CN110858803A - Authentication method, system, server, and computer-readable storage medium - Google Patents
Authentication method, system, server, and computer-readable storage medium Download PDFInfo
- Publication number
- CN110858803A CN110858803A CN201810965556.2A CN201810965556A CN110858803A CN 110858803 A CN110858803 A CN 110858803A CN 201810965556 A CN201810965556 A CN 201810965556A CN 110858803 A CN110858803 A CN 110858803A
- Authority
- CN
- China
- Prior art keywords
- terminal
- code
- challenge
- codes
- mapping table
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
Abstract
The disclosure relates to an authentication method, system, server and computer readable storage medium, relating to the technical field of information security. The method comprises the following steps: acquiring an original mapping table; generating a variation mapping table; selecting a challenge code as a terminal challenge code in a variation mapping table according to a received serial number of the terminal; searching a terminal variation response code and a first verification code corresponding to the terminal challenge code from a variation mapping table; sending a terminal challenge code to the terminal so that the terminal generates a terminal original response code corresponding to the terminal challenge code; generating a second verification code according to the terminal variation response code, the terminal challenge code and the terminal original response code returned by the terminal, wherein the second verification code and the first verification code are generated in the same way; and authenticating the terminal according to the first verification code and the second verification code. The technical scheme of the disclosure can improve the authentication reliability.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to an authentication method, an authentication system, a server, and a computer-readable storage medium.
Background
The physical unclonable function has natural physical unclonability and a high degree of randomness. Therefore, an authentication scheme based on a physical unclonable function is a lightweight reliable authentication scheme, and has attracted great attention in the field of internet of things in recent years.
In the related art, a terminal generates a challenge-response mapping table according to a physical unclonable function, and a server authenticates the terminal according to the challenge-response mapping table.
Disclosure of Invention
The inventors of the present disclosure found that the following problems exist in the above-described related art: the challenge-response mapping table is susceptible to illegal theft, tampering, and modeling, resulting in low authentication reliability.
In view of this, the present disclosure provides an authentication technical solution, which can improve the reliability of authentication.
According to some embodiments of the present disclosure, there is provided an authentication method including: acquiring an original mapping table, wherein the original mapping table comprises a plurality of challenge codes and a plurality of original response codes generated by a terminal according to the plurality of challenge codes; generating a variation mapping table, wherein the variation mapping table comprises a plurality of challenge codes, a plurality of variation response codes and a plurality of verification codes, the variation response codes are generated according to the challenge codes in a mode different from that of the original response codes, and the verification codes are generated according to the challenge codes, the original response codes and the variation response codes; selecting a challenge code as a terminal challenge code in the variation mapping table according to the received serial number of the terminal; searching a terminal variation response code and a first verification code corresponding to the terminal challenge code from the variation mapping table; sending the terminal challenge code to the terminal so that the terminal generates a terminal original response code corresponding to the terminal challenge code; generating a second verification code according to the terminal variation response code, the terminal challenge code and the terminal original response code returned by the terminal, wherein the second verification code and the first verification code are generated in the same way; and authenticating the terminal according to the first verification code and the second verification code.
In some embodiments, the verification code is further generated according to the challenge code adjacent to the challenge code corresponding to the verification code in the mutation mapping table; the second verification code is also generated according to the adjacent challenge codes of the terminal challenge codes in the variation mapping table.
In some embodiments, the verification code D is according to the formula:
generating Hash operation, | | is cascade operation,
Is an XOR operation, C1As challenge code, C1nIs a neighboring challenge code, R, of said challenge code1OFor the original response code, R1CThe SK is a first key of the server side.
In some embodiments, the original mapping table uploaded by the terminal is obtained from an offline database, and the original mapping table is generated by the terminal through a physical unclonable chip.
In some embodiments, the mutation mapping table further includes a check parameter and a check code, where the check parameter includes C1、C1nSK and D, the check code is C1、R1CAnd calculating a message authentication code after the message authentication code is cascaded with the check parameter.
In some embodiments, a random number is sent to the terminal, so that the terminal returns a concatenation result of the hash value of the terminal original response code and the random number.
In some embodiments, in case the terminal is authenticated, the server-side second key and the serial number are xored to generate the identity of the terminal.
According to further embodiments of the present disclosure, there is provided a server including: the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring an original mapping table, and the original mapping table comprises a plurality of challenge codes and a plurality of original response codes generated by a terminal according to the plurality of challenge codes; a generating unit, configured to generate a variation mapping table, where the variation mapping table includes the multiple challenge codes, multiple variation response codes, and multiple verification codes, where the variation response codes are generated according to the challenge codes in a manner different from that of the original response codes, and the verification codes are generated according to the challenge codes, the original response codes, and the variation response codes, and further configured to generate a second verification code according to a terminal variation response code, a terminal challenge code, and a terminal original response code returned by the terminal, where the second verification code is generated in a manner the same as the first verification code; a selecting unit, configured to select a challenge code in the variation mapping table as the terminal challenge code according to the received serial number of the terminal; a searching unit, configured to search the variation mapping table for the terminal variation response code and the first verification code corresponding to the terminal challenge code; a sending unit, configured to send the terminal challenge code to the terminal, so that the terminal generates the terminal original response code corresponding to the terminal challenge code; and the authentication unit is used for authenticating the terminal according to the first verification code and the second verification code.
In some embodiments, the obtaining unit obtains the original mapping table uploaded by the terminal from an offline database, where the original mapping table is generated by the terminal through a physical unclonable chip.
In some embodiments, the sending unit sends the random number to the terminal, so that the terminal returns a concatenation result of the hash value of the terminal original response code and the random number.
In some embodiments, the generating unit performs an exclusive or operation on the server-side second key and the serial number to generate the identifier of the terminal if the terminal is authenticated.
According to still further embodiments of the present disclosure, there is provided an authentication system including: the server of any of the above embodiments; and the terminal is used for generating an original mapping table, sending the serial number to the server and returning a corresponding second original response code according to the first challenge code sent by the server.
In some embodiments, the system further comprises: and the off-line database is used for storing the original mapping table uploaded by the terminal.
According to still further embodiments of the present disclosure, there is provided a server including: a memory; and a processor coupled to the memory, the processor configured to perform the authentication method of any of the above embodiments based on instructions stored in the memory device.
According to still further embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the authentication method in any of the above embodiments.
In the embodiment, a first verification code corresponding to a challenge code searched by a server is generated according to an original mapping table generated by a terminal and a variation mapping table generated by the server; generating a second verification code corresponding to the challenge code returned by the terminal in the same way; and authenticating the terminal according to the first verification code and the second verification code. Thus, the terminal can be authenticated by combining double authentication bases of the server side and the terminal side, and the reliability of authentication is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 illustrates a flow diagram of some embodiments of an authentication method of the present disclosure;
fig. 2 illustrates a signaling diagram of some embodiments of the authentication method of the present disclosure;
FIG. 3 illustrates a block diagram of some embodiments of a server of the present disclosure;
fig. 4 illustrates a block diagram of some embodiments of an authentication system of the present disclosure;
FIG. 5 shows a block diagram of further embodiments of a server of the present disclosure;
fig. 6 illustrates a block diagram of still further embodiments of the server of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Fig. 1 illustrates a flow diagram of some embodiments of an authentication method of the present disclosure.
As shown in fig. 1, the method includes: step 110, obtaining an original mapping table; step 120, generating a variation mapping table; step 130, selecting a terminal challenge code; step 140, searching for a terminal variation response code and a first verification code; step 150, sending a terminal challenge code; step 160, generating a second verification code; step 170, authenticating the terminal.
In step 110, an original mapping table is obtained, where the original mapping table includes a plurality of challenge codes and a plurality of original response codes generated by the terminal according to the plurality of challenge codes.
In some embodiments, a certain number of challenge-response relationship pairs may be generated by a physically unclonable chip of a terminal before the physically unclonable chip is shipped. And generating an original mapping table according to the challenge-response relation pair, wherein the original mapping table comprises each challenge code and each corresponding original response code. The original mapping table can be stored in an offline database, and the server can acquire the original mapping table from the offline database so as to prevent the original mapping table serving as an authentication basis from being stolen and tampered, thereby improving the reliability of authentication.
In step 120, a variation mapping table is generated, where the variation mapping table includes a plurality of challenge codes, a plurality of variation response codes and a plurality of verification codes, the variation response codes are generated according to the challenge codes in a manner different from that of the original response codes, and the verification codes are generated according to the challenge codes, the original response codes and the variation response codes.
In some embodiments, the server extracts each challenge code in the original mapping table, and generates each variant response code corresponding to each challenge code by using a method different from that of the physically unclonable chip. Each challenge code and each variation response code are stored in a variation mapping table.
In some embodiments, the verification code of the challenge code may also be generated from the challenge code, the original response code, the mutated response code, and the neighboring challenge code of the challenge code. For example, the verification code D is according to the formula:
and (4) generating.
In some embodiments, the mutation mapping table further includes a check parameter and a check code. The check parameters include C1、C1nSK and D. C is to be1、R1CAnd concatenating with the check parameter, and then calculating by using a MAC (Message Authentication Code) to obtain a check Code. Therefore, the integrity of the information stored in the mutation mapping table can be checked according to the MAC, and the reliability of authentication is improved.
In step 130, a challenge code is selected from the variation mapping table as the terminal challenge code according to the received serial number of the terminal. For example, a one-to-one mapping relationship between the serial number and the challenge code may be established in advance, or one challenge code may be randomly selected after the serial number is received.
In step 140, the variation mapping table is searched for a variation response code and a first verification code corresponding to the terminal challenge code.
In step 150, the terminal challenge code is sent to the terminal, so that the terminal generates a terminal original response code corresponding to the terminal challenge code. For example, the terminal generates a terminal raw response code through a equipped physical unclonable chip.
In some embodiments, the random number is sent to the terminal, so that the terminal returns a concatenation result of the hash value of the terminal original response code and the random number. The random number can prevent network attack in the transmission process and can also prevent the hash value of the second original response code from being repeated, thereby improving the reliability of authentication.
In step 160, a second verification code is generated according to the terminal mutation response code, the terminal challenge code, and the terminal original response code returned by the terminal, and the second verification code is generated in the same manner as the first verification code. For example, the terminal challenge code may be generated according to the terminal variation response code, the terminal challenge code, the terminal original response code, and the adjacent challenge code of the terminal challenge code in the variation mapping table.
In step 170, the terminal is authenticated according to the first verification code and the second verification code. For example, the first verification code and the second verification code are identical, and the authentication of the terminal is passed.
In some embodiments, in case the terminal is authenticated, the server-side second key (e.g. the base key) and the serial number are xored to generate the identity of the terminal.
Some embodiments of the present disclosure are illustrated below by the signaling diagram in fig. 2.
Fig. 2 illustrates a signaling diagram of some embodiments of the authentication method of the present disclosure.
As shown in fig. 2, at event 210, the terminal 22 generates a plurality of challenge-correspondence pairs via the physically unclonable chip, and records the plurality of challenge-correspondence pairs in the form of an original mapping table. The terminal sends the generated original mapping table to the offline database 23 for storage.
At event 220, the server 21 retrieves the raw mapping table from the offline database 23 and generates a mutated mapping table that is stored locally on the server side. Therefore, the original mapping table and the variation mapping table can be isolated in an off-line different domain mode, and the authentication basis can be prevented from being tampered, so that the risk that the server side is attacked is reduced, and the reliability of authentication is improved.
Furthermore, the server 21 may store the check parameters and the check code, so that any behavior of the variation mapping table in the server-side database may be detected by the trusted party through the MAC during the protocol execution, thereby improving the reliability of the authentication.
In event 230, the terminal 22 initiates an access request to the server 21 to apply for the use of the corresponding service. The access request includes information such as a serial number of the terminal 22. The terminal 22 may be an internet of things terminal.
At event 240, the server 21 obtains the terminal challenge code according to the received serial number, and generates the first verification code according to the terminal challenge code, the original mapping table, the variation mapping table, and the SK.
At event 250, the server 21 sends the terminal challenge code and the random number to the terminal 22.
At event 260, the terminal 22 computes a terminal raw response code corresponding to the terminal challenge code via the physically unclonable chip. The terminal 22 calculates a hash value of the terminal's original response code and concatenates it with the random number.
In event 270, the terminal 22 returns the concatenation result to the server 21.
At event 280, the server 21 parses the terminal primitive response code from the concatenation result, and generates a second verification code according to the terminal challenge code, the primitive mapping table, the mutation mapping table, and the SK. The server 21 authenticates the terminal 22 according to the first verification code and the second verification code.
In event 290, if the terminal 22 is authenticated, the server-side second key and the serial number are xored to generate the identity of the terminal. Therefore, the serial number of the terminal is contained in the identification, the problem that the identification of the terminal of the Internet of things is maliciously separated from the actual identity of the terminal of the Internet of things in the classic identification encryption technology can be solved, and the network security is improved.
In the above embodiment, a first verification code corresponding to a challenge code searched by a server is generated according to an original mapping table generated by a terminal and a variation mapping table generated by the server; generating a second verification code corresponding to the challenge code returned by the terminal in the same way; and authenticating the terminal according to the first verification code and the second verification code. Thus, the terminal can be authenticated by combining double authentication bases of the server side and the terminal side, and the reliability of authentication is improved.
Fig. 3 illustrates a block diagram of some embodiments of a server of the present disclosure.
As shown in fig. 3, the server 3 includes an acquisition unit 31, a generation unit 32, a selection unit 33, a search unit 34, a transmission unit 35, and an authentication unit 36.
The acquisition unit 31 acquires an original mapping table. The original mapping table contains a plurality of challenge codes and a plurality of original response codes generated by the terminal according to the plurality of challenge codes. For example, the obtaining unit 31 obtains the original mapping table uploaded by the terminal from an offline database.
The generation unit 32 generates a variation mapping table. The variation mapping table comprises a plurality of challenge codes, a plurality of variation response codes and a plurality of verification codes, wherein the variation response codes are generated by adopting a mode different from that of the original response codes according to the challenge codes, and the verification codes are generated according to the challenge codes, the original response codes and the variation response codes. The generating unit 32 is further configured to generate a second verification code according to the terminal mutation response code, the terminal challenge code, and the terminal original response code returned by the terminal, where the second verification code is generated in the same manner as the first verification code.
In some embodiments, in case the terminal is authenticated, the generating unit 32 performs an exclusive or operation on the server-side second key and the serial number to generate the identity of the terminal.
The selecting unit 33 selects a challenge code from the variation mapping table as the terminal challenge code according to the received serial number of the terminal.
The searching unit 34 searches the variation mapping table for the terminal variation response code and the first verification code corresponding to the terminal challenge code.
The transmitting unit 35 transmits the terminal challenge code to the terminal so that the terminal generates a terminal original response code corresponding to the terminal challenge code. For example, the transmission unit 35 transmits the random number to the terminal so that the terminal returns a concatenation result of the hash value of the terminal original response code and the random number.
The authentication unit 36 authenticates the terminal based on the first verification code and the second verification code.
Fig. 4 illustrates a block diagram of some embodiments of the authentication system of the present disclosure.
As shown in fig. 4, the authentication system 4 includes: the server 41 and the terminal 42 in any of the above embodiments.
The terminal 42 generates an original mapping table, sends the serial number to the server 41, and returns a corresponding second original response code according to the first challenge code sent by the server 41.
In some embodiments, the authentication system 4 further comprises an offline database 43 for storing the original mapping table uploaded by the terminal 42.
Fig. 5 shows a block diagram of further embodiments of a server of the present disclosure.
As shown in fig. 5, the server 5 of this embodiment includes: a memory 51 and a processor 52 coupled to the memory 51, the processor 52 being configured to perform one or more steps of the authentication method in any one of the embodiments of the present disclosure based on instructions stored in the memory 51.
The memory 51 may include, for example, a system memory, a fixed nonvolatile storage medium, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), a database, and other programs.
Fig. 6 illustrates a block diagram of still further embodiments of the server of the present disclosure.
As shown in fig. 6, the server 6 of this embodiment includes: a memory 610 and a processor 620 coupled to the memory 610, the processor 620 being configured to perform the authentication method in any of the embodiments described above based on instructions stored in the memory 610.
The memory 610 may include, for example, system memory, fixed non-volatile storage media, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), and other programs.
The server 6 may also include an input-output interface 630, a network interface 640, a storage interface 650, and the like. These interfaces 630, 640, 650 and the memory 610 and the processor 620 may be connected by a bus 860, for example. The input/output interface 630 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 640 provides a connection interface for various networking devices. The storage interface 650 provides a connection interface for external storage devices such as an SD card and a usb disk.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
So far, an authentication method, an authentication system, a server, and a computer-readable storage medium according to the present disclosure have been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The method and system of the present disclosure may be implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (18)
1. An authentication method, comprising:
acquiring an original mapping table, wherein the original mapping table comprises a plurality of challenge codes and a plurality of original response codes generated by a terminal according to the plurality of challenge codes;
generating a variation mapping table, wherein the variation mapping table comprises a plurality of challenge codes, a plurality of variation response codes and a plurality of verification codes, the variation response codes are generated according to the challenge codes in a mode different from that of the original response codes, and the verification codes are generated according to the challenge codes, the original response codes and the variation response codes;
selecting a challenge code as a terminal challenge code in the variation mapping table according to the received serial number of the terminal;
searching a terminal variation response code and a first verification code corresponding to the terminal challenge code from the variation mapping table;
sending the terminal challenge code to the terminal so that the terminal generates a terminal original response code corresponding to the terminal challenge code;
generating a second verification code according to the terminal variation response code, the terminal challenge code and the terminal original response code returned by the terminal, wherein the second verification code and the first verification code are generated in the same way;
and authenticating the terminal according to the first verification code and the second verification code.
2. The authentication method of claim 1,
the verification code is also generated according to the adjacent challenge codes of the challenge codes corresponding to the verification code in the variation mapping table;
the second verification code is also generated according to the adjacent challenge codes of the terminal challenge codes in the variation mapping table.
3. The authentication method of claim 2,
the verification code D is according to the formula:
generating Hash operation, | | is cascade operation,
Is an XOR operation, C1As challenge code, C1nIs a neighboring challenge code, R, of said challenge code1OFor the original response code, R1CThe SK is a first key of the server side.
4. The authentication method of any one of claims 1-3, wherein the obtaining the original mapping table comprises:
and acquiring the original mapping table uploaded by the terminal from an offline database, wherein the original mapping table is generated by the terminal through a physical unclonable chip.
5. The authentication method of claim 3,
the variation mapping table further comprises a check parameter and a check code, and the check parameter comprises C1、C1nSK and D, the check code is C1、R1CAnd calculating a message authentication code after the message authentication code is cascaded with the check parameter.
6. The authentication method according to any one of claims 1-3, further comprising:
and sending a random number to the terminal so that the terminal can return a cascading result of the hash value of the terminal original response code and the random number.
7. The authentication method according to any one of claims 1-3, further comprising:
and carrying out exclusive OR operation on a second secret key at the server side and the serial number to generate the identifier of the terminal under the condition that the terminal passes the authentication.
8. A server, comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring an original mapping table, and the original mapping table comprises a plurality of challenge codes and a plurality of original response codes generated by a terminal according to the plurality of challenge codes;
a generating unit, configured to generate a variation mapping table, where the variation mapping table includes the multiple challenge codes, multiple variation response codes, and multiple verification codes, where the variation response codes are generated according to the challenge codes in a manner different from that of the original response codes, and the verification codes are generated according to the challenge codes, the original response codes, and the variation response codes, and further configured to generate a second verification code according to a terminal variation response code, a terminal challenge code, and a terminal original response code returned by the terminal, where the second verification code is generated in a manner the same as the first verification code;
a selecting unit, configured to select a challenge code in the variation mapping table as the terminal challenge code according to the received serial number of the terminal;
a searching unit, configured to search the variation mapping table for the terminal variation response code and the first verification code corresponding to the terminal challenge code;
a sending unit, configured to send the terminal challenge code to the terminal, so that the terminal generates the terminal original response code corresponding to the terminal challenge code;
and the authentication unit is used for authenticating the terminal according to the first verification code and the second verification code.
9. The server according to claim 8, wherein,
the verification code is also generated according to the adjacent challenge codes of the challenge codes corresponding to the verification code in the variation mapping table;
the second verification code is also generated according to the adjacent challenge codes of the terminal challenge codes in the variation mapping table.
10. The server according to claim 9, wherein,
the verification code D is according to the formula:
generating Hash operation, | | is cascade operation,
Is an XOR operation, C1As challenge code, C1nIs a neighboring challenge code, R, of said challenge code1OFor the original response code, R1CThe SK is a first key of the server side.
11. The server according to any one of claims 8-10, further comprising:
the obtaining unit obtains the original mapping table uploaded by the terminal from an offline database, wherein the original mapping table is generated by the terminal through a physical unclonable chip.
12. The server according to claim 10, wherein,
the variation mapping table further comprises a check parameter and a check code, and the check parameter comprises C1、C1nSK and D, the check code is C1、R1CAnd the placeAnd calculating the message authentication code after the check parameters are cascaded.
13. The server according to any one of claims 8-10,
and the sending unit sends the random number to the terminal so that the terminal can return the hash value of the original response code of the terminal and the cascade result of the random number.
14. The server according to any one of claims 8-10,
the generation unit performs exclusive or operation on a second key on the server side and the serial number to generate the identifier of the terminal when the terminal passes the authentication.
15. An authentication system comprising:
the server of claims 8-14; and
and the terminal is used for generating an original mapping table, sending a serial number to the server, generating and returning a corresponding terminal original response code according to the terminal challenge code sent by the server.
16. The authentication system of claim 15, further comprising:
and the off-line database is used for storing the original mapping table uploaded by the terminal.
17. A server, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the authentication method of any of claims 1-7 based on instructions stored in the memory device.
18. A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, implements the authentication method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810965556.2A CN110858803B (en) | 2018-08-23 | 2018-08-23 | Authentication method, system, server, and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810965556.2A CN110858803B (en) | 2018-08-23 | 2018-08-23 | Authentication method, system, server, and computer-readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110858803A true CN110858803A (en) | 2020-03-03 |
| CN110858803B CN110858803B (en) | 2022-10-04 |
Family
ID=69636026
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810965556.2A Active CN110858803B (en) | 2018-08-23 | 2018-08-23 | Authentication method, system, server, and computer-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110858803B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995432A (en) * | 2020-03-05 | 2020-04-10 | 杭州字节物联安全技术有限公司 | Internet of things sensing node authentication method based on edge gateway |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104836669A (en) * | 2015-05-08 | 2015-08-12 | 东南大学 | Security authentication method based on SRAM PUF (Static Random Access Memory Physical Uncloable Function), terminal and authentication system |
| CN105354604A (en) * | 2015-10-30 | 2016-02-24 | 中山大学 | Effective novel anti-counterfeiting method based on physical unclonable function |
| US20160065379A1 (en) * | 2014-08-28 | 2016-03-03 | The Regents Of The University Of Michigan | Physical unclonable function using augmented memory for challenge-response hashing |
| CN105959101A (en) * | 2016-06-29 | 2016-09-21 | 广东工业大学 | Method for realizing RFID (Radio Frequency Identification) two-way authentication by use of physical no-cloning technology |
| CN106503721A (en) * | 2016-10-27 | 2017-03-15 | 河海大学常州校区 | Hash algorithm and authentication method based on cmos image sensor PUF |
| CN107395369A (en) * | 2017-08-19 | 2017-11-24 | 大家传承网络科技(深圳)有限公司 | Towards mobile Internet from the authentication method of carrying device, access method and system |
| CN108173662A (en) * | 2018-02-12 | 2018-06-15 | 海信集团有限公司 | The authentication method and device of a kind of equipment |
-
2018
- 2018-08-23 CN CN201810965556.2A patent/CN110858803B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160065379A1 (en) * | 2014-08-28 | 2016-03-03 | The Regents Of The University Of Michigan | Physical unclonable function using augmented memory for challenge-response hashing |
| CN104836669A (en) * | 2015-05-08 | 2015-08-12 | 东南大学 | Security authentication method based on SRAM PUF (Static Random Access Memory Physical Uncloable Function), terminal and authentication system |
| CN105354604A (en) * | 2015-10-30 | 2016-02-24 | 中山大学 | Effective novel anti-counterfeiting method based on physical unclonable function |
| CN105959101A (en) * | 2016-06-29 | 2016-09-21 | 广东工业大学 | Method for realizing RFID (Radio Frequency Identification) two-way authentication by use of physical no-cloning technology |
| CN106503721A (en) * | 2016-10-27 | 2017-03-15 | 河海大学常州校区 | Hash algorithm and authentication method based on cmos image sensor PUF |
| CN107395369A (en) * | 2017-08-19 | 2017-11-24 | 大家传承网络科技(深圳)有限公司 | Towards mobile Internet from the authentication method of carrying device, access method and system |
| CN108173662A (en) * | 2018-02-12 | 2018-06-15 | 海信集团有限公司 | The authentication method and device of a kind of equipment |
Non-Patent Citations (2)
| Title |
|---|
| YUAN CAO;LE ZHANG;CHIP-HONG CHANG: ""Using image sensor PUF as root of trust for birthmarking of perceptual image hash"", 《2016 IEEE ASIAN HARDWARE-ORIENTED SECURITY AND TRUST (ASIANHOST)》 * |
| 柳毅等: "一种新的轻量级RFID双向认证协议", 《计算机科学》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995432A (en) * | 2020-03-05 | 2020-04-10 | 杭州字节物联安全技术有限公司 | Internet of things sensing node authentication method based on edge gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110858803B (en) | 2022-10-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10979231B2 (en) | Cross-chain authentication method, system, server, and computer-readable storage medium | |
| CN110324143B (en) | Data transmission method, electronic device and storage medium | |
| CN108768660B (en) | Internet of things equipment identity authentication method based on physical unclonable function | |
| US9977918B2 (en) | Method and system for verifiable searchable symmetric encryption | |
| CN106656907B (en) | Method, device, terminal equipment and system for authentication | |
| KR102493744B1 (en) | Security Verification Method Based on Biometric Characteristics, Client Terminal, and Server | |
| KR102193644B1 (en) | Facility verification method and device | |
| CN101465735B (en) | Network user identification verification method, server and client terminal | |
| US11539690B2 (en) | Authentication system, authentication method, and application providing method | |
| CN106790156B (en) | Intelligent device binding method and device | |
| KR102137122B1 (en) | Security check method, device, terminal and server | |
| CN106603246A (en) | SM2 digital signature segmentation generation method and system | |
| WO2015186829A1 (en) | Transmission node, reception node, communication network system, message creation method, and computer program | |
| CN109327444B (en) | Account information registration and authentication method and device | |
| CN111327561B (en) | Authentication method, system, authentication server, and computer-readable storage medium | |
| CN110188545B (en) | Data encryption method and device based on chained database | |
| US7739500B2 (en) | Method and system for consistent recognition of ongoing digital relationships | |
| CN109726578A (en) | A kind of anti-fake solution of novel dynamic two-dimension code | |
| CN110858803B (en) | Authentication method, system, server, and computer-readable storage medium | |
| CN111740995A (en) | Authorization authentication method and related device | |
| CN105357185B (en) | Shared account login verification method, device and system | |
| CN110740112B (en) | Authentication method, apparatus and computer readable storage medium | |
| CN108833449B (en) | Web communication encryption transmission method, device and system based on RAS algorithm | |
| CN109936522B (en) | Equipment authentication method and equipment authentication system | |
| CN115168909B (en) | Ciphertext data range query method and system based on comparison index |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |