CN110868285A - Authentication method, server, system, and computer-readable storage medium - Google Patents
Authentication method, server, system, and computer-readable storage medium Download PDFInfo
- Publication number
- CN110868285A CN110868285A CN201810983847.4A CN201810983847A CN110868285A CN 110868285 A CN110868285 A CN 110868285A CN 201810983847 A CN201810983847 A CN 201810983847A CN 110868285 A CN110868285 A CN 110868285A
- Authority
- CN
- China
- Prior art keywords
- server
- user
- parameter
- bilinear
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000013507 mapping Methods 0.000 claims description 54
- 238000012795 verification Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 14
- 230000005540 biological transmission Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 239000004576 sand Substances 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 101100465000 Mus musculus Prag1 gene Proteins 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Abstract
The disclosure relates to an authentication method, a server, a system and a computer readable storage medium, relating to the technical field of network security. The method comprises the following steps: receiving a user ID and a user parameter sent by a user terminal; generating a server session key through a first hash operation according to a server private key, a user public key, a generating element and a user parameter; generating server parameters according to the generating elements; sending the server parameters and the server ID to the user terminal so that the user terminal can generate a user session key, wherein the user session key is the same as the server session key; receiving encrypted information returned by the user terminal, wherein the encrypted information is a user ID and a server ID which are encrypted by using a user session key; decrypting the encrypted information by using the server session key to acquire a user ID to be authenticated and a server ID to be authenticated; and authenticating the user terminal according to the user ID, the user ID to be verified, the server ID and the server ID to be verified. The technical scheme of the disclosure can improve the safety and reduce the system overhead.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to an authentication method, an authentication server, an authentication system, and a computer-readable storage medium.
Background
At present, most of charged internet of things cloud platforms are constructed based on an MQTT (Message Queuing telemeasuring transport) protocol. The MQTT protocol can realize the mutual communication of the Internet of things devices and the communication between the devices and a back-end application system.
In the related art, the MQTT protocol authenticates a user based on a user name and password in a protocol header of a plaintext transmission. The MQTT protocol uses a TLS (Transport Layer Security) protocol in a Transport Layer to improve Security.
Disclosure of Invention
The inventors of the present disclosure found that the following problems exist in the above-described related art: the security is low due to plaintext transmission, and the system overhead is large due to high delay and large calculation amount caused by certificate searching, transferring and verifying in the TLS handshake process
In view of this, the present disclosure provides an authentication technical solution, which can improve security and reduce system overhead.
According to some embodiments of the present disclosure, there is provided an authentication method including: receiving a user ID and a user parameter sent by a user terminal, wherein the user parameter is generated according to a generating element, and the generating element is a generating element of a first subgroup; generating a server session key through a first hash operation according to a server private key, a user public key, the generating element and the user parameter; generating server parameters according to the generating elements; sending the server parameter and the server ID to the user terminal so that the user terminal can generate a user session key through a first hash operation according to a user private key, a server public key, the generating element and the server parameter, wherein the user session key is the same as the server session key; receiving encrypted information returned by the user terminal, wherein the encrypted information is the user ID and the server ID encrypted by using the user session key; decrypting the encrypted information by using the server session key to acquire a user ID to be authenticated and a server ID to be authenticated; and authenticating the user terminal according to the user ID, the user ID to be verified, the server ID and the server ID to be verified.
In some embodiments, the first subgroup, the generator, the first hash operation, and the length of the server session key are generated by a key generation center and transmitted to an authentication server and the user terminal.
In some embodiments, the first subgroup is a subgroup of super-singular elliptic curves having bilinear pairing properties.
In some embodiments, a server authentication parameter is generated from the user parameter; carrying out bilinear mapping according to the server private key and the user parameters, taking a mapping result as a first bilinear parameter, wherein the bilinear mapping is the mapping from a first subgroup and the product of the first subgroup to a second subgroup, the second subgroup is a multiplicative group with the same order as the first subgroup, and the orders of the bilinear mapping, the second subgroup and the second subgroup are generated by a key generation center and are sent to an authentication server and the user terminal; performing bilinear mapping according to the user public key and the generator, and taking a mapping result as a second bilinear parameter; and performing first hash operation on the first bilinear parameter, the server verification parameter and the second bilinear parameter, and taking an operation result as the server session key.
In some embodiments, the first and second subgroups are q-order subgroups, q being a security prime number; the server verifies a parameter SRY × X, the user parameter X × P, P being the generator, y and X being random numbers in a non-0 integer domain modulo q; the first bilinear parameter E1=e(SsX), e (.) is the bilinear map, SsIs the server private key; the second bilinear parameter E2=e(Qc,y×Ppub),QcIs the user public key, PpubS × P, a system master key s is a random number in a non-0 integer domain modulo q, the system master key being generated by the key generation center and sent to the authentication server and the serverThe user terminal is described.
In some embodiments, the user session key is the first hash operation result of a third bilinear parameter, a user authentication parameter, and a fourth bilinear parameter, the user authentication parameter is generated according to the server parameter, the third bilinear parameter is generated by performing bilinear mapping according to the server public key and the generator, and the fourth bilinear parameter is generated by performing bilinear mapping according to the user private key and the server parameter.
In some embodiments, the user authentication parameter CRX Y, the user server parameter Y x P, P being the generator, Y and x being random numbers in a non-0 integer domain modulo q; the third bilinear parameter E3=e(Qs,x×Ppub),QsIs the server public key, PpubThe system master key s is a random number in a non-0 integer domain modulo q; the fourth bilinear parameter E4=e(ScY), e (.) is the bilinear map, ScIs the user private key.
In some embodiments, the user public key is a second hash operation result of the user ID, the second hash operation is generated by the key generation center and sent to the authentication server and the user terminal, the user private key is a product of a system master key and the user public key, the server public key is the second hash operation result of the server ID, and the server private key is a product of the system master key and the server public key.
In some embodiments, the second hash operation is an operation that maps 0, 1 strings of arbitrary length to non-origin elements in the first subgroup.
In some embodiments, the first hash operation is an operation of mapping the second subgroup, a product of the first subgroup and the second subgroup to a 0, 1 character string of a preset length.
According to further embodiments of the present disclosure, there is provided an authentication server including: a receiving unit, configured to receive a user ID and a user parameter sent by a user terminal, where the user parameter is generated according to a generator, and the generator is a generator of a first subgroup, and is further configured to receive the user ID and the server ID encrypted by using a user session key, which are returned by the user terminal; the generating unit is used for generating a server session key through a first hash operation according to a server private key, a user public key, the generating element and the user parameter, and is also used for generating a server parameter according to the generating element; a sending unit, configured to send the server parameter and the server ID to the user terminal, so that the user terminal generates the user session key through a first hash operation according to a user private key, a server public key, the generator, and the server parameter, where the user session key is the same as the server session key; the decryption unit is used for decrypting the encrypted information by using the server session key so as to acquire a user ID to be authenticated and a server ID to be authenticated; and the authentication unit is used for authenticating the user terminal according to the user ID, the user ID to be verified, the server ID and the server ID to be verified.
In some embodiments, the first subgroup, the generator, the first hash operation, and the length of the server session key are generated by a key generation center and transmitted to an authentication server and the user terminal.
In some embodiments, the first subgroup is a subgroup of super-singular elliptic curves having bilinear pairing properties.
In some embodiments, the generating unit is configured to generate a server verification parameter according to the user parameter, and further configured to perform bilinear mapping according to the server private key and the user parameter, where a mapping result is used as a first bilinear parameter, the bilinear mapping is a mapping from a group product of the first subgroup and the first subgroup to a second subgroup, the second subgroup is a multiplicative group having an order that is the same as that of the first subgroup, and further configured to perform the bilinear mapping according to the user public key and the generator, where a mapping result is used as a second bilinear parameter, and further configured to perform a first hash operation on the first bilinear parameter, the server verification parameter, and the second bilinear parameter, and a calculation result is used as the server session key.
In some embodiments, the first and second subgroups are q-order subgroups, q being a security prime number; the server verifies a parameter SRY × X, the user parameter X × P, P being the generator, y and X being random numbers in a non-0 integer domain modulo q; the first bilinear parameter E1=e(SsX), e (.) is the bilinear map, SsIs the server private key; the second bilinear parameter E2=e(Qc,y×Ppub),QcIs the user public key, PpubS × P, a system master key s is a random number in a non-0 integer domain modulo q, the system master key being generated by the key generation center and transmitted to the authentication server and the user terminal.
In some embodiments, the user session key is the first hash operation result of a third bilinear parameter, a user authentication parameter, and a fourth bilinear parameter, the user authentication parameter is generated according to the server parameter, the third bilinear parameter is generated by performing bilinear mapping according to the server public key and the generator, and the fourth bilinear parameter is generated by performing bilinear mapping according to the user private key and the server parameter.
In some embodiments, the user authentication parameter CRX Y, the user server parameter Y x P, P being the generator, Y and x being random numbers in a non-0 integer domain modulo q; the third bilinear parameter E3=e(Qs,x×Ppub),QsIs the server public key, PpubThe system master key s is a random number in a non-0 integer domain modulo q; the fourth bilinear parameter E4=e(ScY), e (.) is the bilinear map, ScIs the user private key.
According to still further embodiments of the present disclosure, there is provided an authentication server including: a memory; and a processor coupled to the memory, the processor configured to perform the authentication method of any of the above embodiments based on instructions stored in the memory device.
According to still further embodiments of the present disclosure, there is provided an authentication system including: the authentication server of any of the above embodiments; and the user terminal is used for sending the user ID and the user parameter, generating a user session key and returning a second user ID and the server ID which are encrypted by the user session key to the authentication server.
According to still further embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the authentication method in any of the above embodiments.
In the embodiment, the server and the user terminal generate the same session key by combining the respective public key and private key according to the generating element of the same group, thereby avoiding the complicated key negotiation process in the related technology and reducing the system overhead; and the session key is used for carrying out encryption authentication on the identity information, so that the safety of the system is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
fig. 1 illustrates a flow diagram of some embodiments of an authentication method of the present disclosure;
FIG. 2 illustrates a flow diagram of some embodiments of step 120 of FIG. 1;
fig. 3 shows a signaling diagram of some embodiments of an interaction process of the present disclosure;
fig. 4 illustrates a block diagram of some embodiments of an authentication server of the present disclosure;
fig. 5 illustrates a block diagram of some embodiments of an authentication system of the present disclosure;
fig. 6 shows a block diagram of further embodiments of an authentication server of the present disclosure;
fig. 7 illustrates a block diagram of still further embodiments of the authentication server of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Fig. 1 illustrates a flow diagram of some embodiments of an authentication method of the present disclosure.
As shown in fig. 1, the method includes: step 110, receiving a user ID and a user parameter; step 120, generating a server session key; step 130, generating server parameters; step 140, sending the server parameters and the server ID; step 150, receiving the encrypted information; step 160, decrypting the encrypted information; and step 170, authenticating the user terminal.
In step 110, the user ID and the user parameter sent by the user terminal are received, the user parameter is generated according to the generator, and the generator is the generator of the first subgroup. For example, the user terminal may be an internet of things terminal.
In some embodiments, the first subgroup G1As subgroups of super-singular elliptic curves with bilinear pairing properties, G1The elements in (1) are all points on a super-singular elliptic curve with bilinear pairing property, for example, G is G1G can be expressed as coordinates of (g)x,gy) Point (2) of (c).
For example, G1May be a sub-group of q, q being a security prime number, a second sub-group G2May be a sub-group of order q of a multiplicative group over a finite field. As can be seen from the related mathematical concepts, there is a bilinear map e (): g1×G1→G2The bilinear property is satisfied:
then G is1Are subgroups of super-singular elliptic curves with bilinear pairing properties. Thus, through G1The generation element P of (2) can enable the authentication server and the user terminal to generate the same session key, thereby improving the system security.
In some embodiments, the user parameter X P, X being a random number in a non-0 integer domain modulo q. Due to G1Is a point on a super-singular elliptic curve having a bilinear pairing property, and thus X is a point having an abscissa and an abscissa.
In step 120, a server session key is generated by a first hash operation based on the server private key, the user public key, the generator, and the user parameter.
In some embodiments, the server public key is a second hash of the server ID, and the server private key is a product of the system master key and the server public key. The user public key is a second hash operation result of the user ID, and the user private key is a product of the system master key and the user public key. For example, the second hash operation is an operation that maps 0, 1 strings of arbitrary length to non-origin elements in the first subgroup, and the system master key is a random number in a non-0 integer domain modulo q.
In this way, the public key of the user and the server can be identity information (user ID, server ID) or can be obtained by simply transforming the identity information, and the public key is determined without being verified by a certificate authority. Therefore, the encrypted transmission of the information can be realized only by the public key of the receiver and the public parameters of the system, and the certificate management process in the related technology is not needed, so that the system efficiency is improved.
In some embodiments, the first hash operation is an operation of mapping the second subgroup, the first subgroup and the product of the second subgroup into a 0, 1 character string with a preset length, i.e. the first hash operation H1:G2×G1×G2→{0,1}nThe preset length n is an integer other than 0.
In some embodiments, step 120 may be implemented by the embodiment in fig. 2.
Fig. 2 illustrates a flow diagram of some embodiments of step 120 of fig. 1.
As shown in fig. 2, step 120 may include: step 1210, generating server verification parameters; step 1220, generating a first bilinear parameter; step 1230, generating a second bilinear parameter; and step 1240, generating a server session key.
At step 1210, server authentication parameters are generated from the user parameters X. For example, the server verifies the parameter SRY is a random number in a non-0 integer domain modulo q.
In step 1220, based on the server private key SsAnd carrying out bilinear mapping on the user parameter X, and taking the mapping result as a first bilinear parameter. For example, the first bilinear parameter E1=e(Ss,X)。
In step 1230, according to the user public key QcAnd the generator P carries out bilinear mapping, and the mapping result is used as a second bilinear parameter. For example, P is calculated from the system master key spubS × P, then the second bilinear parameter E2=e(Qc,y×Ppub)。
In step 1240, the first bilinear parameter, the server authentication parameter, is verifiedAnd performing first hash operation on the second bilinear parameter, and taking an operation result as a server session key. For example, server session key KSComprises the following steps:
KS=H1(E1,SR,E2)
the generation of the server session key may continue the authentication of the user terminal through step 130-170 in fig. 1.
In step 130, server parameters are generated from the generator P. For example, the server parameter Y — Y × P.
In step 140, the server parameter and the server ID are sent to the user terminal, so that the user terminal generates a user session key through a first hash operation according to the user private key, the server public key, the generator and the server parameter, and the user session key is the same as the server session key.
In some embodiments, the user session key KCAs a third bilinear parameter E3User authentication parameter CRFourth bilinear parameter E4The first hash operation result of, and KC=KS. Thus, the user terminal and the authentication server can generate the same session key to complete key agreement by utilizing bilinear, and tedious repeated verification and transmission are not needed, so that the system efficiency is improved. For example, the user session key KCComprises the following steps:
KS=H1(E3,CR,E4)
in some embodiments, user authentication parameter CRAnd generating according to the server parameter Y. E.g. CR=x×Y。
In some embodiments, the third bilinear parameter E3According to the server public key QsAnd generating bilinear mapping by the generating element P. E.g. E3=e(Qs,x×Ppub)。
In some embodiments, the fourth bilinear parameter E4According to the private key S of the usercAnd carrying out bilinear mapping generation on the server parameter Y. E.g. E4=e(Sc,Y)。
In step 150, receiving the encrypted information returned by the user terminal, where the encrypted information is the user ID and the server ID encrypted by using the user session key.
In step 160, the encrypted information is decrypted using the server session key to obtain the user ID to be authenticated and the server ID to be authenticated.
In step 170, the user terminal is authenticated according to the user ID, the user ID to be verified, the server ID, and the server ID to be verified. For example, it may be verified whether the decrypted user ID to be verified is the same as the previously received user ID; whether the server ID to be verified obtained after decryption is the same as the server ID stored by the server ID to be verified can be verified; all the same, pass authentication of the user terminal, otherwise do not pass authentication of the user terminal.
In some embodiments, the key generation center generates system parameters: the authentication method comprises the steps of a first subgroup, a second subgroup, the order of the first subgroup, bilinear mapping, the length of a server session key, a generator, a system master key, first hash operation and second hash operation, and the system parameters are sent to an authentication server and a user terminal. For example, the system master key may be saved by the private key generation center and the system parameters may be sent to the authentication server and the user terminal.
By setting the key generation center, the authentication can be completed only by maintaining the system parameters required by the authentication generated by the key generation center. The key generation center does not need to be in an online state all the time, and the page does not need to maintain all the user public keys, so that the system overhead is saved, and the cost is reduced.
To more clearly illustrate the method of the present disclosure, some embodiments of the interaction process of the present disclosure are illustrated below by fig. 3.
Fig. 3 shows a signaling diagram of some embodiments of the interaction procedure of the present disclosure.
As shown in fig. 3, at event 310, the key generation center generates and transmits system parameters to the authentication server and the user terminal.
At event 320, the user terminal sends the user ID and user parameters to the authentication server via a CONNECT message.
At event 330, the authentication server generates a server session key.
At event 340, the authentication Server adds a Server Key Exchange message after receiving the CONNECT message, and sends the Server ID and the Server parameters to the user terminal through the added CONNECT message.
At event 350, the user terminal generates a user session key.
In event 360, the user terminal adds a Client Key Exchange message after receiving the CONNECT message, and sends the user ID and the server ID encrypted by the user session Key to the authentication server through the added CONNECT message.
At event 370, the authentication server decrypts with the server session key and verifies that the key agreement was successful.
In event 380, the authentication server returns the authentication result of the user terminal via the Connect Return Code, while keeping the original nack information unchanged.
In the embodiment, the server and the user terminal generate the same session key by combining the respective public key and private key according to the generating element of the same group, so that the complicated key negotiation process in the related technology is avoided, and the system overhead is reduced; and the session key is used for carrying out encryption authentication on the identity information, so that the safety of the system is improved.
Fig. 4 illustrates a block diagram of some embodiments of an authentication server of the present disclosure.
As shown in fig. 4, the authentication server 4 includes a receiving unit 41, a generating unit 42, a transmitting unit 43, a decrypting unit 44, and an authenticating unit 45.
The receiving unit 41 receives the user ID and the user parameter transmitted from the user terminal. And generating the user parameters according to the generating element. The generator is a generator of the first subgroup. The receiving unit 41 is further configured to receive the user ID and the server ID encrypted with the user session key returned by the user terminal. For example, the first subgroup is a subgroup of the super-singular elliptic curves having bilinear pairing properties.
The generation unit 42 generates a server session key by a first hash operation based on the server private key, the user public key, the generator, and the user parameter. The generating unit 42 is further configured to generate a server parameter according to the generator.
In some embodiments, the generation unit 42 generates the server authentication parameters from the user parameters. For example, the server verifies the parameter SR=y×X。
The generating unit 42 performs bilinear mapping according to the server private key and the user parameter, and takes the mapping result as a first bilinear parameter. For example, bilinear mapping is a mapping of a first subgroup and the product of the first subgroup to a second subgroup. The second subgroup is a multiplicative group with the same order as the first subgroup, and the first subgroup and the second subgroup are q-order subgroups. For example, the first bilinear parameter E1=e(Ss,X),。
The generating unit 42 performs bilinear mapping according to the user public key and the generator, and uses the mapping result as a second bilinear parameter. For example, the second bilinear parameter E2=e(Qc,y×Ppub)。
The generating unit 42 performs a first hash operation on the first bilinear parameter, the server authentication parameter, and the second bilinear parameter, and uses the operation result as a server session key.
The transmission unit 43 transmits the server parameter and the server ID to the user terminal so that the user terminal generates a user session key by a first hash operation based on the user private key, the server public key, the generator, and the server parameter. The user session key is the same as the server session key.
In some embodiments, the user session key is a first hash result of the third bilinear parameter, the user authentication parameter, and the fourth bilinear parameter. And generating the user authentication parameters according to the server parameters. For example, user authentication parameter CRX × Y. And the third bilinear parameter is generated by bilinear mapping according to the server public key and the generating element. E.g. a third bilinear parameter E3=e(Qs,x×Ppub). The fourth bilinear parameter is based on the sum of the private key of the user andand carrying out bilinear mapping generation on the server parameters. E.g. fourth bilinear parameter E4=e(Sc,Y)。
The decryption unit 44 decrypts the encrypted information using the server session key to obtain the user ID to be authenticated and the server ID to be authenticated; .
The authentication unit 45 authenticates the user terminal based on the user ID, the user ID to be verified, the server ID, and the server ID to be verified.
In some embodiments, the first subgroup, the generator, the first hash operation, the length of the server session key are generated by the key, the bilinear map, the second subgroup, and the order of the second subgroup by the generation center and sent to the authentication server and the user terminal.
In the embodiment, the server and the user terminal generate the same session key by combining the respective public key and private key according to the generating element of the same group, so that the complicated key negotiation process in the related technology is avoided, and the system overhead is reduced; and the session key is used for carrying out encryption authentication on the identity information, so that the safety of the system is improved.
Fig. 5 illustrates a block diagram of some embodiments of the authentication system of the present disclosure.
As shown in fig. 5, the authentication system includes an authentication server 51 and a user terminal 52 in any of the embodiments of the present disclosure. The user terminal 52 transmits the user ID and the user parameter, generates a user session key, and returns the second user ID and the server ID encrypted with the user session key to the authentication server 51.
Fig. 6 illustrates a block diagram of further embodiments of the authentication server of the present disclosure.
As shown in fig. 6, the authentication server 6 of this embodiment includes: a memory 61 and a processor 62 coupled to the memory 61, the processor 62 being configured to perform one or more steps of the authentication method in any one of the embodiments of the present disclosure based on instructions stored in the memory 61.
The memory 61 may include, for example, a system memory, a fixed nonvolatile storage medium, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), a database, and other programs.
Fig. 7 illustrates a block diagram of still further embodiments of the authentication server of the present disclosure.
As shown in fig. 6, the authentication server 7 of this embodiment includes: a memory 710 and a processor 720 coupled to the memory 710, the processor 720 being configured to perform the authentication method of any of the previous embodiments based on instructions stored in the memory 710.
The memory 710 may include, for example, system memory, fixed non-volatile storage media, and the like. The system memory stores, for example, an operating system, an application program, a Boot Loader (Boot Loader), and other programs.
The authentication server 7 may further include an input-output interface 730, a network interface 740, a storage interface 750, and the like. These interfaces 730, 740, 750, as well as the memory 710 and the processor 720, may be connected, for example, by a bus 760. The input/output interface 730 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 740 provides a connection interface for various networking devices. The storage interface 750 provides a connection interface for external storage devices such as an SD card and a usb disk.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
So far, an authentication method, an authentication server, an authentication system, and a computer-readable storage medium according to the present disclosure have been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The method and system of the present disclosure may be implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (20)
1. An authentication method, comprising:
receiving a user ID and a user parameter sent by a user terminal, wherein the user parameter is generated according to a generating element, and the generating element is a generating element of a first subgroup;
generating a server session key through a first hash operation according to a server private key, a user public key, the generating element and the user parameter;
generating server parameters according to the generating elements;
sending the server parameter and the server ID to the user terminal so that the user terminal can generate a user session key through the first hash operation according to a user private key, a server public key, the generating element and the server parameter, wherein the user session key is the same as the server session key;
receiving encrypted information returned by the user terminal, wherein the encrypted information is the user ID and the server ID encrypted by using the user session key;
decrypting the encrypted information by using the server session key to acquire a user ID to be authenticated and a server ID to be authenticated;
and authenticating the user terminal according to the user ID, the user ID to be verified, the server ID and the server ID to be verified.
2. The authentication method of claim 1,
and the first subgroup, the generator, the first hash operation and the length of the server session key are generated by a key generation center and are sent to an authentication server and the user terminal.
3. The authentication method of claim 1,
the first subgroup is a subgroup of the super-singular elliptic curves having bilinear pairing properties.
4. The authentication method of claim 3, wherein the generating a server session key comprises:
generating a server verification parameter according to the user parameter;
carrying out bilinear mapping according to the server private key and the user parameters, taking a mapping result as a first bilinear parameter, wherein the bilinear mapping is the mapping from a first subgroup and the product of the first subgroup to a second subgroup, the second subgroup is a multiplicative group with the same order as the first subgroup, and the orders of the bilinear mapping, the second subgroup and the second subgroup are generated by a key generation center and are sent to an authentication server and the user terminal;
performing bilinear mapping according to the user public key and the generator, and taking a mapping result as a second bilinear parameter;
and performing first hash operation on the first bilinear parameter, the server verification parameter and the second bilinear parameter, and taking an operation result as the server session key.
5. The authentication method of claim 4,
the first subgroup and the second subgroup are q-order subgroups, and q is a security prime number;
the server verifies a parameter SRY × X, the user parameter X × P, P being the generator, y and X being random numbers in a non-0 integer domain modulo q;
the first bilinear parameter E1=e(SsX), e (.) is the bilinear map, SsIs the server private key;
the second bilinear parameter E2=e(Qc,y×Ppub),QcIs the user public key, PpubS × P, a system master key s is a random number in a non-0 integer domain modulo q, the system master key being generated by the key generation center and transmitted to the authentication server and the user terminal.
6. The authentication method of claim 4,
the user session key is the first hash operation result of a third bilinear parameter, a user authentication parameter and a fourth bilinear parameter, the user authentication parameter is generated according to the server parameter, the third bilinear parameter is generated by bilinear mapping according to the server public key and the generating element, and the fourth bilinear parameter is generated by bilinear mapping according to the user private key and the server parameter.
7. The authentication method of claim 6,
the user authentication parameter CRX Y, the user server parameter Y x P, P being the generator, Y and x being random numbers in a non-0 integer domain modulo q;
the third bilinear parameter E3=e(Qs,x×Ppub),QsIs the server public key, PpubThe system master key s is a random number in a non-0 integer domain modulo q;
the fourth bilinear parameter E4=e(ScY), e (.) is the bilinear map, ScIs the user private key.
8. The authentication method according to any one of claims 1 to 7,
the user public key is a second hash operation result of the user ID, the second hash operation is generated by the key generation center and is sent to the authentication server and the user terminal,
the user private key is the product of a system master key and the user public key,
the server public key is the second hash operation result of the server ID,
the server private key is the product of the system master key and the server public key.
9. The authentication method of claim 8,
the second hash operation is an operation of mapping a 0, 1 string of arbitrary length to a non-origin element in the first subgroup.
10. The authentication method according to any one of claims 4 to 7,
the first hash operation is an operation of mapping the second subgroup, a product of the first subgroup and the second subgroup to a 0, 1 character string of a preset length.
11. An authentication server, comprising:
a receiving unit, configured to receive a user ID and a user parameter sent by a user terminal, where the user parameter is generated according to a generator, and the generator is a generator of a first subgroup, and is further configured to receive the user ID and the server ID encrypted by using a user session key, which are returned by the user terminal;
the generating unit is used for generating a server session key through a first hash operation according to a server private key, a user public key, the generating element and the user parameter, and is also used for generating a server parameter according to the generating element;
a sending unit, configured to send the server parameter and the server ID to the user terminal, so that the user terminal generates the user session key through a first hash operation according to a user private key, a server public key, the generator, and the server parameter, where the user session key is the same as the server session key;
the decryption unit is used for decrypting the encrypted information by using the server session key so as to acquire a user ID to be authenticated and a server ID to be authenticated;
and the authentication unit is used for authenticating the user terminal according to the user ID, the user ID to be verified, the server ID and the server ID to be verified.
12. The authentication server of claim 11,
and the first subgroup, the generator, the first hash operation and the length of the server session key are generated by a key generation center and are sent to an authentication server and the user terminal.
13. The authentication server of claim 11,
the first subgroup is a subgroup of the super-singular elliptic curves having bilinear pairing properties.
14. The authentication server of claim 13,
the generating unit generates server verification parameters according to the user parameters, and is further configured to perform bilinear mapping according to the server private key and the user parameters, take a mapping result as a first bilinear parameter, the bilinear mapping is a mapping of the first subgroup and a product of the first subgroup to a second subgroup, the second subgroup is a multiplicative group with the same order as the first subgroup, the order of the bilinear mapping, the second subgroup and the second subgroup is generated by a key generation center and is sent to an authentication server and the user terminal, the bilinear mapping is further performed according to the user public key and the generator, the mapping result is used as a second bilinear parameter, the first bilinear parameter, the server verification parameter and the second bilinear parameter are further subjected to a first hash operation, and the operation result is used as the server session key.
15. The authentication server of claim 14,
the first subgroup and the second subgroup are q-order subgroups, and q is a security prime number;
the server verifies a parameter SRY × X, the user parameter X × P, P being the generator, y and X being random numbers in a non-0 integer domain modulo q;
the first bilinear parameter E1=e(SsX), e (.) is the bilinear map, SsIs the server private key;
the second bilinear parameter E2=e(Qc,y×Ppub),QcIs the user public key, PpubS × P, a system master key s is a random number in a non-0 integer domain modulo q, the system master key being generated by the key generation center and transmitted to the authentication server and the user terminal.
16. The authentication server of claim 14,
the user session key is the first hash operation result of a third bilinear parameter, a user authentication parameter and a fourth bilinear parameter, the user authentication parameter is generated according to the server parameter, the third bilinear parameter is generated by bilinear mapping according to the server public key and the generating element, and the fourth bilinear parameter is generated by bilinear mapping according to the user private key and the server parameter.
17. The authentication server of claim 16, wherein,
the user authentication parameter CRX Y, the user server parameter Y x P, P being the generator, Y and x being random numbers in a non-0 integer domain modulo q;
the third bilinear parameter E3=e(Qs,x×Ppub),QsIs the server public key, PpubThe system master key s is a random number in a non-0 integer domain modulo q;
the fourth bilinear parameter E4=e(ScY), e (.) is the bilinear map, ScIs the user private key.
18. An authentication server, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the authentication method of any of claims 1-10 based on instructions stored in the memory device.
19. An authentication system comprising:
an authentication server according to any of claims 11-18; and
and the user terminal is used for sending the user ID and the user parameters, generating a user session key and returning a second user ID and the server ID which are encrypted by the user session key to the authentication server.
20. A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, implements the authentication method of any one of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810983847.4A CN110868285B (en) | 2018-08-28 | 2018-08-28 | Authentication method, server, system, and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810983847.4A CN110868285B (en) | 2018-08-28 | 2018-08-28 | Authentication method, server, system, and computer-readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110868285A true CN110868285A (en) | 2020-03-06 |
| CN110868285B CN110868285B (en) | 2023-05-19 |
Family
ID=69651244
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810983847.4A Active CN110868285B (en) | 2018-08-28 | 2018-08-28 | Authentication method, server, system, and computer-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110868285B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112202792A (en) * | 2020-09-30 | 2021-01-08 | 京东数字科技控股股份有限公司 | Communication method and device for establishing long connection between client and server |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050084114A1 (en) * | 2003-10-20 | 2005-04-21 | Jung Bae-Eun | Conference session key distribution method in an ID-based cryptographic system |
| CN101179380A (en) * | 2007-11-19 | 2008-05-14 | 上海交通大学 | Bidirectional authentication method, system and network terminal |
| JP2009065226A (en) * | 2007-09-04 | 2009-03-26 | Kddi Corp | Authenticated key exchange system, authenticated key exchange method and program |
| CN101459506A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation |
| WO2009154020A1 (en) * | 2008-06-18 | 2009-12-23 | 日本電気株式会社 | Key exchange device and method based on identifier |
| CN102098157A (en) * | 2009-12-10 | 2011-06-15 | 塔塔咨询服务有限公司 | A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure |
| CN105406961A (en) * | 2015-11-02 | 2016-03-16 | 珠海格力电器股份有限公司 | Secret key negotiation method, terminal and server |
| CN105897416A (en) * | 2016-06-29 | 2016-08-24 | 邓月霞 | Forward end-to-end safe instant communication method based on identity-based password system |
| CN106060070A (en) * | 2016-07-01 | 2016-10-26 | 中国人民解放军国防科学技术大学 | TLS handshake protocol for identity-based cryptosystem |
| CN106209369A (en) * | 2016-07-01 | 2016-12-07 | 中国人民解放军国防科学技术大学 | Single interactive authentication key agreement protocol of ID-based cryptosystem system |
| US20160359630A1 (en) * | 2015-06-02 | 2016-12-08 | Miracl Ltd. | Authentication methods, systems, devices, servers and computer program products |
-
2018
- 2018-08-28 CN CN201810983847.4A patent/CN110868285B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050084114A1 (en) * | 2003-10-20 | 2005-04-21 | Jung Bae-Eun | Conference session key distribution method in an ID-based cryptographic system |
| JP2009065226A (en) * | 2007-09-04 | 2009-03-26 | Kddi Corp | Authenticated key exchange system, authenticated key exchange method and program |
| CN101179380A (en) * | 2007-11-19 | 2008-05-14 | 上海交通大学 | Bidirectional authentication method, system and network terminal |
| CN101459506A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation |
| WO2009154020A1 (en) * | 2008-06-18 | 2009-12-23 | 日本電気株式会社 | Key exchange device and method based on identifier |
| CN102098157A (en) * | 2009-12-10 | 2011-06-15 | 塔塔咨询服务有限公司 | A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure |
| US20160359630A1 (en) * | 2015-06-02 | 2016-12-08 | Miracl Ltd. | Authentication methods, systems, devices, servers and computer program products |
| CN105406961A (en) * | 2015-11-02 | 2016-03-16 | 珠海格力电器股份有限公司 | Secret key negotiation method, terminal and server |
| CN105897416A (en) * | 2016-06-29 | 2016-08-24 | 邓月霞 | Forward end-to-end safe instant communication method based on identity-based password system |
| CN106060070A (en) * | 2016-07-01 | 2016-10-26 | 中国人民解放军国防科学技术大学 | TLS handshake protocol for identity-based cryptosystem |
| CN106209369A (en) * | 2016-07-01 | 2016-12-07 | 中国人民解放军国防科学技术大学 | Single interactive authentication key agreement protocol of ID-based cryptosystem system |
Non-Patent Citations (1)
| Title |
|---|
| 彭长艳等: "基于IBC的TLS握手协议设计与分析", 《计算机应用》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112202792A (en) * | 2020-09-30 | 2021-01-08 | 京东数字科技控股股份有限公司 | Communication method and device for establishing long connection between client and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110868285B (en) | 2023-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110213042B (en) | Cloud data deduplication method based on certificate-free proxy re-encryption | |
| CN109756500B (en) | Anti-quantum computation HTTPS communication method and system based on multiple asymmetric key pools | |
| CN108292402B (en) | Determination of a common secret and hierarchical deterministic keys for the secure exchange of information | |
| CN109088889B (en) | SSL encryption and decryption method, system and computer readable storage medium | |
| KR102124413B1 (en) | System and method for identity based key management | |
| US7634085B1 (en) | Identity-based-encryption system with partial attribute matching | |
| US9379891B2 (en) | Method and system for ID-based encryption and decryption | |
| US8930704B2 (en) | Digital signature method and system | |
| CN106130716B (en) | Key exchange system and method based on authentication information | |
| KR20180114182A (en) | Secure personal devices using elliptic curve cryptography for secret sharing | |
| WO2013112901A1 (en) | System and method for securing private keys issued from distributed private key generator (d-pkg) nodes | |
| US11190504B1 (en) | Certificate-based service authorization | |
| CN110365469B (en) | Data integrity verification method in cloud storage supporting data privacy protection | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN109981292B (en) | SM9 algorithm-based authentication method, device and system | |
| CN105049434B (en) | Identity identifying method and encryption communication method under a kind of peer to peer environment | |
| CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
| CN113037484B (en) | Data transmission method, device, terminal, server and storage medium | |
| US20230188325A1 (en) | Computer-implemented system and method for highly secure, high speed encryption and transmission of data | |
| CN110690969B (en) | Method and system for achieving bidirectional SSL/TLS authentication through multiparty cooperation | |
| CN107248997B (en) | Authentication method based on intelligent card under multi-server environment | |
| WO2022116175A1 (en) | Method and apparatus for generating digital signature and server | |
| CN111565108B (en) | Signature processing method, device and system | |
| CN110519225B (en) | Anti-quantum computation HTTPS communication method and system based on asymmetric key pool and certificate cryptography | |
| CN110519040B (en) | Anti-quantum computation digital signature method and system based on identity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20200306 Assignee: Tianyiyun Technology Co.,Ltd. Assignor: CHINA TELECOM Corp.,Ltd. Contract record no.: X2024110000020 Denomination of invention: Authentication methods, servers, systems, and computer-readable storage media Granted publication date: 20230519 License type: Common License Record date: 20240315 |