CN111817856B - Identity authentication method and system based on zero-knowledge proof and password technology - Google Patents
Identity authentication method and system based on zero-knowledge proof and password technology Download PDFInfo
- Publication number
- CN111817856B CN111817856B CN202010619897.1A CN202010619897A CN111817856B CN 111817856 B CN111817856 B CN 111817856B CN 202010619897 A CN202010619897 A CN 202010619897A CN 111817856 B CN111817856 B CN 111817856B
- Authority
- CN
- China
- Prior art keywords
- platform
- client
- information
- pin
- zero
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention belongs to the technical field of identity recognition and authentication, and discloses an identity authentication method and an identity authentication system based on zero-knowledge proof and password technology, which initialize client information through a platform; and the client and the platform carry out related information interaction, and the platform and the client carry out independent calculation respectively to finish verification of the PIN and determine the authenticity and the validity of the identity of the client. The invention adopts a typical zero-knowledge proof model to realize the verification of PIN, namely: client request- > platform issue- > client gives answer. It is no longer a single PIN secure transmission authentication. The invention adopts an asymmetric encryption mode to realize the verification of the client, namely: the server side adopts the public key of the client side to encrypt the transmission information, and the client side with the private key decrypts the original information. The client of the invention uses the random number R1, thereby preventing replay attack. The attack of a hacker adopting off-bank, explosion and injection events can be effectively resisted.
Description
Technical Field
The invention belongs to the technical field of identity recognition and authentication, and particularly relates to an identity authentication method and an identity authentication system based on zero knowledge proof and a password technology.
Background
At present, with the development of internet and mobile internet technologies and applications, the application scenario and environment of user authentication based on PIN are more complicated, for example, in modern banking, personal funds are embodied by bank accounts, the funds in the operation and use accounts must be authorized by the user, and PIN is widely used as authentication and account operation authorization. Usually, a user inputs a personal PIN at a terminal, and the PIN is transmitted to an account management platform for verification, and only after the verification is passed, the related operation of an account can be performed.
The currently commonly used PIN protection method is as follows:
1) The PIN is set and mastered by an individual and cannot be revealed, and usually a user can remember in mind;
2) The PIN input device is provided with special anti-theft and anti-tampering equipment which has certain safety measures and is used for a user to complete PIN input by an application enterprise;
3) PIN usually has several encryption protection methods:
and carrying out special PINBLOCK symmetric encryption and transmitting to the account location in a ciphertext mode. The encryption key is issued by the superior node.
And symmetrically encrypting the PIN and transmitting the PIN to a background in a ciphertext mode. The encryption key is issued to the terminal in dependence on the secure channel.
And symmetrically encrypting the PIN and transmitting the PIN to a background in a ciphertext mode. The encryption key is stored in the usbkey.
And carrying out asymmetric encryption on the PIN, and transmitting the PIN to a background in a ciphertext mode. The encryption is done with the server public key and in the form of a digital envelope.
4) And the background system receives the PIN ciphertext and completes verification and comparison of the PIN in special equipment (such as a cipher machine).
Through the above analysis, the problems and defects of the prior art are as follows:
(1) In the segment encryption mode, the encryption key of the initial node is fixed for a certain period of time.
(2) Each node in the PIN transmission path needs a data encryption and decryption process.
(3) The final verification node-the core system must master the stored encryption key and the previous node shared key.
(4) In the verification process of the PIN, plaintext appears, and although the plaintext only appears in a special device, certain information leakage risks exist, and even the user authentication system is disabled.
The difficulty in solving the above problems and defects is:
in the verification process of the PIN, how to effectively ensure the validity and confidentiality of the information of the PIN;
how to realize encryption and decryption synchronization under the condition that the front end and the back end do not negotiate a key, and the authenticity of the client is ensured.
The significance of solving the problems and the defects is as follows:
the verification of the PIN information is not limited to the information per se, but participates in the verification process as a parameter, and is not a single PIN secret transmission authentication mode.
The authenticity of the client is verified while the authenticity of the PIN is verified, and double-factor verification is realized.
The encryption and decryption algorithms can adopt algorithms of different grades according to the computing power of the client, thereby facilitating the development of services and meeting the safety requirements of authentication.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an identity authentication method and an identity authentication system based on zero-knowledge proof and a password technology.
The invention is realized in this way, an identity authentication method based on zero knowledge proof and cryptographic technology, the identity authentication method based on zero knowledge proof and cryptographic technology includes:
initializing client information through a platform;
and the client and the platform carry out related information interaction, and the platform and the client independently calculate to finish verification of the PIN and determine the authenticity and the validity of the identity of the client.
Further, the method for initializing the client information by the platform comprises the following steps:
i) Leading personal ID, PIN code and public key information into a platform through a client;
ii) the platform calculates the hash value of the PIN code by adopting SM3 or other hash algorithms, and verifies the validity and validity of the public key;
iii) The platform encrypts and stores information such as ID, hashvalue, public key and the like, and does not store the PIN code;
iv) the client saves and protects its own ID, PIN code information and private key.
Further, the method for verifying the PIN and determining the authenticity and validity of the identity of the client comprises the following steps:
firstly, a client generates a random number R1 and caches the random number, and simultaneously sends an ID and the R1 to a platform;
secondly, after the platform receives the ID and the R1, a random number string R2 is generated, the length of the R2 string is 16 bytes, and the R2 is cached; encrypting and sending the obtained encryption information to the client;
thirdly, the client decrypts the encrypted information sent by the platform in the second step, encrypts the decrypted information and sends the encrypted information to the platform;
and fourthly, the platform decrypts and verifies the re-encryption information transmitted by the client side in the third step.
Further, the second step further comprises:
a) After receiving the ID and the R1, the platform generates a random number string R2, wherein the length of the R2 string is 16 bytes, and caches the R2;
b) The platform encrypts R1 by using R2 as a secret key and adopting a symmetric encryption algorithm, such as SM4, to obtain a ciphertext M1;
c) The platform encrypts R1^ R2 by taking hashvalue as a secret key and adopting a symmetric encryption algorithm SM4 to obtain a ciphertext M2;
d) The platform adopts an asymmetric encryption algorithm, such as SM2, and encrypts M1| | | | M2 by using a public key of a user client to obtain Ms;
e) The platform sends the Ms to the user's client.
Further, the third step further comprises:
1) The user inputs a PIN;
2) Calculating the hashvalue of the PIN code by adopting an algorithm which is the same as the platform, such as an SM3 algorithm;
3) Decrypting and decrypting the Ms by using a private key of the client by using an asymmetric encryption algorithm such as SM2 to obtain (M11 | | M22);
4) Decrypting M22 by using hashvalue as a key and adopting a symmetric encryption algorithm, such as SM4, to obtain temp;
5) Calculating R2' = temp ^ R1;
6) Decrypting M11 by using R2 'as a secret key and adopting a symmetric encryption algorithm, such as SM4, to obtain R1';
7) if (R1' = = R1) continue; else authentication fails;
8) Encrypting R2 'by using a symmetric encryption algorithm, such as SM4, and using R2' as a secret key to obtain M3;
9) M3 is sent to the platform.
Further, the fourth step further includes:
the platform uses the cached R2 as a secret key, and decrypts M3 by adopting a symmetric encryption algorithm, such as SM4, to obtain R2';
if (R2' = = R2) the validation passes, otherwise the validation fails.
Another object of the present invention is to provide an identity authentication system based on zero-knowledge proof and cryptography, comprising:
the platform initializes the client information, calculates the hash value of the PIN code by adopting a hash algorithm, such as SM3, and verifies the validity and validity of the public key;
and the client (user client) performs related information interaction with the platform and simultaneously performs independent calculation to complete verification of the PIN and determine the authenticity and the validity of the user identity.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
initializing client information through a platform;
and the client and the platform carry out related information interaction, and the platform and the client independently calculate to finish verification of the PIN and determine the authenticity and the validity of the identity of the client.
It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
initializing client information through a platform;
and the client and the platform carry out related information interaction, and the platform and the client independently calculate to finish verification of the PIN and determine the authenticity and the validity of the identity of the client.
The invention also aims to provide a financial industry cipher machine for implementing the identity authentication method based on zero knowledge proof and cipher technology.
By combining all the technical schemes, the invention has the advantages and positive effects that:
the invention supports the verification based on zero knowledge and password technology for various universal account passwords. The invention adopts a typical zero-knowledge proof model to realize the verification of PIN, namely: client request- > platform issue- > client gives answer. It is no longer a single PIN secure transmission authentication.
The invention adopts an asymmetric encryption mode to realize the verification of the client, namely: the server side adopts the public key of the client side to encrypt the transmission information, and the client side with the private key decrypts the original information.
The information transmitted by the invention is the information obtained by using the hash value of the PIN as the encryption related information of the key, and is not transmitted as a plaintext or ciphertext PIN. Even if an attacker takes the relevant random number and the ciphertext, the principle of the cryptographic algorithm ensures that the PIN cannot be pushed out, so that the protection strength of the PIN is increased.
The client of the invention uses the random number R1, thereby preventing replay attack. The attack of a hacker adopting off-bank, explosion and injection events can be effectively resisted.
The invention adopts zero knowledge proof and password technology, so that any information of the PIN is not exposed in the processing process and the transmission process, the verification of the PIN is realized by the interaction and calculation of random numbers generated by the platform and the client, and the core problems of the safety risk of stealing and revealing the PIN caused by violence dragging a library, bumping the library and the like and the failure of a user authentication system are solved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.
Fig. 1 is a flowchart of an identity authentication method based on zero-knowledge proof and cryptography according to an embodiment of the present invention.
Fig. 2 is a flow chart of PIN verification provided by the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problems in the prior art, the invention provides an identity authentication method and an identity authentication system based on zero-knowledge proof and a cryptographic technology, and the invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the identity authentication method based on zero-knowledge proof and cryptographic technology provided by the present invention includes:
and S101, initializing client information through a platform.
And S102, the client and the platform perform related information interaction, and simultaneously the platform and the client perform independent calculation respectively to complete verification of the PIN and determine the authenticity and the validity of the identity of the client.
Those skilled in the art of identity authentication methods and authentication systems based on zero-knowledge proof and cryptography provided by the present invention may also implement other steps, and the present invention shown in fig. 1 is only one specific embodiment.
In the present invention, in step S101, registration is performed, and when the platform initializes the user information, the following steps are adopted:
1) The user imports personal information, including ID, PIN code, public key, etc., into the platform.
2) And the platform calculates the hash value of the PIN code by adopting SM3 or other hash algorithms, and verifies the validity and validity of the public key.
3) The platform encrypts and stores information such as ID, hashvalue and public key, and does not store the PIN code.
4) The user stores and protects own information such as ID, PIN code and the like, and the client stores and protects own private key.
As shown in fig. 2, step S102 specifically includes:
s201, the client generates and caches a random number R1, and sends the ID and the R1 to the platform.
S202, after the platform receives the ID and the R1, a random number string R2 is generated, the length of the R2 string is 16 bytes, and the R2 is cached; and then encrypting and sending the obtained encryption information to the client.
S203, the client decrypts the encrypted information sent by the platform in the step S202, encrypts the decrypted information and sends the encrypted information to the platform.
And S204, the platform decrypts and verifies the re-encryption information transmitted by the client in the step S203.
In the present invention, step S202 further includes:
1) After receiving the ID and R1, the platform generates a random number string R2, wherein the length of the R2 string is 16 bytes, and buffers the R2.
2) The platform encrypts R1 by using R2 as a secret key and adopting a symmetric encryption algorithm, such as SM4, to obtain a ciphertext M1.
3) The platform uses hashvalue as a secret key, and adopts a symmetric encryption algorithm, such as SM4, to encrypt R1^ R2 to obtain a ciphertext M2.
4) The platform adopts an asymmetric encryption algorithm, such as SM2, and encrypts M1| M2 by using a public key of the user client to obtain Ms.
5) The platform sends the Ms to the user's client.
In the present invention, step S203 further includes:
9) The user inputs a PIN;
10 ) calculates hash value of the PIN code using the same algorithm as the platform, such as SM3 algorithm or other hash algorithm;
11 Using an asymmetric encryption algorithm, such as SM2, to decrypt Ms using the client's private key, resulting in (M11. I M22)
12 M22 is decrypted by using hashvalue as a key and a symmetric encryption algorithm, such as SM4, to obtain temp;
13 Calculating R2' = temp ^ R1;
14 M11 is decrypted using R2 'as the key using a symmetric encryption algorithm, e.g., SM4, to yield R1'.
15 If (R1' = = R1) continue; else authentication fails;
16 Using a symmetric encryption algorithm, such as SM4, to encrypt R2 'using R2' as a key, resulting in M3;
17 Send M3 to the platform.
In the present invention, step S204 further includes:
1) The platform uses the cached R2 as a secret key and adopts SM4 to solve M3 to obtain R2'.
if (R2' = = R2) validation is passed, otherwise validation fails.
The invention provides an identity authentication system based on zero knowledge proof and cryptographic technology, comprising: and the platform initializes the client information, calculates the hash value of the PIN code by adopting SM3 or other hash algorithms, and verifies the validity and validity of the public key.
And the client performs related information interaction with the platform and simultaneously performs independent calculation, completes verification of the PIN and determines authenticity and validity of the user identity.
Those skilled in the art of identity authentication methods and authentication systems based on zero-knowledge proof and cryptography provided by the present invention may also implement other steps, and the present invention shown in fig. 1 is only one specific embodiment.
In the description of the present invention, "a plurality" means two or more unless otherwise specified; the terms "upper", "lower", "left", "right", "inner", "outer", "front", "rear", "head", "tail", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are only for convenience in describing and simplifying the description, and do not indicate or imply that the device or element referred to must have a particular orientation, be constructed in a particular orientation, and be operated, and thus, should not be construed as limiting the invention. Furthermore, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (7)
1. An identity authentication method based on zero knowledge proof and a password technology is characterized in that the identity authentication method based on zero knowledge proof and the password technology comprises the following steps:
initializing client information through a platform;
the client and the platform carry out related information interaction, and the platform and the client independently calculate at the same time to complete verification of PIN and determine authenticity and validity of the client identity;
the method for verifying the PIN and determining the authenticity and validity of the identity of the client comprises the following steps:
firstly, a client generates a random number R1 and caches the random number R1, and simultaneously sends an ID and the R1 to a platform;
secondly, after the platform receives the ID and the R1, a random number string R2 is generated, the length of the R2 string is 16 bytes, and the R2 is cached; encrypting and sending the obtained encryption information to the client;
thirdly, the client decrypts the encrypted information sent by the platform in the second step, encrypts the decrypted information and sends the encrypted information to the platform;
fourthly, the platform decrypts and verifies the re-encryption information transmitted by the client side in the third step;
the second step further comprises:
a) After receiving the ID and the R1, the platform generates a random number string R2, wherein the length of the R2 string is 16 bytes, and caches the R2;
b) The platform encrypts R1 by using a symmetric encryption algorithm with R2 as a secret key to obtain a ciphertext M1;
c) The platform uses hashvalue as a secret key, and adopts a symmetric encryption algorithm to encrypt R1^ R2 to obtain a ciphertext M2;
d) The platform adopts an asymmetric encryption algorithm, and encrypts M1I M2 by using a public key of a user client to obtain Ms;
e) The platform sends the Ms to the client of the user.
2. The zero-knowledge proof of knowledge and cryptography-based identity authentication method of claim 1, wherein the method of the platform initializing client information comprises:
i) Leading personal ID, PIN code and public key information into a platform through a client;
ii) the platform calculates the hash value of the PIN code by adopting a hash algorithm, and verifies the validity and validity of the public key;
iii) The platform encrypts and stores the ID, hashvalue and public key information without storing the PIN code;
iv) the client saves and protects its own ID, PIN code information and private key.
3. The zero-knowledge proof of knowledge and password technique based identity authentication method of claim 1, wherein the third step further comprises:
1) The user inputs a PIN;
2) Calculating the hashvalue of the PIN code by adopting an algorithm with the same platform;
3) Decrypting and decrypting the Ms by using a private key of the client by adopting an asymmetric encryption algorithm to obtain (M11 | | M22);
4) Decrypting M22 by using a symmetric encryption algorithm by taking hashvalue as a key to obtain temp;
5) Calculating R2' = temp ^ R1;
6) Decrypting M11 by using R2 'as a secret key and adopting a symmetric encryption algorithm to obtain R1';
7) if (R1' = = R1) continue; else authentication fails;
8) Adopting a symmetric encryption algorithm, using R2 'as a secret key, encrypting R2' to obtain M3;
9) M3 is sent to the platform.
4. The zero-knowledge proof of knowledge and password technique based identity authentication method of claim 1, wherein the fourth step further comprises:
the platform uses the cached R2 as a secret key to solve M3 to obtain R2';
if (R2' = = R2) authentication is passed, otherwise authentication fails.
5. An identity authentication system based on zero-knowledge proof and cryptography implementing the identity authentication method based on zero-knowledge proof and cryptography according to any one of claims 1 to 4, wherein the identity authentication system based on zero-knowledge proof and cryptography comprises:
the platform initializes the client information, calculates the hashvalue of the PIN code, and verifies the validity and validity of the public key;
the client side performs related information interaction with the platform and simultaneously performs independent calculation to finish verification of the PIN and determine authenticity and validity of the user identity; the method for verifying the PIN and determining the authenticity and validity of the identity of the client comprises the following steps:
firstly, a client generates a random number R1 and caches the random number, and simultaneously sends an ID and the R1 to a platform;
secondly, after receiving the ID and the R1, the platform generates a random number string R2, wherein the length of the R2 string is 16 bytes, and caches the R2; encrypting and sending the obtained encryption information to the client;
thirdly, the client decrypts the encrypted information sent by the platform in the second step, encrypts the decrypted information and sends the encrypted information to the platform;
fourthly, the platform decrypts and verifies the re-encryption information transmitted by the client side in the third step;
the second step further comprises:
a) After receiving the ID and the R1, the platform generates a random number string R2, wherein the length of the R2 string is 16 bytes, and caches the R2;
b) The platform encrypts R1 by using a symmetric encryption algorithm with R2 as a secret key to obtain a ciphertext M1;
c) The platform uses hashvalue as a secret key, and adopts a symmetric encryption algorithm to encrypt R1^ R2 to obtain a ciphertext M2;
d) The platform adopts an asymmetric encryption algorithm, and encrypts M1I M2 by using a public key of a user client to obtain Ms;
e) The platform sends the Ms to the user's client.
6. A computer arrangement, characterized in that the computer arrangement comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the method of zero-knowledge proof and password-based identity authentication according to any one of claims 1 to 4.
7. A computer-readable storage medium, storing a computer program which, when executed by a processor, causes the processor to perform the method of identity authentication based on zero-knowledge proof and cryptography of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010619897.1A CN111817856B (en) | 2020-06-30 | 2020-06-30 | Identity authentication method and system based on zero-knowledge proof and password technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010619897.1A CN111817856B (en) | 2020-06-30 | 2020-06-30 | Identity authentication method and system based on zero-knowledge proof and password technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111817856A CN111817856A (en) | 2020-10-23 |
| CN111817856B true CN111817856B (en) | 2023-03-24 |
Family
ID=72856882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010619897.1A Active CN111817856B (en) | 2020-06-30 | 2020-06-30 | Identity authentication method and system based on zero-knowledge proof and password technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111817856B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070561A (en) * | 2022-01-17 | 2022-02-18 | 工业信息安全(四川)创新中心有限公司 | Zero-knowledge proof method and system based on SM2 algorithm |
| CN114826614B (en) * | 2022-04-22 | 2024-02-23 | 安天科技集团股份有限公司 | Distributed storage method and device for authenticatable password library file and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR3027177A1 (en) * | 2014-10-13 | 2016-04-15 | Morpho | METHOD OF AUTHENTICATING A CLIENT DEVICE FROM A SERVER USING A SECRET ELEMENT |
| CN106789069A (en) * | 2016-12-20 | 2017-05-31 | 中国电子科技集团公司第三十研究所 | A kind of zero-knowledge status authentication method |
| CN108769061A (en) * | 2018-06-25 | 2018-11-06 | 北京奇虎科技有限公司 | Login method, login validation method and corresponding device, electronic equipment |
| CN110945549A (en) * | 2017-03-15 | 2020-03-31 | 努Id公司 | Method and system for universal storage and access to user-owned credentials for cross-institution digital authentication |
| CN111010279A (en) * | 2019-11-29 | 2020-04-14 | 中国人民解放军国防科技大学 | Remote multi-factor authentication protocol based on zero-knowledge proof |
-
2020
- 2020-06-30 CN CN202010619897.1A patent/CN111817856B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR3027177A1 (en) * | 2014-10-13 | 2016-04-15 | Morpho | METHOD OF AUTHENTICATING A CLIENT DEVICE FROM A SERVER USING A SECRET ELEMENT |
| CN106789069A (en) * | 2016-12-20 | 2017-05-31 | 中国电子科技集团公司第三十研究所 | A kind of zero-knowledge status authentication method |
| CN110945549A (en) * | 2017-03-15 | 2020-03-31 | 努Id公司 | Method and system for universal storage and access to user-owned credentials for cross-institution digital authentication |
| CN108769061A (en) * | 2018-06-25 | 2018-11-06 | 北京奇虎科技有限公司 | Login method, login validation method and corresponding device, electronic equipment |
| CN111010279A (en) * | 2019-11-29 | 2020-04-14 | 中国人民解放军国防科技大学 | Remote multi-factor authentication protocol based on zero-knowledge proof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111817856A (en) | 2020-10-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9875368B1 (en) | Remote authorization of usage of protected data in trusted execution environments | |
| CN106664206B (en) | Efficient method for authenticated communication | |
| CN109379387B (en) | Safety certification and data communication system between Internet of things equipment | |
| US9294281B2 (en) | Utilization of a protected module to prevent offline dictionary attacks | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| JP2746352B2 (en) | Secure security communication system and method for communication by a remotely located computer | |
| US20050289343A1 (en) | Systems and methods for binding a hardware component and a platform | |
| US20060195402A1 (en) | Secure data transmission using undiscoverable or black data | |
| US20040230799A1 (en) | Circuit and method for providing secure communications between devices | |
| US20050283826A1 (en) | Systems and methods for performing secure communications between an authorized computing platform and a hardware component | |
| US7693286B2 (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| US9473299B2 (en) | Dual-party session key derivation | |
| CN110958219A (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
| CN112507296B (en) | User login verification method and system based on blockchain | |
| US11386429B2 (en) | Cryptocurrency securing method and device thereof | |
| CN111817856B (en) | Identity authentication method and system based on zero-knowledge proof and password technology | |
| WO2023151427A1 (en) | Quantum key transmission method, device and system | |
| CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
| CN115242553A (en) | Data exchange method and system supporting secure multi-party computation | |
| US11436351B1 (en) | Homomorphic encryption of secure data | |
| WO2023284691A1 (en) | Account opening method, system, and apparatus | |
| CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
| CN108242997B (en) | Method and apparatus for secure communication | |
| WO2011152084A1 (en) | Efficient mutual authentication method, program, and device | |
| CN112422280A (en) | Man-machine control interaction method, interaction system, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |