CN111817856A - Identity authentication method and system based on zero-knowledge proof and password technology - Google Patents
Identity authentication method and system based on zero-knowledge proof and password technology Download PDFInfo
- Publication number
- CN111817856A CN111817856A CN202010619897.1A CN202010619897A CN111817856A CN 111817856 A CN111817856 A CN 111817856A CN 202010619897 A CN202010619897 A CN 202010619897A CN 111817856 A CN111817856 A CN 111817856A
- Authority
- CN
- China
- Prior art keywords
- client
- platform
- pin
- information
- zero
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Abstract
The invention belongs to the technical field of identity recognition and authentication, and discloses an identity authentication method and an identity authentication system based on zero-knowledge proof and password technology, which initialize client information through a platform; and the client and the platform carry out related information interaction, and the platform and the client carry out independent calculation respectively to finish verification of the PIN and determine the authenticity and the validity of the identity of the client. The invention adopts a typical zero-knowledge proof model to realize the verification of PIN, namely: client request- > platform issue- > client gives answer. It is no longer a single PIN secure transmission authentication. The invention adopts an asymmetric encryption mode to realize the verification of the client, namely: the server side adopts the public key of the client side to encrypt the transmission information, and the client side with the private key decrypts the original information. The client of the invention uses the random number R1 to prevent replay attack. The attack of a hacker adopting off-bank, explosion and injection events can be effectively resisted.
Description
Technical Field
The invention belongs to the technical field of identity recognition and authentication, and particularly relates to an identity authentication method and an identity authentication system based on zero knowledge proof and a password technology.
Background
At present, with the development of internet and mobile internet technologies and applications, the application scenario and environment of user authentication based on PIN are more complicated, for example, in modern banking, personal funds are embodied by bank accounts, the funds in the operation and use accounts must be authorized by the user, and PIN is widely used as authentication and account operation authorization. Usually, a user inputs a personal PIN at a terminal, and the PIN is transmitted to an account management platform for verification, and only after the verification is passed, the related operation of an account can be performed.
The currently commonly used PIN protection method is as follows:
1) the PIN is set and mastered by an individual and cannot be revealed, and usually a user can remember in mind;
2) the PIN input device is provided with special anti-theft and anti-tampering equipment which has certain safety measures and is used for a user to complete PIN input by an application enterprise;
3) PIN usually has several encryption protection methods:
and carrying out special PINBLOK symmetric encryption and transmitting the encrypted message to the account location. The encryption key is issued by the superior node.
And symmetrically encrypting the PIN and transmitting the PIN to a background in a ciphertext mode. The encryption key is issued to the terminal in dependence on the secure channel.
And symmetrically encrypting the PIN and transmitting the PIN to a background in a ciphertext mode. The encryption key is stored in the usbkey.
And carrying out asymmetric encryption on the PIN, and transmitting the PIN to a background in a ciphertext mode. The encryption is done with the server public key and in the form of a digital envelope.
4) And the background system receives the PIN ciphertext and completes verification and comparison of the PIN in special equipment (such as a cipher machine).
Through the above analysis, the problems and defects of the prior art are as follows:
(1) in the segment encryption mode, the encryption key of the initial node is fixed for a certain period of time.
(2) Each node in the PIN transmission path needs to decrypt and re-encrypt the data to be encrypted.
(3) The final verification node-the core system must master the stored encryption key and the previous node shared key.
(4) In the verification process of the PIN, plaintext appears, and although the plaintext only appears in a special device, certain information leakage risks exist, and even the user authentication system is disabled.
The difficulty in solving the above problems and defects is:
in the verification process of the PIN, how to effectively ensure the validity and confidentiality of the information of the PIN;
how to realize encryption and decryption synchronization under the condition that the front end and the back end do not negotiate a key, and the authenticity of the client is ensured.
The significance of solving the problems and the defects is as follows:
the verification of the PIN information is not limited to the information per se, but participates in the verification process as a parameter, and is not a single PIN secret transmission authentication mode.
The authenticity of the client is verified while the authenticity of the PIN is verified, and double-factor verification is realized.
The encryption and decryption algorithms can adopt algorithms of different grades according to the computing power of the client, thereby facilitating the development of services and meeting the safety requirements of authentication.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an identity authentication method and an identity authentication system based on zero-knowledge proof and a password technology.
The invention is realized in this way, an identity authentication method based on zero knowledge proof and cryptographic technology, the identity authentication method based on zero knowledge proof and cryptographic technology includes:
initializing client information through a platform;
and the client and the platform carry out related information interaction, and the platform and the client independently calculate to finish verification of the PIN and determine the authenticity and the validity of the identity of the client.
Further, the method for initializing the client information by the platform comprises the following steps:
i) leading personal ID, PIN code and public key information into a platform through a client;
ii) the platform calculates the hash value of the PIN code by adopting SM3 or other hash algorithm, and verifies the validity and validity of the public key;
iii) the platform encrypts and stores information such as ID, hashvalue and public key, and does not store the PIN code;
iv) the client saves and protects its own ID, PIN code information and private key.
Further, the method for verifying the PIN and determining the authenticity and validity of the identity of the client comprises the following steps:
firstly, a client generates and caches a random number R1, and simultaneously sends an ID and R1 to a platform;
secondly, after the platform receives the ID and the R1, a random number string R2 is generated, the length of the R2 string is 16 bytes, and R2 is cached; encrypting and sending the obtained encryption information to the client;
thirdly, the client decrypts the encrypted information sent by the platform in the second step, encrypts the decrypted information and sends the encrypted information to the platform;
and fourthly, the platform decrypts and verifies the re-encryption information transmitted by the client side in the third step.
Further, the second step further comprises:
a) after receiving the ID and the R1, the platform generates a random number string R2, wherein the length of the R2 string is 16 bytes, and buffers R2;
b) the platform encrypts R1 by using R2 as a key and a symmetric encryption algorithm, such as SM4, to obtain a ciphertext M1;
c) the platform uses hashvalue as a key, and adopts a symmetric encryption algorithm SM4 to encrypt R1^ R2 to obtain a ciphertext M2;
d) the platform adopts an asymmetric encryption algorithm, such as SM2, and encrypts M1| | | M2 by using a public key of a user client to obtain Ms;
e) the platform sends the Ms to the user's client.
Further, the third step further comprises:
1) the user inputs a PIN;
2) calculating the hashvalue of the PIN code by adopting an algorithm which is the same as the platform, such as an SM3 algorithm;
3) decrypting and decrypting the Ms by using a private key of the client by using an asymmetric encryption algorithm, such as SM2 to obtain (M11. I. M22);
4) decrypting M22 by using hashvalue as a key and adopting a symmetric encryption algorithm, such as SM4, to obtain temp;
5) calculating R2 ═ temp ^ R1;
6) decrypting M11 by using R2 'as a key and adopting a symmetric encryption algorithm, such as SM4, to obtain R1';
7) if (R1 ═ R1) continue; else authentication fails;
8) encrypting R2 'by using a symmetric encryption algorithm, such as SM4, using R2' as a key to obtain M3;
9) m3 is sent to the platform.
Further, the fourth step further includes:
the platform uses the cached R2 as a key, and decrypts M3 by adopting a symmetric encryption algorithm, such as SM4, to obtain R2';
if the (R2 ═ R2) verification passes, otherwise the verification fails.
Another object of the present invention is to provide an identity authentication system based on zero-knowledge proof and cryptography, comprising:
the platform initializes the client information, calculates the hash value of the PIN code by adopting a hash algorithm, such as SM3, and verifies the validity and validity of the public key;
and the client (user client) performs related information interaction with the platform and simultaneously performs independent calculation to complete verification of the PIN and determine the authenticity and the validity of the user identity.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
initializing client information through a platform;
and the client and the platform carry out related information interaction, and the platform and the client independently calculate to finish verification of the PIN and determine the authenticity and the validity of the identity of the client.
It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
initializing client information through a platform;
and the client and the platform carry out related information interaction, and the platform and the client independently calculate to finish verification of the PIN and determine the authenticity and the validity of the identity of the client.
The invention also aims to provide a financial industry cipher machine for implementing the identity authentication method based on zero knowledge proof and cipher technology.
By combining all the technical schemes, the invention has the advantages and positive effects that:
the invention supports the verification based on zero knowledge and password technology for various universal account passwords. The invention adopts a typical zero-knowledge proof model to realize the verification of PIN, namely: client request- > platform issue- > client gives answer. It is no longer a single PIN secure transmission authentication.
The invention adopts an asymmetric encryption mode to realize the verification of the client, namely: the server side adopts the public key of the client side to encrypt the transmission information, and the client side with the private key decrypts the original information.
The information transmitted by the invention is the information obtained by using the hash value of the PIN as the encryption related information of the key, and is not the information transmitted by transmitting the plaintext or ciphertext PIN. Even if an attacker takes the relevant random number and the ciphertext, the principle of the cryptographic algorithm ensures that the PIN cannot be pushed out, so that the protection strength of the PIN is increased.
The client of the invention uses the random number R1 to prevent replay attack. The attack of a hacker adopting off-bank, explosion and injection events can be effectively resisted.
The invention adopts zero knowledge proof and password technology, so that any information of the PIN is not exposed in the processing process and the transmission process, the verification of the PIN is realized by the interaction and calculation of random numbers generated by the platform and the client, and the core problems of the safety risk of stealing and revealing the PIN caused by violence dragging a library, bumping the library and the like and the failure of a user authentication system are solved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.
Fig. 1 is a flowchart of an identity authentication method based on zero-knowledge proof and cryptography according to an embodiment of the present invention.
Fig. 2 is a flow chart of PIN verification provided by the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problems in the prior art, the invention provides an identity authentication method and an identity authentication system based on zero-knowledge proof and a cryptographic technology, and the invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the identity authentication method based on zero-knowledge proof and cryptographic technology provided by the present invention includes:
and S101, initializing client information through a platform.
And S102, the client and the platform perform related information interaction, and the platform and the client perform independent calculation respectively to complete verification of the PIN and determine the authenticity and the validity of the identity of the client.
Those skilled in the art of identity authentication methods and authentication systems based on zero-knowledge proof and cryptography provided by the present invention may also implement other steps, and the present invention shown in fig. 1 is only one specific embodiment.
In the present invention, in step S101, registration is performed, and when the platform initializes the user information, the following steps are adopted:
1) the user imports personal information, including ID, PIN code, public key, etc., into the platform.
2) The platform calculates the hash value of the PIN code by adopting SM3 or other hash algorithm, and verifies the validity and validity of the public key.
3) The platform encrypts and stores information such as ID, hashvalue and public key, and does not store the PIN code.
4) The user stores and protects own information such as ID, PIN code and the like, and the client stores and protects own private key.
As shown in fig. 2, step S102 specifically includes:
s201, the client generates and caches a random number R1, and sends the ID and R1 to the platform.
S202, after the platform receives the ID and the R1, a random number string R2 is generated, the length of the R2 string is 16 bytes, and R2 is cached; and then encrypting and sending the obtained encryption information to the client.
S203, the client decrypts the encrypted information sent by the platform in the step S202, encrypts the decrypted information and sends the encrypted information to the platform.
And S204, the platform decrypts and verifies the re-encryption information transmitted by the client in the step S203.
In the present invention, step S202 further includes:
1) after receiving the ID and R1, the platform generates a random number string R2, R2 is 16 bytes long, and buffers R2.
2) The platform encrypts R1 with R2 as a key using a symmetric encryption algorithm, such as SM4, to obtain ciphertext M1.
3) The platform uses hashvalue as a key, and adopts a symmetric encryption algorithm, such as SM4, to encrypt R1^ R2 to obtain a ciphertext M2.
4) The platform adopts an asymmetric encryption algorithm, such as SM2, and encrypts M1| | | M2 by using the public key of the user client to obtain Ms.
5) The platform sends the Ms to the user's client.
In the present invention, step S203 further includes:
9) the user inputs a PIN;
10) calculating the hash value of the PIN code by adopting an algorithm which is the same as the platform, such as an SM3 algorithm or other hash algorithms;
11) decrypting and decrypting Ms by using a private key of the client by using an asymmetric encryption algorithm, such as SM2 to obtain (M11M 22)
12) Decrypting M22 by using hashvalue as a key and adopting a symmetric encryption algorithm, such as SM4, to obtain temp;
13) calculating R2 ═ temp ^ R1;
14) m11 is decrypted using R2 'as the key using a symmetric encryption algorithm, such as SM4, to yield R1'.
15) if (R1 ═ R1) continue; else authentication fails;
16) encrypting R2 'by using a symmetric encryption algorithm, such as SM4, using R2' as a key to obtain M3;
17) m3 is sent to the platform.
In the present invention, step S204 further includes:
1) the platform uses the cached R2 as a key to solve M3 by using SM4 to obtain R2'.
if (R2 ═ R2) verification passes, otherwise verification fails.
The invention provides an identity authentication system based on zero knowledge proof and cryptographic technology, comprising: and the platform initializes the client information, calculates the hash value of the PIN code by adopting SM3 or other hash algorithm, and verifies the validity and validity of the public key.
And the client performs related information interaction with the platform and simultaneously performs independent calculation, completes verification of the PIN and determines authenticity and validity of the user identity.
Those skilled in the art of identity authentication methods and authentication systems based on zero-knowledge proof and cryptography provided by the present invention may also implement other steps, and the present invention shown in fig. 1 is only one specific embodiment.
In the description of the present invention, "a plurality" means two or more unless otherwise specified; the terms "upper", "lower", "left", "right", "inner", "outer", "front", "rear", "head", "tail", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are only for convenience in describing and simplifying the description, and do not indicate or imply that the device or element referred to must have a particular orientation, be constructed in a particular orientation, and be operated, and thus, should not be construed as limiting the invention. Furthermore, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. An identity authentication method based on zero knowledge proof and a cryptographic technique is characterized in that the identity authentication method based on zero knowledge proof and the cryptographic technique comprises the following steps:
initializing client information through a platform;
and the client and the platform carry out related information interaction, and the platform and the client independently calculate to finish verification of the PIN and determine the authenticity and the validity of the identity of the client.
2. The zero-knowledge proof and password technology based identity authentication method of claim 1, wherein the method for initializing client information by the platform comprises:
i) leading personal ID, PIN code and public key information into a platform through a client;
ii) the platform calculates the hash value of the PIN code by adopting a hash algorithm, and verifies the validity and validity of the public key;
iii) the platform encrypts and stores the ID, hashvalue and public key information, and does not store the PIN code;
iv) the client saves and protects its own ID, PIN code information and private key.
3. The zero-knowledge proof of knowledge and password technology based identity authentication method of claim 1, wherein the method of verifying the PIN and determining the authenticity and validity of the client identity comprises:
firstly, a client generates and caches a random number R1, and simultaneously sends an ID and R1 to a platform;
secondly, after the platform receives the ID and the R1, a random number string R2 is generated, the length of the R2 string is 16 bytes, and R2 is cached; encrypting and sending the obtained encryption information to the client;
thirdly, the client decrypts the encrypted information sent by the platform in the second step, encrypts the decrypted information and sends the encrypted information to the platform;
and fourthly, the platform decrypts and verifies the re-encryption information transmitted by the client side in the third step.
4. The zero-knowledge proof of knowledge and password technique based identity authentication method of claim 3, wherein the second step further comprises:
a) after receiving the ID and the R1, the platform generates a random number string R2, wherein the length of the R2 string is 16 bytes, and buffers R2;
b) the platform encrypts R1 by using R2 as a key and adopting a symmetric encryption algorithm to obtain a ciphertext M1;
c) the platform uses hashvalue as a key, and adopts a symmetric encryption algorithm to encrypt R1^ R2 to obtain a ciphertext M2;
d) the platform adopts an asymmetric encryption algorithm, and encrypts M1| M2 by using a public key of a user client to obtain Ms;
e) the platform sends the Ms to the user's client.
5. A method of identity authentication based on zero-knowledge proof and cryptography as claimed in claim 3, wherein the third step further comprises:
1) the user inputs a PIN;
2) calculating the hashvalue of the PIN code by adopting an algorithm with the same platform;
3) decrypting and decrypting the Ms by using a private key of the client by adopting an asymmetric encryption algorithm to obtain (M11| | M22);
4) decrypting M22 by using hashvalue as a key and adopting a symmetric encryption algorithm to obtain temp;
5) calculating R2 ═ temp ^ R1;
6) decrypting the M11 by using R2 'as a key and adopting a symmetric encryption algorithm to obtain R1';
7) if (R1 ═ R1) continue; else authentication fails;
8) adopting a symmetric encryption algorithm, using R2 'as a key, encrypting R2' to obtain M3;
9) m3 is sent to the platform.
6. A method of identity authentication based on zero-knowledge proof and cryptography as claimed in claim 3, wherein the fourth step further comprises:
the platform uses the cached R2 as a key to solve M3 to obtain R2';
if the (R2 ═ R2) verification passes, otherwise the verification fails.
7. An identity authentication system based on zero-knowledge proof and cryptography implementing the identity authentication method based on zero-knowledge proof and cryptography of any one of claims 1 to 6, the identity authentication system based on zero-knowledge proof and cryptography comprising:
the platform initializes the client information, calculates the hashvalue of the PIN code, and verifies the validity and validity of the public key;
and the client performs related information interaction with the platform and simultaneously performs independent calculation, completes verification of the PIN and determines authenticity and validity of the user identity.
8. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:
initializing client information through a platform;
and the client and the platform carry out related information interaction, and the platform and the client independently calculate to finish verification of the PIN and determine the authenticity and the validity of the identity of the client.
9. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
initializing client information through a platform;
and the client and the platform carry out related information interaction, and the platform and the client independently calculate to finish verification of the PIN and determine the authenticity and the validity of the identity of the client.
10. A financial industry cryptographic machine implementing the zero knowledge proof of knowledge and cryptographic technology based identity authentication method of any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010619897.1A CN111817856B (en) | 2020-06-30 | 2020-06-30 | Identity authentication method and system based on zero-knowledge proof and password technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010619897.1A CN111817856B (en) | 2020-06-30 | 2020-06-30 | Identity authentication method and system based on zero-knowledge proof and password technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111817856A true CN111817856A (en) | 2020-10-23 |
CN111817856B CN111817856B (en) | 2023-03-24 |
Family
ID=72856882
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010619897.1A Active CN111817856B (en) | 2020-06-30 | 2020-06-30 | Identity authentication method and system based on zero-knowledge proof and password technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111817856B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114070561A (en) * | 2022-01-17 | 2022-02-18 | 工业信息安全(四川)创新中心有限公司 | Zero-knowledge proof method and system based on SM2 algorithm |
CN114826614A (en) * | 2022-04-22 | 2022-07-29 | 安天科技集团股份有限公司 | Certifiable password library file distributed storage method and device and electronic equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3027177A1 (en) * | 2014-10-13 | 2016-04-15 | Morpho | METHOD OF AUTHENTICATING A CLIENT DEVICE FROM A SERVER USING A SECRET ELEMENT |
CN106789069A (en) * | 2016-12-20 | 2017-05-31 | 中国电子科技集团公司第三十研究所 | A kind of zero-knowledge status authentication method |
CN108769061A (en) * | 2018-06-25 | 2018-11-06 | 北京奇虎科技有限公司 | Login method, login validation method and corresponding device, electronic equipment |
CN110945549A (en) * | 2017-03-15 | 2020-03-31 | 努Id公司 | Method and system for universal storage and access to user-owned credentials for cross-institution digital authentication |
CN111010279A (en) * | 2019-11-29 | 2020-04-14 | 中国人民解放军国防科技大学 | Remote multi-factor authentication protocol based on zero-knowledge proof |
-
2020
- 2020-06-30 CN CN202010619897.1A patent/CN111817856B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR3027177A1 (en) * | 2014-10-13 | 2016-04-15 | Morpho | METHOD OF AUTHENTICATING A CLIENT DEVICE FROM A SERVER USING A SECRET ELEMENT |
CN106789069A (en) * | 2016-12-20 | 2017-05-31 | 中国电子科技集团公司第三十研究所 | A kind of zero-knowledge status authentication method |
CN110945549A (en) * | 2017-03-15 | 2020-03-31 | 努Id公司 | Method and system for universal storage and access to user-owned credentials for cross-institution digital authentication |
CN108769061A (en) * | 2018-06-25 | 2018-11-06 | 北京奇虎科技有限公司 | Login method, login validation method and corresponding device, electronic equipment |
CN111010279A (en) * | 2019-11-29 | 2020-04-14 | 中国人民解放军国防科技大学 | Remote multi-factor authentication protocol based on zero-knowledge proof |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114070561A (en) * | 2022-01-17 | 2022-02-18 | 工业信息安全(四川)创新中心有限公司 | Zero-knowledge proof method and system based on SM2 algorithm |
CN114826614A (en) * | 2022-04-22 | 2022-07-29 | 安天科技集团股份有限公司 | Certifiable password library file distributed storage method and device and electronic equipment |
CN114826614B (en) * | 2022-04-22 | 2024-02-23 | 安天科技集团股份有限公司 | Distributed storage method and device for authenticatable password library file and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN111817856B (en) | 2023-03-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9875368B1 (en) | Remote authorization of usage of protected data in trusted execution environments | |
JP2746352B2 (en) | Secure security communication system and method for communication by a remotely located computer | |
US9294281B2 (en) | Utilization of a protected module to prevent offline dictionary attacks | |
US5604801A (en) | Public key data communications system under control of a portable security device | |
CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
CN109379387B (en) | Safety certification and data communication system between Internet of things equipment | |
US20050289343A1 (en) | Systems and methods for binding a hardware component and a platform | |
US20040230799A1 (en) | Circuit and method for providing secure communications between devices | |
CN110958219B (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
US7693286B2 (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
CN112507296B (en) | User login verification method and system based on blockchain | |
CN111817856B (en) | Identity authentication method and system based on zero-knowledge proof and password technology | |
CN115242553A (en) | Data exchange method and system supporting secure multi-party computation | |
US11386429B2 (en) | Cryptocurrency securing method and device thereof | |
CN113726733B (en) | Encryption intelligent contract privacy protection method based on trusted execution environment | |
CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
WO2023284691A1 (en) | Account opening method, system, and apparatus | |
CN108242997B (en) | Method and apparatus for secure communication | |
US11436351B1 (en) | Homomorphic encryption of secure data | |
WO2011152084A1 (en) | Efficient mutual authentication method, program, and device | |
JP2002247021A (en) | Method and device for displaying access limited contents | |
Thirumalai et al. | Public key encryption for SAFE transfer of one time password | |
CN117118613B (en) | Whole vehicle instrument data security protection method, equipment and readable storage medium | |
CN116599771B (en) | Data hierarchical protection transmission method and device, storage medium and terminal | |
CN117118759B (en) | Method for reliable use of user control server terminal key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |