UiInputting the user name IDiAnd the password PWiAnd inputs said user UiBIO-information of (BIO)iAccording to the reconstruction algorithm Rep (BIO)i *,Pi)=RiExtracting the user UiIs a private parameter R of the biometric characteristic ofi;
Calculating RPWi=h(PWi||Ri) And C'i=h(IDi||RPWi) And verify C'i=CiWhether the result is true or not;
if so, verifying that the user Ui is the holder of the smart card;
if not, the login is terminated.
2. The smart card-based secure communication method of claim 1, wherein in the outputting step, the step of presetting the algorithm specifically includes:
a random number alpha is selected and calculatedAnd Fi=h(IDi||Ai||Ei||Hi||Ti) Wherein, TiIs the timestamp of when the user sent the information;
will operation result { AIDi,Ei,Fi,TiSending it as login information to the server in communication with the client device.
3. A secure communication system based on a smart card, applied to a client device, the system comprising:
the system comprises an input module, a server and a server, wherein the input module is used for receiving an inserted smart card and a user name and a password input by a user, and the smart card stores result data for calculating registration information registered by the user in the server;
a first verification module for verifying whether the user is the holder of the smart card according to the result data and the user name and the password input by the user;
the output module is used for operating the user name and the password input by the user by using a preset algorithm after the user is verified to be the holder of the smart card, and sending an operation result as login information to the server communicated with the client equipment;
the second verification module is used for receiving return information from the server and verifying the server according to the return information;
the computing module is used for computing a session key communicated with the server after the server passes the verification;
in the input module, the step of completing registration of the user at the server specifically includes:
the user selects the username IDiAnd the password PWiAnd inputting the BIO-information BIO of the useriBy generating the algorithm Gen (BIO)i)=(Ri,Pi) Extraction (R)i,Pi) And calculating RPWi=h(PWi||Ri) Then { ID }i,RPWiSending R as registration information to the serveri,PiAre respectively a user UiThe private parameters and reconstruction parameters of the biological characteristics of (1), wherein | represents the connection operation;
in the input module, the step of calculating the registration information of the user registered in the server specifically includes:
computingCi=h(IDi||RPWi) And will { Bi,Ci,PpubH (-) P } sending the smart card after storing the result data in the smart cardFor user UiWherein P ispubH (-) is a hash function for the public key of the server, P is a base point on an elliptic curve selected by the server in initialization related parameters, and P ispubX is the private key of the server,represents an exclusive or operation;
wherein the first verification module is specifically configured to:
the user UiInputting the user name IDiAnd the password PWiAnd inputs said user UiBIO-information of (BIO)iAccording to the reconstruction algorithm Rep (BIO)i *,Pi)=RiExtracting the user UiIs a private parameter R of the biometric characteristic ofi;
Calculating RPWi=h(PWi||Ri) And C'i=h(IDi||RPWi) And verify C'i=CiWhether the result is true or not;
if so, verifying that the user is the holder of the smart card;
if not, the login is terminated.
4. A smart card-based secure communication system according to claim 3, wherein the output module is specifically configured to:
a random number alpha is selected and calculatedAnd Fi=h(IDi||Ai||Ei||Hi||Ti) Wherein, TiIs the timestamp of when the user sent the information;
will operation result { AIDi,Ei,Fi,TiSending it as login information to the server in communication with the client device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811198551.8A CN109088888B (en) | 2018-10-15 | 2018-10-15 | Secure communication method and system based on smart card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811198551.8A CN109088888B (en) | 2018-10-15 | 2018-10-15 | Secure communication method and system based on smart card |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109088888A CN109088888A (en) | 2018-12-25 |
CN109088888B true CN109088888B (en) | 2021-02-05 |
Family
ID=64843490
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811198551.8A Expired - Fee Related CN109088888B (en) | 2018-10-15 | 2018-10-15 | Secure communication method and system based on smart card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109088888B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714167B (en) * | 2019-03-15 | 2020-08-25 | 北京邮电大学 | Identity authentication and key agreement method and equipment suitable for mobile application signature |
CN113765856B (en) * | 2020-06-04 | 2023-09-08 | 中移(成都)信息通信科技有限公司 | Identity authentication method, device, equipment and medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1463117A (en) * | 2003-05-22 | 2003-12-24 | 中国科学院计算技术研究所 | Safety communication method between communication system of networking computer and user oriented network layer |
CN103338201A (en) * | 2013-07-02 | 2013-10-02 | 山东科技大学 | Remote identity authentication method participated in by registration center under multi-sever environment |
CN105119721A (en) * | 2015-08-06 | 2015-12-02 | 山东科技大学 | Three-factor remote identity authentication method based on intelligent card |
-
2018
- 2018-10-15 CN CN201811198551.8A patent/CN109088888B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1463117A (en) * | 2003-05-22 | 2003-12-24 | 中国科学院计算技术研究所 | Safety communication method between communication system of networking computer and user oriented network layer |
CN103338201A (en) * | 2013-07-02 | 2013-10-02 | 山东科技大学 | Remote identity authentication method participated in by registration center under multi-sever environment |
CN105119721A (en) * | 2015-08-06 | 2015-12-02 | 山东科技大学 | Three-factor remote identity authentication method based on intelligent card |
Non-Patent Citations (3)
Title |
---|
《On the Security of a Mutual Authentication and Key Agreement Protocol Based on Chaotic Maps》;chien ming chen 等;《2015 Third International Conference on Robot, Vision and Signal Processing (RVSP)》;20151120;正文1-4 * |
《基于口令的智能卡认证密钥协商协议的研究与设计》;王倩;《中国优秀硕士学位论文全文数据库信息科技辑》;20140815;第2014卷(第08期);正文第4-6章 * |
《高速公路信息管理模式与应用研究》;娄进举;《中国优秀硕士学位论文全文数据库工程科技Ⅱ辑》;20070215;第2007卷(第02期);正文1-92页 * |
Also Published As
Publication number | Publication date |
---|---|
CN109088888A (en) | 2018-12-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11855983B1 (en) | Biometric electronic signature authenticated key exchange token | |
CN112218294B (en) | 5G-based access method and system for Internet of things equipment and storage medium | |
US8627424B1 (en) | Device bound OTP generation | |
TW202011242A (en) | Blockchain cross-chain authentication method and system, and server and readable storage medium | |
Li et al. | Applying biometrics to design three‐factor remote user authentication scheme with key agreement | |
Kim et al. | Cryptanalysis and improvement of a biometrics-based multi-server authentication with key agreement scheme | |
US20160125416A1 (en) | Authentication system | |
US9935953B1 (en) | Secure authenticating an user of a device during a session with a connected server | |
CN106130716A (en) | Cipher key exchange system based on authentication information and method | |
CN110661800A (en) | Multi-factor identity authentication method supporting guarantee level | |
CN110351727A (en) | A kind of certifiede-mail protocol method suitable for wireless sensor network | |
CN112422587B (en) | Identity verification method and device, computer equipment and storage medium | |
CN106059764B (en) | Based on the password and fingerprint tripartite's authentication method for terminating key derivation functions | |
CN113971274B (en) | Identity recognition method and device | |
CN109088888B (en) | Secure communication method and system based on smart card | |
CN110690969A (en) | Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties | |
CN113055394A (en) | Multi-service double-factor authentication method and system suitable for V2G network | |
US11405387B1 (en) | Biometric electronic signature authenticated key exchange token | |
Agrawal et al. | Game-set-MATCH: Using mobile devices for seamless external-facing biometric matching | |
CN111767531B (en) | Authentication system and method based on biological characteristics | |
Guo et al. | An improved three-factor session initiation protocol using Chebyshev chaotic map | |
CN116112242B (en) | Unified safety authentication method and system for power regulation and control system | |
CN110519219A (en) | A kind of password authentication key exchange method and system based on lattice | |
TWM592113U (en) | Anti-counterfeiting inspection equipment and anti-counterfeiting inspection machine thereof | |
CN115955320A (en) | Video conference identity authentication method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210205 Termination date: 20211015 |