CN113038465A - Certificate-free condition privacy protection authentication scheme capable of being revoked in WBANs - Google Patents

Abstract

The application discloses a revocable certificateless condition privacy protection authentication scheme in WBANs, which comprises a system initialization stage, an authentication stage and a revocation stage between a client and an AP, wherein the system initialization stage comprises public parameter generation and user registration, public parameter production is used for generating system parameters through NM, so that data establishment is facilitated, the user registration is used for submitting real identity information and facilitating generation and sending of a public key and a private key, the authentication stage between the client and the AP comprises identity authentication and session key establishment, the identity authentication is used for authenticating whether the identity between the client and the AP is legal or not, the session key establishment is used for enhancing the confidentiality strength of body information of a patient, and the revocation stage comprises revealing the real identity of the user and revoking a malicious user. According to the scheme, the legality of the doctor and the patient is ensured, the authentication cost is reduced, and meanwhile the timely efficiency and the calculation efficiency of user revocation are improved.

Description

Certificate-free condition privacy protection authentication scheme capable of being revoked in WBANs

Technical Field

The application relates to the technical field of security privacy protection in modern healthcare systems, in particular to a certificate-free conditional privacy protection authentication scheme which can be revoked in WBANs.

Background

As a part of modern medical systems, with the rapid development of wireless communication, sensors and network technologies, a wireless body area network was proposed as a part of a health care system in 1996, a WBAN is an ad hoc network formed of low power medical sensors worn around the body and embedded in the body, which can monitor biological information of blood pressure, heart rate, pulse, etc. of a patient in real time through the sensors and then transmit the information to a remote medical server through a mobile device, and a remote doctor or a specialist can provide a correct diagnosis plan for the patient according to the information.

As a basis of medical diagnosis, personal biometric information collected by WBANs, which are operated in a wireless communication environment, is very important and sensitive, and thus how to protect personal privacy and data security is an important problem to be solved, in recent years, many anonymous authentication schemes have been proposed to provide authentication and privacy protection while also ensuring confidentiality, integrity and non-repudiation by using a shared key, however, existing schemes generally have high authentication costs, many of which are not high in computational efficiency and revocation efficiency and do not revoke users from WBANs in time.

Disclosure of Invention

The main objective of the present application is to provide a revocable certificateless conditional privacy protection authentication scheme in WBANs, so as to improve the problems that the existing schemes in the related art have high authentication cost, and many schemes have low computation efficiency and revocation efficiency, and cannot revoke users from WBANs in time.

To achieve the above object, the present application provides a revocable certificateless conditional privacy protection authentication scheme in WBANs, which includes a system initialization phase, an authentication phase between a client and an AP, and a revocation phase.

The system initialization stage is connected with the authentication stage signal between the client and the AP, and the authentication stage between the client and the AP is connected with the revocation stage signal.

The system initialization stage comprises public parameter generation and user registration;

the common parameter production is used for generating system parameters through NM, thereby facilitating the establishment of data;

the user registration is used for submitting real identity information, so that a public key and a private key can be generated and sent conveniently;

the authentication stage between the client and the AP comprises identity authentication and establishment of a session key;

the identity authentication is used for authenticating whether the identity between the client and the AP is legal or not;

the establishment of the session key is used for enhancing the confidentiality strength of the body information of the patient and reducing the risk of information leakage;

the revocation phase comprises revealing the real identity of a user and revoking a malicious user;

the true identity of the user is used for verifying the true identity and the false identity of the user through NM and revealing a malicious user;

and the malicious user revocation is used for revoking the legal identity of the malicious user.

In one embodiment of the present application, the system initialization phase includes the steps of:

s1, generating parameters, wherein NM is responsible for generating system parameters;

s2, registering the user, submitting the true identity to NM by the user (including client C and AP), generating a public and private key pair after NM verifies the validity, wherein the private key is sent to the user through a secure channel, and the public key is published to the outside.

In one embodiment of the present application, the parameter generation comprises the steps of:

s1, NM randomly selects two large elements p, q number, and one is defined as y²＝x³Nonsingular elliptic curves E of + ax + b mod q (where a, b ∈ F)_P) And in group G_qRandomly selecting a generating element P;

s2, NM random selection

As the system master key, calculate the system public key P_pub＝s_NM P；

S3, NM selects several safe hash functions:

s4, selecting one RC in the ith area randomly

As the region private key, calculate the region public key Q_i＝s_iP；

S5, common parameter Δ ═ P, P of NM broadcasting system_pub,H_i}。

In one embodiment of the present application, the user registration includes the following steps:

s1, selecting randomly by client C

As its own partial private key and by calculating X_C＝x_CP gets the public key X_CIdentify its true identity ID_CAnd public key X_CSubmitting to NM, verifying validity of identity by NM, if valid, NM generating another public key Y_CAnd another partial private key y_CWhere NM selects a random number

And calculates id_C＝H₀(r_C,ID_C,X_C),Y_C＝r_CP,y_C＝r_AC+h_Cs_NMWherein h is_C＝H₁(ID_C,X_C,Y_C,P_pub) Wherein Y is_CPublic issuing of private key y to the outside_CSending the information to a client C through a secure channel, and informing the RC of the area where the C is located, wherein the C can check y_Cp＝Y_C+h_Cp_pubChecking for correctness is carried out, where h_C＝H₁(ID_C,X_C,Y_C,P_pub) RC utilizes public key X of C_CEncryption zone private key S_iAnd sending to C;

s2, randomly selecting application server AP

As its own partial private key, and obtaining public key X by calculation_APIdentify its true identity ID_APRegion of idA_iAnd X_APSubmitted to NM, NM generates another public key Y after verifying legality_APAnd another partial private key y_APWherein the public key Y_APPublic issuing of private key y to the outside_APAnd sending the data to a remote server AP through a secure channel.

In an embodiment of the application, the client C sends a verification message to the application server AP to verify whether the AP is legal, and after the verification, the AP sends a verification message to the application server AP to verify whether the AP is legal, and if the mutual verification between the AP and the application server AP is successful, the public session key can be obtained, and then the transmission of the encrypted information can be performed.

In one embodiment of the present application, the identity authentication includes the following steps:

s1, C utilizes its own partial private key X_CWith part of the private key y_CObtain the complete private key z_C；

S2, C utilizes its own private key z_CAnd a region private key s_iSigning verification information, sending verification information to a target AP, verifying the target AP through a public key and a regional public key, if the verification is passed, indicating that the identity of the C is legal, repeating the behavior of the C by the AP, sending the verification information to the target C, and if the verification is passed, indicating that the identity of the AP is legal.

In one embodiment of the present application, the establishment of the session key includes the following steps:

s1, after mutual authentication between C and AP, the session Key Key can be obtained_i，Key_i＝H₃(id_AP,id_C,U_i) At this time, a trust mechanism is established between the client C and the AP;

s2, client C can use the symmetric Key Key_iThe encrypted body monitoring information is transmitted to the application server AP.

In an embodiment of the present application, when a malicious user appears, the NM reveals the true identity of the user, and notifies the revocation center RC of the area where the user is located, and the RC revokes the legitimate identity of the user.

In one embodiment of the present application, said revealing the true identity of the user comprises the steps of:

s1, true identity ID of the user_CGenerating pseudonym ids_CTrue identity ID of AP_APGenerating pseudonym ids_AP，id_AP＝H₀(r_AP,ID_AP,X_AP) The NM can thus obtain the true identities of C and AP by the user's pseudonym, since both C and AP need to submit their true identities to the NM during the registration phase.

In an embodiment of the present application, the revoking of the malicious user includes the following steps:

s1, after receiving the information, RC will private key S_iUpdated to a new private key S'_iAnd corresponding public key Q'_iBy broadcasting a new public key Q'_iNew key after encryption with public key of each legal user in the area

After obtaining the information, the legal user uses the private key to decrypt and obtain the latest area private key S'_iCarrying out signature;

s2, malicious user can not obtain new region private key S_i', only the original region private key S can be used_iA signature is made whose authentication cannot be verified.

Compared with the prior art, the beneficial effects of this application are: through the above-designed certificate-free condition privacy protection authentication scheme capable of being revoked in WBANs, when the scheme is used, a safe mode is provided for WBAN, the safety and privacy requirements of WBAN are met, so that a doctor and a patient are guaranteed to be legal, the authentication process between the doctor and the patient is more timely through no bilinear pairing operation, the authentication cost and the calculation cost are reduced, and malicious users are timely revoked through revocation centers set in a plurality of areas divided in an application program scene, so that the effect of quickly revoking the malicious users is realized.

Drawings

Fig. 1 is a system model diagram of a revocable certificateless conditional privacy preserving authentication scheme in WBANs according to an embodiment of the present application;

fig. 2 is a diagram illustrating a user registration phase process of a revocable certificateless conditional privacy preserving authentication scheme in WBANs according to an embodiment of the present application;

fig. 3 is a process diagram of the identity verification and session key generation phases of a revocable certificateless conditional privacy preserving authentication scheme in WBANs according to an embodiment of the application;

fig. 4 is a process diagram of a revocation phase of a revocable certificateless conditional privacy-preserving authentication scheme in WBANs, provided according to an embodiment of the present application.

Detailed Description

In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

In this application, the terms "upper", "lower", "left", "right", "front", "rear", "top", "bottom", "inner", "outer", "middle", "vertical", "horizontal", "lateral", "longitudinal", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings. These terms are used primarily to better describe the present application and its embodiments, and are not used to limit the indicated devices, elements or components to a particular orientation or to be constructed and operated in a particular orientation.

Moreover, some of the above terms may be used to indicate other meanings besides the orientation or positional relationship, for example, the term "on" may also be used to indicate some kind of attachment or connection relationship in some cases. The specific meaning of these terms in this application will be understood by those of ordinary skill in the art as appropriate.

In addition, the term "plurality" shall mean two as well as more than two.

It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.

Example 1

Referring to fig. 1-4, the present application provides a revocable certificateless conditional privacy protection authentication scheme in WBANs, which includes a system initialization phase, an authentication phase between a client and an AP, and a revocation phase, wherein the system mainly includes four participants, respectively: a Network Manager (NM), a Revocation Center (RC), WBANs clients (C) and application servers (AP), wherein NM is the registration center of AP and C, which is considered fully trusted; NM one function is to generate system parameters and provide part of private key of C and part of private key of AP, another function is to add malicious user to revocation list and notify RC of area where malicious user is located when discovering malicious user; the RC has a main function of updating the public and private keys of the area and broadcasting them when receiving the revocation notification of the NM; c is a mobile device, which is used for acquiring biological information of blood pressure, heart rate, pulse and the like of a patient in real time through a sensor and then sending the information to a remote application server AP; an AP is an application server representing a remote server, such as a medical system of a hospital or clinic, a doctor's medical office providing medical services.

The system initialization stage is connected with the authentication stage signal between the client and the AP, and the authentication stage between the client and the AP is connected with the revocation stage signal.

The system initialization stage comprises public parameter generation and user registration;

the common parameter production is used for generating system parameters through NM, thereby facilitating the establishment of data;

the user registration is used for submitting real identity information, so that a public key and a private key can be generated and sent conveniently;

the authentication stage between the client and the AP comprises identity authentication and establishment of a session key;

the identity authentication is used for authenticating whether the identity between the client and the AP is legal or not;

the establishment of the session key is used for enhancing the confidentiality strength of the body information of the patient and reducing the risk of information leakage;

the revocation phase comprises revealing the real identity of a user and revoking a malicious user;

the true identity of the user is used for verifying the true identity and the false identity of the user through NM and revealing a malicious user;

and the malicious user revocation is used for revoking the legal identity of the malicious user.

The system initialization phase comprises the following steps:

s1, generating parameters, wherein NM is responsible for generating system parameters;

s2, registering the user, submitting the true identity to NM by the user (including client C and AP), generating a public and private key pair after NM verifies the validity, wherein the private key is sent to the user through a secure channel, and the public key is published to the outside.

The parameter generation comprises the following steps:

s1, NM randomly selects two large elements p, q number, and one is defined as y²＝x³Nonsingular elliptic curve E of + ax + bmod (where a, b ∈ F)_P) And in group G_qRandomly selecting a generating element P;

s2, NM random selection

As the system master key, calculate the system public key P_pub＝s_NMP；

S3, NM selects several safe hash functions:

s4, selecting one RC in the ith area randomly

As the region private key, calculate the region public key Q_i＝s_iP；

S5, common parameter Δ ═ P, P of NM broadcasting system_pub,H_i}。

The user registration comprises the following steps:

s1, selecting randomly by client C

As its own partial private key and by calculating X_C＝x_CP gets the public key X_CIdentify its true identity ID_CAnd public key X_CSubmitting to NM, verifying validity of identity by NM, if valid, NM generating another public key Y_CAnd another partial private key y_CWhere NM selects a random number

And calculates id_C＝H₀(r_C,ID_C,X_C),Y_C＝r_CP,y_C＝r_AC+h_Cs_NMWherein h is_C＝H₁(ID_C,X_C,Y_C,P_pub) Wherein Y is_CPublic issuing of private key y to the outside_CSending the information to a client C through a secure channel, and informing the RC of the area where the C is located, wherein the C can check y_Cp＝Y_C+h_Cp_pubChecking for correctness is carried out, where h_C＝H₁(ID_C,X_C,Y_C,P_pub) RC utilizes public key X of C_CEncryption zone private key S_iAnd sending to C;

s2, randomly selecting application server AP

As its own partial private key, and obtaining public key X by calculation_APIdentify its true identity ID_APRegion of idA_iAnd X_APSubmitted to NM, NM generates another public key Y after verifying legality_APAnd another partPrivate key division y_APWherein the public key Y_APPublic issuing of private key y to the outside_APAnd sending the data to a remote server AP through a secure channel.

And sending a verification message to the application server AP through the client C to verify whether the verification is legal or not, sending the verification message to the application server AP again to verify whether the verification is legal or not after the verification is legal, obtaining a public session key if the mutual verification between the AP and the client C is successful, and at the moment, establishing a trust mechanism between the client C and the AP to transmit encrypted information.

The identity authentication comprises the following steps:

s1, C utilizes its own partial private key X_CWith part of the private key y_CObtain the complete private key z_C；

S2, C utilizes its own private key z_CAnd a region private key s_iSigning verification information, sending verification information to a target AP, verifying the target AP through a public key and a regional public key, if the verification is passed, indicating that the identity of the C is legal, repeating the behavior of the C by the AP, sending the verification information to the target C, and if the verification is passed, indicating that the identity of the AP is legal;

in this embodiment, before the authentication stage, the RC issues the encrypted local private key s according to the revocation list and using the public key of the valid user in the area_iAnd broadcasts the region public key Q_iThen the user can obtain s through own private key_iLet C region private key be s_iThe public key is Q_iThe AP area private key is s_jThe AP area public key is Q_j(ii) a To access a target AP, C obtains the AP area public key Q_jAnd AP's public key X_APAnd selecting a random number

Calculate h_i＝H₂(V_i,Q_i,X_C,Y_C,tt_i)，k_i＝H₃(V_i,U_i,tt_i) Encrypting to obtain W_i＝E_ki(v_i,id_C),tt_iV_i＝a_iP,U_i＝a_iX_AP,v_i＝α_i+y_C+h_i(s_i+x_C) Setting the time stamp as the current time stamp, E as the encryption function of symmetric encryption, and finally sending verification information { W }_i,V_i,tt_iGiving the AP; upon receipt of the signed message W_i,V_i,tt_iAt this time, the AP calculates U_i＝x_APV_i，k_i＝H₃(V_i,U_i,tt_i) Decrypted to obtain

D is a decryption function of symmetric encryption, and h is calculated_C＝H₁(id_C,X_C,Y_C,P_pub),h_i＝H₂(V_i,Q_i,X_C,Y_C,tt_i) And checking the equation (1) v by AP_iP＝V_i+h_iX_C+Y_C+h_CP_pub+h_iQ_iIf (1) is true, the AP selects a random number

And calculating V'_i＝β_iP,U′_i＝β_iV_i，v′_i＝β′_i+y_AP+h′_i(x_AP+s_j) Wherein

Then { W'_i,V′_i,tt_iSending to the client C, the session Key is the Key between the AP and the C_i＝H₃(id_AP,id_C,U′_i) (ii) a Receiving signature information { W'_i,V′_i,tt_iIn time, C calculates U'_i＝α_iV′_i，k′_i＝H₃(V′_i,U′_i,tt_i) To give v'_j，

And calculate h_AP＝H₁(id_AP,X_AP,Y_AP,P_pub),h′_i＝H₂(V′_i,Q_j,X_AP,Y_AP,tt_i) Checking equation (2) v 'by C'_iP＝V′_i+h′_iX_C+Y_C+h_CP_pub+h′_iQ_jAnd if yes, carrying out the next step.

The establishment of the session key comprises the following steps:

s1, after mutual authentication between C and AP, the session Key Key can be obtained_i，Key_i＝H₃(id_AP,id_C,U_i) At this time, a trust mechanism is established between the client C and the AP;

s2, client C can use the symmetric Key Key_iThe encrypted body monitoring information is transmitted to the application server AP.

When a malicious user appears, NM reveals the real identity of the user, informs a revocation center RC of the area where the user is located, and revokes the legal identity of the user through RC.

The revealing of the true identity of the user comprises the following steps:

s1, true identity ID of the user_CGenerating pseudonym ids_CTrue identity ID of AP_APGenerating pseudonym ids_AP，id_AP＝H₀(r_AP,ID_AP,X_AP) The NM can thus obtain the true identities of C and AP by the user's pseudonym, since both C and AP need to submit their true identities to the NM during the registration phase.

The method for revoking the malicious user comprises the following steps:

s1, after receiving the information, RC will private key S_iUpdated to a new private key S'_iAnd corresponding public key Q'_iBy broadcasting a new public key Q_i' New Key encrypted with public Key of every legal user in the area

After obtaining the information, the legal user uses the private key to decrypt and obtain the latest area private key S'_iCarrying out signature;

s2, malicious user can not obtain new region private key S'_iUsing only the original local private key S_iA signature is made whose authentication cannot be verified.

Specifically, the working principle of the revocable certificateless conditional privacy protection authentication scheme in WBANs is as follows: when the method is used, a safe mode is provided for the WBAN, the safety and privacy requirements of the WBAN are met, so that a doctor and a patient are ensured to be legal, the authentication process between the doctor and the patient is more timely by no bilinear pairing operation, the authentication cost and the calculation cost are reduced, and meanwhile, malicious users are timely cancelled through cancellation centers set in a plurality of areas divided in an application program scene, so that the effect of quickly cancelling the malicious users is realized.

The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. A certificate-free conditional privacy protection authentication scheme revocable in WBANs, characterized by comprising a system initialization phase, an authentication phase and a revocation phase between a client and an AP;

the system initialization stage is connected with the authentication stage signal between the client and the AP, and the authentication stage between the client and the AP is connected with the revocation stage signal;

the system initialization stage comprises public parameter generation and user registration;

the common parameter production is used for generating system parameters through NM, thereby facilitating the establishment of data;

the user registration is used for submitting real identity information, so that a public key and a private key can be generated and sent conveniently;

the authentication stage between the client and the AP comprises identity authentication and establishment of a session key;

the identity authentication is used for authenticating whether the identity between the client and the AP is legal or not;

the establishment of the session key is used for enhancing the confidentiality strength of the body information of the patient and reducing the risk of information leakage;

the revocation phase comprises revealing the real identity of a user and revoking a malicious user;

the true identity of the user is used for verifying the true identity and the false identity of the user through NM and revealing a malicious user;

and the malicious user revocation is used for revoking the legal identity of the malicious user.

2. A certificateless conditional privacy preserving certification scheme revocable in WBANs according to claim 1, wherein the system initialization phase comprises the steps of:

s1, generating parameters, wherein NM is responsible for generating system parameters;

s2, registering the user, submitting the true identity to NM by the user (including client C and AP), generating a public and private key pair after NM verifies the validity, wherein the private key is sent to the user through a secure channel, and the public key is published to the outside.

3. A certificateless conditional privacy preserving certification scheme revocable in WBANs according to claim 2, wherein said parameter generation comprises the steps of:

s1, NM randomly selects two large elements p, q number, and one is defined as y²＝x³Nonsingular elliptic curves E of + ax + b mod q (where a, b ∈ F)_P) And in group G_qRandomly selecting a generating element P;

s2, NM random selection

As the system master key, calculate the system public key P_pub＝s_NMP；

S3, NM selects several safe hash functions:

s4, selecting one RC in the ith area randomly

As the region private key, calculate the region public key Q_i＝s_iP；

S5, common parameter Δ ═ P, P of NM broadcasting system_pub,H_i}。

4. A certificateless conditional privacy preserving certification scheme revocable in WBANs according to claim 2, wherein said user registration comprises the steps of:

s1, selecting randomly by client C

As its own partial private key and by calculating X_C＝x_CP gets the public key X_CIdentify its true identity ID_CAnd public key X_CSubmitting to NM, verifying validity of identity by NM, if valid, NM generating another public key Y_CAnd another partial private key y_CWhere NM selects a random number

And calculates id_C＝H₀(r_C,ID_C,X_C),Y_C＝r_CP,y_C＝r_AC+h_Cs_NMWherein h is_C＝H₁(ID_C,X_C,Y_C,P_pub) Wherein Y is_CPublic issuing of private key y to the outside_CSending the information to a client C through a secure channel, and informing the RC of the area where the C is located, wherein the C can check y_Cp＝Y_C+h_Cp_pubGo on toChecking the correctness, wherein h_C＝H₁(ID_C,X_C,Y_C,P_pub) RC utilizes public key X of C_CEncryption zone private key S_iAnd sending to C;

s2, randomly selecting application server AP

As its own partial private key, and obtaining public key X by calculation_APIdentify its true identity ID_APRegion of idA_iAnd X_APSubmitted to NM, NM generates another public key Y after verifying legality_APAnd another partial private key y_APWherein the public key Y_APPublic issuing of private key y to the outside_APAnd sending the data to a remote server AP through a secure channel.

5. The privacy protection and authentication scheme for revocable certificateless conditions in WBANs as claimed in claim 1, wherein the client C sends a verification message to the application server AP to verify whether it is legal, after verifying that it is legal, the AP sends a verification message to C to verify whether it is legal, if the AP and C verify each other successfully, the public session key is obtained, and at this time, the C and AP establish a trust mechanism to enable the transmission of encrypted information.

6. A certificateless conditional privacy preserving authentication scheme revocable in WBANs according to claim 5, wherein the identity authentication comprises the steps of:

s1, C utilizes its own partial private key X_CWith part of the private key y_CObtain the complete private key z_C；

S2, C utilizes its own private key z_CAnd a region private key s_iSigning verification information, sending verification information to a target AP, verifying the target AP through a public key and a regional public key, if the verification is passed, indicating that the identity of the C is legal, repeating the behavior of the C by the AP, sending the verification information to the target C, and if the verification is passed, indicating that the identity of the AP is legal.

7. A certificateless conditional privacy preserving authentication scheme revocable in WBANs according to claim 5, wherein said establishment of session keys comprises the steps of:

s1, after mutual authentication between C and AP, the session Key Key can be obtained_i，Key_i＝H₃(id_AP,id_C,U′_i) At this time, a trust mechanism is established between the client C and the AP;

s2, client C can use the symmetric Key Key_iThe encrypted body monitoring information is transmitted to the application server AP.

8. A revocable certifiess conditional privacy protection certification scheme in WBANs according to claim 1, characterized in that when a malicious user appears, NM reveals the true identity of the user and informs the revocation center RC of the area where the user is located, by which RC the legitimate identity of the user is revoked.

9. A certificateless conditional privacy preserving certification scheme revocable in WBANs according to claim 8, wherein said revealing the true identity of the user comprises the steps of:

s1, true identity ID of the user_CGenerating pseudonym ids_CTrue identity ID of AP_APGenerating pseudonym ids_AP，id_AP＝H₀(r_AP,ID_AP,X_AP) The NM can thus obtain the true identities of C and AP by the user's pseudonym, since both C and AP need to submit their true identities to the NM during the registration phase.

10. A certificateless conditional privacy preserving certification scheme that is revocable in WBANs according to claim 8, wherein said revoking of malicious users comprises the steps of:

s1, after receiving the information, RC will private key S_iUpdated to a new private key S'_iAnd corresponding public key Q'_iBy broadcasting a new public key Q'_iNew key after encryption with public key of each legal user in the area

After obtaining the information, the legal user uses the private key to decrypt and obtain the latest area private key S'_iCarrying out signature;

s2, malicious user can not obtain new region private key S'_iUsing only the original local private key S_iA signature is made whose authentication cannot be verified.

Images