CN113987451B - Security authentication method and system for notebook terminal equipment - Google Patents
Security authentication method and system for notebook terminal equipment Download PDFInfo
- Publication number
- CN113987451B CN113987451B CN202111606869.7A CN202111606869A CN113987451B CN 113987451 B CN113987451 B CN 113987451B CN 202111606869 A CN202111606869 A CN 202111606869A CN 113987451 B CN113987451 B CN 113987451B
- Authority
- CN
- China
- Prior art keywords
- information
- authentication information
- parameter
- authentication
- identity information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
Abstract
The invention relates to a security authentication method and system for notebook terminal equipment. The method comprises the steps of introducing the pseudonym to ensure the identity security of the notebook terminal, and updating the secret parameters after the notebook terminal is authenticated, so that the security of authentication is ensured. The notebook terminal device generates corresponding secret parameters and PUF secret values by registering with the server, and then encrypts by a three-factor authentication mode and introducing a bilinear mapping algorithm and a PUF, and the encryption of the mode can reach higher security level. The method is based on the session key generated by the secret value and the updated secret value, and the session key is generated by the notebook terminal device and the server respectively, so that the security of the session key is ensured, and the problem of forward and backward security of the session key can be solved. The invention can improve the communication safety of the notebook terminal equipment and ensure the privacy safety.
Description
Technical Field
The invention relates to the field of information security, in particular to a security authentication method and system for notebook terminal equipment.
Background
With the development of computer technology, the popularization of various internet terminal devices, and the vigorous development of various sensitive applications on the internet, the problem of user privacy becomes more and more important, and the wide attention of people is attracted.
In addition, with the rapid development of mobile application technology, mobile lightweight devices that are affordable, portable, and lightweight are becoming very popular. The notebook terminal equipment can access the cloud server to carry out online payment. Therefore, the notebook terminal equipment brings convenience to our life. However, in a specific environment, some notebook terminal devices (LTE) need to connect to a specific network (private network) for communication, and therefore, the notebook terminal devices need to be authenticated, and connected to the network for information transmission.
Therefore, it is necessary to design an authentication key protocol suitable for the notebook mobile device.
Disclosure of Invention
The invention aims to provide a security authentication method and a security authentication system for notebook terminal equipment, which can improve the communication security of the notebook terminal equipment and ensure the privacy security.
In order to achieve the purpose, the invention provides the following scheme:
a security authentication method of a notebook terminal device comprises the following steps:
initializing a Server (Server, S), determining system parameters of the Server, and publishing; the system parameters include: the method comprises the steps of prime order, a first group and a second group determined according to the prime order, the relation between the first group and the second group, a public key, a first hash function, a second hash function, a first parameter and a second parameter; the first parameter is used for multiplying the random number to determine a public key; the second parameter is determined according to the relationship between the first group and the second group, the first parameter and the random number;
the notebook terminal equipment is registered on the server, and the server generates corresponding identity information; and storing the identity information in a database;
the server selects the pseudonym information and the response parameter, and then determines first identity information and second identity information according to the system parameter; determining first information according to the first identity information, the second identity information, the pseudonym information and corresponding parameters and sending the first information to the smart card; the first information and the identity information are sent to the notebook terminal equipment;
the notebook terminal equipment determines a first terminal parameter by using a physical unclonable function and a response parameter; determining an input key according to the first terminal parameter and the first parameter; further sending the input key and the fingerprint to the smart card;
the smart card determines a biological characteristic key pair according to the fingerprint and a biological characteristic key extraction algorithm; the biological characteristic key pair comprises a biological characteristic private key and a biological characteristic public key;
the intelligent card determines first authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining second authentication information according to the first identity information and the first authentication information; determining third authentication information according to the second authentication information and the second identity information; determining fourth authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; storing the pseudonym information, the third authentication information, the second authentication information, the fourth authentication information, the biological characteristic private key and the response parameter in the smart card; the first terminal parameter is sent to a server through a secure channel, and the server stores the pseudonym information and the first terminal parameter;
the notebook terminal equipment logs in the intelligent card according to the identity information, the input key and the fingerprint;
the smart card determines a biological characteristic private key according to the fingerprint, the biological characteristic public key and a biological characteristic key copying algorithm; determining a first terminal parameter according to the physical unclonable function and the response parameter; determining first generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining first identity information according to the first generated authentication information and the second authentication information; determining fourth generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; further judging whether the fourth generated authentication information is equal to the fourth authentication information; if yes, continuing authentication; if not, refusing to log in;
randomly selecting a timestamp by the notebook equipment terminal; determining second identity information according to the third authentication information, the first generation authentication information and the biological characteristic private key; then, randomly selecting an authentication random number, and determining fifth authentication information according to the authentication random number and system parameters; determining sixth authentication information according to the fifth authentication information, the second identity information and the identity information; determining seventh authentication information according to the first hash function, the pseudonym information, the identity information, the second identity information, the fifth authentication information, the first terminal parameter and the timestamp; sending the pseudonym information, the sixth authentication information, the seventh authentication information, the third authentication information and the timestamp to a server;
the server verifies the timestamp, and after the timestamp passes verification, corresponding pseudonym information and first terminal parameters are determined according to the pseudonym information; determining fifth generation authentication information according to the system parameters and the third authentication information; determining second identity information according to the system parameters and the pseudonym information; determining identity information according to the sixth authentication information, the fifth generated authentication information and the second identity information; inquiring whether the determined identity information is in a database; when the determined identity information is in the database, continuing authentication; then, determining seventh generation authentication information according to the first hash function, the pseudonym information, the determined identity information, the second identity information, the fifth generation authentication information, the first terminal parameter and the timestamp; further verifying whether the seventh generated authentication information is equal to the stored seventh authentication information; when the seventh generated authentication information is equal to the stored seventh authentication information, continuing authentication; then, the server randomly selects a timestamp and a second parameter, and determines a first server parameter and a second server parameter; the pseudonym information is updated, and then the updated first identity information and the updated second identity information are calculated; determining eighth verification information according to the updated first identity information, the updated second identity information, the updated pseudonym information and the updated response parameters; determining ninth authentication information according to the second hash function, the updated kana information, the determined identity information, the second identity information, the updated first identity information, the updated second identity information, the second server parameter, the fifth generation authentication information and the first terminal parameter; determining tenth authentication information according to the first hash function, the updated kana information, the determined identity information, the ninth verification information, the first terminal parameter and the timestamp randomly selected by the server; sending the first server parameter, the eighth authentication information, the tenth authentication information and the server random selection timestamp to the notebook terminal equipment;
the notebook terminal equipment randomly selects a timestamp for verification on the server, and determines a first terminal parameter according to a physical unclonable function after the verification is passed; further determining a second generation server parameter, ninth generation authentication information and tenth generation authentication information; judging whether the tenth generated authentication information is equal to the tenth authentication information; when the tenth generated authentication information is equal to the tenth authentication information, the session key of the notebook terminal device is equal to the session key of the server;
the notebook terminal device and the server communicate through the session key.
Optionally, the initializing the server, determining system parameters of the server, and publishing specifically include:
wherein e is the relationship between the first group and the second group, G1Is a first group, G2Is a second group, PpubIs a public key, H1Is a first hash function, H2Is a second hash function, P is a first parameter,uis a second parameter, s is a random number,is a prime number set, and q is a prime number.
Optionally, the server selects the pseudonym information and the response parameter, and further determines the first identity information and the second identity information according to the system parameter, which specifically includes:
wherein A isiAs first identity information, BiIn order to be the second identity information,in order to be the identity information,is pseudonym information and S is the private key of the server.
Optionally, the determining, by the notebook terminal device, the first terminal parameter by using the physical unclonable function and the response parameter specifically includes:
wherein, WiFor the first terminal parameter, PUF () is a physically unclonable function, wiIs a response parameter.
Optionally, the smart card determines the biometric key pair according to the fingerprint and the biometric key extraction algorithm, and specifically includes:
wherein the content of the first and second substances,in the form of a biometric secret private key,is a biometric public key, GEN (-) is a biometric key extraction algorithm, FPiIs a fingerprint.
Optionally, the smart card determines first authentication information according to a first hash function, an input key, pseudonym information, a biometric private key, identity information, and a first terminal parameter; determining second authentication information according to the first identity information and the first authentication information; determining third authentication information according to the second authentication information and the second identity information; determining fourth authentication information according to the first hash function, the input key, the pseudonym information, the biological feature private key, the identity information and the first identity information, and specifically comprising:
wherein the content of the first and second substances,as the first authentication information, it is possible to authenticate the mobile terminal,in order to be the second authentication information,as the third authentication information, it is possible to,in order to be the fourth authentication information,is the input key.
Optionally, the notebook terminal device and the server communicate with each other through a session key, and then further includes:
the smart card updates the response parameter, the first authentication information, the second authentication information, the third authentication information and the fourth authentication information; and storing the updated pseudonym information, the second authentication information, the third authentication information, the fourth authentication information and the response parameter.
A security authentication system of a notebook terminal device, comprising:
the server initialization module is used for initializing the server, determining the system parameters of the server and publishing the system parameters; the system parameters include: the method comprises the steps of prime order, a first group and a second group determined according to the prime order, the relation between the first group and the second group, a public key, a first hash function, a second hash function, a first parameter and a second parameter; the first parameter is used for multiplying the random number to determine a public key; the second parameter is determined according to the relationship between the first group and the second group, the first parameter and the random number;
the notebook terminal equipment is registered on the server, and the server generates corresponding identity information; and storing the identity information in a database;
the server selects the pseudonym information and the response parameter, and then determines first identity information and second identity information according to the system parameter; determining first information according to the first identity information, the second identity information, the pseudonym information and corresponding parameters and sending the first information to the smart card; the first information and the identity information are sent to the notebook terminal equipment; the notebook terminal equipment determines a first terminal parameter by using a physical unclonable function and a response parameter; determining an input key according to the first terminal parameter and the first parameter; further sending the input key and the fingerprint to the smart card; the smart card determines a biological characteristic key pair according to the fingerprint and a biological characteristic key extraction algorithm; the biological characteristic key pair comprises a biological characteristic private key and a biological characteristic public key;
the registration module is used for the smart card to determine first authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining second authentication information according to the first identity information and the first authentication information; determining third authentication information according to the second authentication information and the second identity information; determining fourth authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; storing the pseudonym information, the third authentication information, the second authentication information, the fourth authentication information, the biological characteristic private key and the response parameter in the smart card; the first terminal parameter is sent to a server through a secure channel, and the server stores the pseudonym information and the first terminal parameter;
the login authentication module is used for the notebook terminal equipment to log in the intelligent card according to the identity information, the input key and the fingerprint; the smart card determines a biological characteristic private key according to the fingerprint, the biological characteristic public key and a biological characteristic key copying algorithm; determining a first terminal parameter according to the physical unclonable function and the response parameter; determining first generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining first identity information according to the first generated authentication information and the second authentication information; determining fourth generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; further judging whether the fourth generated authentication information is equal to the fourth authentication information; if yes, continuing authentication; if not, refusing to log in; randomly selecting a timestamp by a terminal of the equipment; determining second identity information according to the third authentication information, the first generation authentication information and the biological characteristic private key; then, randomly selecting an authentication random number, and determining fifth authentication information according to the authentication random number and system parameters; determining sixth authentication information according to the fifth authentication information, the second identity information and the identity information; determining seventh authentication information according to the first hash function, the pseudonym information, the identity information, the second identity information, the fifth authentication information, the first terminal parameter and the timestamp; sending the pseudonym information, the sixth authentication information, the seventh authentication information, the third authentication information and the timestamp to a server; the server verifies the timestamp, and after the timestamp passes verification, corresponding pseudonym information and first terminal parameters are determined according to the pseudonym information; determining fifth generation authentication information according to the system parameters and the third authentication information; determining second identity information according to the system parameters and the pseudonym information; determining identity information according to the sixth authentication information, the fifth generated authentication information and the second identity information; inquiring whether the determined identity information is in a database; when the determined identity information is in the database, continuing authentication; then, determining seventh generation authentication information according to the first hash function, the pseudonym information, the determined identity information, the second identity information, the fifth generation authentication information, the first terminal parameter and the timestamp; further verifying whether the seventh generated authentication information is equal to the stored seventh authentication information; when the seventh generated authentication information is equal to the stored seventh authentication information, continuing authentication; then, the server randomly selects a timestamp and a second parameter, and determines a first server parameter and a second server parameter; the pseudonym information is updated, and then the updated first identity information and the updated second identity information are calculated; determining eighth verification information according to the updated first identity information, the updated second identity information, the updated pseudonym information and the updated response parameters; determining ninth authentication information according to the second hash function, the updated kana information, the determined identity information, the second identity information, the updated first identity information, the updated second identity information, the second server parameter, the fifth generation authentication information and the first terminal parameter; determining tenth authentication information according to the first hash function, the updated kana information, the determined identity information, the ninth verification information, the first terminal parameter and the timestamp randomly selected by the server; sending the first server parameter, the eighth authentication information, the tenth authentication information and the server random selection timestamp to the notebook terminal equipment; the notebook terminal equipment randomly selects a timestamp for verification on the server, and determines a first terminal parameter according to a physical unclonable function after the verification is passed; further determining a second generation server parameter, ninth generation authentication information and tenth generation authentication information; judging whether the tenth generated authentication information is equal to the tenth authentication information; when the tenth generated authentication information is equal to the tenth authentication information, the session key of the notebook terminal device is equal to the session key of the server; the notebook terminal device and the server communicate through the session key.
Optionally, the method further comprises:
the password updating module is used for updating the response parameter, the first authentication information, the second authentication information, the third authentication information and the fourth authentication information by the smart card; and storing the updated pseudonym information, the second authentication information, the third authentication information, the fourth authentication information and the response parameter.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the security authentication method and system for the notebook terminal equipment, provided by the invention, mainly integrate three-factor authentication, Physical Unclonable Function (PUF) and bilinear mapping algorithm to ensure the authentication security of the notebook terminal equipment, and the security is higher due to a specific security environment, a pseudonym is introduced to ensure the identity security of the notebook terminal, and after the authentication of the notebook terminal is completed, secret parameters are updated, so that the authentication security is ensured. The notebook terminal device generates corresponding secret parameters and PUF secret values by registering with the server, and then encrypts by a three-factor authentication mode and introducing a bilinear mapping algorithm and a PUF, and the encryption of the mode can reach higher security level. The method is based on the session key generated by the secret value and the updated secret value, so that the session key is generated by the notebook terminal device and the server respectively, thereby not only ensuring the security of the session key, but also solving the problem of the forward and backward security of the session key. The invention ensures that the notebook terminal equipment and the service network can carry out mutual authentication and safely negotiate the session key, can resist common attacks and ensures the safety of communication.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
Fig. 1 is a schematic flow chart of a security authentication method for a notebook terminal device according to the present invention;
fig. 2 is a schematic diagram illustrating the authentication principle of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a security authentication method and a security authentication system for notebook terminal equipment, which can improve the communication security of the notebook terminal equipment and ensure the privacy security.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a schematic flow chart of a security authentication method for a notebook terminal device provided by the present invention, fig. 2 is a schematic diagram of an authentication principle of the present invention, and as shown in fig. 1 and fig. 2, the security authentication method for a notebook terminal device provided by the present invention includes:
s101, initializing a server, determining system parameters of the server, and publishing; the system parameters include: the method comprises the steps of prime order, a first group and a second group determined according to the prime order, the relation between the first group and the second group, a public key, a first hash function, a second hash function, a first parameter and a second parameter; the first parameter is used for multiplying the random number to determine a public key; the second parameter is determined according to the relationship between the first group and the second group, the first parameter and the random number;
s102, the notebook terminal equipment is registered on a server, and the server generates corresponding identity information; and storing the identity information in a database;
s103, the server selects the pseudonym information and the response parameter, and further determines first identity information and second identity information according to the system parameter; determining first information according to the first identity information, the second identity information, the pseudonym information and corresponding parameters and sending the first information to the smart card; the first information and the identity information are sent to the notebook terminal equipment;
s104, the notebook terminal equipment determines a first terminal parameter by using a physical unclonable function and a response parameter; determining an input key according to the first terminal parameter and the first parameter; further sending the input key and the fingerprint to the smart card;
s105, the smart card determines a biological characteristic key pair according to the fingerprint and a biological characteristic key extraction algorithm; the biological characteristic key pair comprises a biological characteristic private key and a biological characteristic public key;
s106, the smart card determines first authentication information according to the first hash function, the input secret key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining second authentication information according to the first identity information and the first authentication information; determining third authentication information according to the second authentication information and the second identity information; determining fourth authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; storing the pseudonym information, the third authentication information, the second authentication information, the fourth authentication information, the biological characteristic private key and the response parameter in the smart card; the first terminal parameter is sent to a server through a secure channel, and the server stores the pseudonym information and the first terminal parameter;
s107, the notebook terminal equipment logs in the smart card according to the identity information, the input key and the fingerprint;
s108, the smart card determines a biological characteristic private key according to the fingerprint, the biological characteristic public key and a biological characteristic secret key copying algorithm; determining a first terminal parameter according to the physical unclonable function and the response parameter; determining first generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining first identity information according to the first generated authentication information and the second authentication information; determining fourth generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; further judging whether the fourth generated authentication information is equal to the fourth authentication information; if yes, continuing authentication; if not, refusing to log in;
s109, randomly selecting a timestamp by the notebook equipment terminal; determining second identity information according to the third authentication information, the first generation authentication information and the biological characteristic private key; then, randomly selecting an authentication random number, and determining fifth authentication information according to the authentication random number and system parameters; determining sixth authentication information according to the fifth authentication information, the second identity information and the identity information; determining seventh authentication information according to the first hash function, the pseudonym information, the identity information, the second identity information, the fifth authentication information, the first terminal parameter and the timestamp; sending the pseudonym information, the sixth authentication information, the seventh authentication information, the third authentication information and the timestamp to a server;
s110, the server verifies the timestamp, and after the timestamp passes the verification, corresponding pseudonym information and first terminal parameters are determined according to the pseudonym information; determining fifth generation authentication information according to the system parameters and the third authentication information; determining second identity information according to the system parameters and the pseudonym information; determining identity information according to the sixth authentication information, the fifth generated authentication information and the second identity information; inquiring whether the determined identity information is in a database; when the determined identity information is in the database, continuing authentication; then, determining seventh generation authentication information according to the first hash function, the pseudonym information, the determined identity information, the second identity information, the fifth generation authentication information, the first terminal parameter and the timestamp; further verifying whether the seventh generated authentication information is equal to the stored seventh authentication information; when the seventh generated authentication information is equal to the stored seventh authentication information, continuing authentication; then, the server randomly selects a timestamp and a second parameter, and determines a first server parameter and a second server parameter; the pseudonym information is updated, and then the updated first identity information and the updated second identity information are calculated; determining eighth verification information according to the updated first identity information, the updated second identity information, the updated pseudonym information and the updated response parameters; determining ninth authentication information according to the second hash function, the updated kana information, the determined identity information, the second identity information, the updated first identity information, the updated second identity information, the second server parameter, the fifth generation authentication information and the first terminal parameter; determining tenth authentication information according to the first hash function, the updated kana information, the determined identity information, the ninth verification information, the first terminal parameter and the timestamp randomly selected by the server; sending the first server parameter, the eighth authentication information, the tenth authentication information and the server random selection timestamp to the notebook terminal equipment;
s111, the notebook terminal equipment randomly selects a timestamp to verify the server, and determines a first terminal parameter according to a physical unclonable function after the verification is passed; further determining a second generation server parameter, ninth generation authentication information and tenth generation authentication information; judging whether the tenth generated authentication information is equal to the tenth authentication information; when the tenth generated authentication information is equal to the tenth authentication information, the session key of the notebook terminal device is equal to the session key of the server;
and S112, the notebook terminal device and the server communicate through the session key.
After S112, the method further includes the smart card update response parameter, the first authentication information, the second authentication information, the third authentication information, and the fourth authentication information; and storing the updated pseudonym information, the second authentication information, the third authentication information, the fourth authentication information and the response parameter.
Through the steps, the method is divided into a system initialization stage, a registration stage, a login verification stage and a password updating stage; each stage is described below separately:
system initialization phase
At this stage, first the Server (Server) selects two groups G of prime order1And G2Satisfy the requirement ofSelecting a random numberComputing public keysTwo secure hash functions are selected:,publishing system parameters of { q, G }1,G2,Ppub,u,e,P,H1,H2And keeps a long-term private key S.
Registration phase
Before the notebook terminal equipment is accessed to the server, the notebook terminal equipment firstly needs to be registered on the server, and the server firstly generates identity information And stored in a database, while the server selects a pseudonym informationThen randomly selectIn response, calculate,To store a messageIs entered into a new Smart Card (SC) and finally a message is sentTo notebook terminal equipment. Terminal equipment of notebook computerAfter the receipt of the message, the user may,firstly, calculating by using PUF of the selfThen inputs a passwordAnd fingerprintsEntering into a smart card, and then the smart card calculatesWherein GEN (-) biometric key extraction algorithm, REP (-) biometric key duplication algorithm.,,,Last message,Store it to smart cardFinally, the message is mapped to a secure channelAnd sending the data to the server. The server stores the last page after receiving the message}。
Login authentication phase
(1) Notebook terminal equipmentFirst, input user name,And fingerprintsInto smart cards, smart cardsComputingWherein REP (-) biometric Key duplication Algorithm,first generating authentication information ,,Fourth, authentication information is generatedIf, ifAnd storedIs equal, authentication continues, otherwise login is denied. DeviceRandomly selecting timestampsComputingThen randomly selectAnd calculating a valueFifth authentication informationSixth authentication informationSeventh authentication information. DeviceSending toneFor server。
(2) When serverAfter the receipt of the message, the user may,first, the timestamp is verifiedIf the authentication is in the legal range, if not, the authentication is refused, otherwise, the authentication is carried out according to the conditionLooking up values in a databaseRejecting authentication if the lookup fails, otherwise computing fifth generation authentication information,,Server, serverQuerying databases to verify identity informationIf the authentication is not in the database, the authentication is terminated, otherwise the authentication is continued. ServerCalculating seventh generation authentication informationVerifying the calculationAnd receivedWhether or not equal. If equal, authentication continues, otherwise authentication is terminated.Random selectionAnd calculating the first server parameterSecond server parameter. ServerRandomly selecting timestampsAnd selecting a new pseudonymAnd a random valueThen calculate,Eighth authentication informationNinth authentication informationTenth authentication information. Last serverSending messagesFeeding device。
(3) When the equipment is usedReceiving message},First verifying the timestampIf the current PUF is in the legal range, if the current PUF is not in the legal range, authentication is refused, otherwise, the PUF of the current PUF is used for calculationThen calculating a second generation server parameter,,,. If calculatedAnd receivedIs equal, it can be verified that the computed session key and the session key of the server are equal, otherwise, the authentication ends. Smart cardComputing,,,Finally, the smart cardUpdate the stored message to. Last notebook terminal equipmentAnd serverCommunication is performed through a session key.
Password updating phase
Notebook terminal equipmentFirst, input user name,And fingerprintsInto smart cards, smart cardsComputing, ,,If, ifAnd storedIs equal, then login continues, otherwise, login is denied. Then notebook terminal deviceSmart cardInputting new password,,,,Last new messageUpdate to smart cardIn (1). The password update is completed.
The invention provides a security authentication system of notebook terminal equipment, comprising:
the server initialization module is used for initializing the server, determining the system parameters of the server and publishing the system parameters; the system parameters include: the method comprises the steps of prime order, a first group and a second group determined according to the prime order, the relation between the first group and the second group, a public key, a first hash function, a second hash function, a first parameter and a second parameter; the first parameter is used for multiplying the random number to determine a public key; the second parameter is determined according to the relationship between the first group and the second group, the first parameter and the random number;
the notebook terminal equipment is registered on the server, and the server generates corresponding identity information; and storing the identity information in a database;
the server selects the pseudonym information and the response parameter, and then determines first identity information and second identity information according to the system parameter; determining first information according to the first identity information, the second identity information, the pseudonym information and corresponding parameters and sending the first information to the smart card; the first information and the identity information are sent to the notebook terminal equipment; the notebook terminal equipment determines a first terminal parameter by using a physical unclonable function and a response parameter; determining an input key according to the first terminal parameter and the first parameter; further sending the input key and the fingerprint to the smart card; the smart card determines a biological characteristic key pair according to the fingerprint and a biological characteristic key extraction algorithm; the biological characteristic key pair comprises a biological characteristic private key and a biological characteristic public key;
the registration module is used for the smart card to determine first authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining second authentication information according to the first identity information and the first authentication information; determining third authentication information according to the second authentication information and the second identity information; determining fourth authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; storing the pseudonym information, the third authentication information, the second authentication information, the fourth authentication information, the biological characteristic private key and the response parameter in the smart card; the first terminal parameter is sent to a server through a secure channel, and the server stores the pseudonym information and the first terminal parameter;
the login authentication module is used for the notebook terminal equipment to log in the intelligent card according to the identity information, the input key and the fingerprint; the smart card determines a biological characteristic private key according to the fingerprint, the biological characteristic public key and a biological characteristic key copying algorithm; determining a first terminal parameter according to the physical unclonable function and the response parameter; determining first generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining first identity information according to the first generated authentication information and the second authentication information; determining fourth generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; further judging whether the fourth generated authentication information is equal to the fourth authentication information; if yes, continuing authentication; if not, refusing to log in; randomly selecting a timestamp by a terminal of the equipment; determining second identity information according to the third authentication information, the first generation authentication information and the biological characteristic private key; then, randomly selecting an authentication random number, and determining fifth authentication information according to the authentication random number and system parameters; determining sixth authentication information according to the fifth authentication information, the second identity information and the identity information; determining seventh authentication information according to the first hash function, the pseudonym information, the identity information, the second identity information, the fifth authentication information, the first terminal parameter and the timestamp; sending the pseudonym information, the sixth authentication information, the seventh authentication information, the third authentication information and the timestamp to a server; the server verifies the timestamp, and after the timestamp passes verification, corresponding pseudonym information and first terminal parameters are determined according to the pseudonym information; determining fifth generation authentication information according to the system parameters and the third authentication information; determining second identity information according to the system parameters and the pseudonym information; determining identity information according to the sixth authentication information, the fifth generated authentication information and the second identity information; inquiring whether the determined identity information is in a database; when the determined identity information is in the database, continuing authentication; then, determining seventh generation authentication information according to the first hash function, the pseudonym information, the determined identity information, the second identity information, the fifth generation authentication information, the first terminal parameter and the timestamp; further verifying whether the seventh generated authentication information is equal to the stored seventh authentication information; when the seventh generated authentication information is equal to the stored seventh authentication information, continuing authentication; then, the server randomly selects a timestamp and a second parameter, and determines a first server parameter and a second server parameter; the pseudonym information is updated, and then the updated first identity information and the updated second identity information are calculated; determining eighth verification information according to the updated first identity information, the updated second identity information, the updated pseudonym information and the updated response parameters; determining ninth authentication information according to the second hash function, the updated kana information, the determined identity information, the second identity information, the updated first identity information, the updated second identity information, the second server parameter, the fifth generation authentication information and the first terminal parameter; determining tenth authentication information according to the first hash function, the updated kana information, the determined identity information, the ninth verification information, the first terminal parameter and the timestamp randomly selected by the server; sending the first server parameter, the eighth authentication information, the tenth authentication information and the server random selection timestamp to the notebook terminal equipment; the notebook terminal equipment randomly selects a timestamp for verification on the server, and determines a first terminal parameter according to a physical unclonable function after the verification is passed; further determining a second generation server parameter, ninth generation authentication information and tenth generation authentication information; judging whether the tenth generated authentication information is equal to the tenth authentication information; when the tenth generated authentication information is equal to the tenth authentication information, the session key of the notebook terminal device is equal to the session key of the server; the notebook terminal device and the server communicate through the session key.
The invention provides a security authentication system of notebook terminal equipment, which further comprises:
the password updating module is used for updating the response parameter, the first authentication information, the second authentication information, the third authentication information and the fourth authentication information by the smart card; and storing the updated pseudonym information, the second authentication information, the third authentication information, the fourth authentication information and the response parameter.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.
Claims (8)
1. A security authentication method of a notebook terminal device is characterized by comprising the following steps:
initializing a server, determining system parameters of the server, and publishing; the system parameters include: the method comprises the steps of prime order, a first group and a second group determined according to the prime order, the relation between the first group and the second group, a public key, a first hash function, a second hash function, a first parameter and a second parameter; the first parameter is used for multiplying the random number to determine a public key; the second parameter is determined according to the relationship between the first group and the second group, the first parameter and the random number;
the notebook terminal equipment is registered on the server, and the server generates corresponding identity information; and storing the identity information in a database;
the server selects the pseudonym information and the response parameter, and then determines first identity information and second identity information according to the system parameter; sending first information comprising first identity information, second identity information, pseudonym information and response parameters to the smart card; the first information and the identity information are sent to the notebook terminal equipment;
the notebook terminal equipment determines a first terminal parameter by using a physical unclonable function and a response parameter; determining an input key according to the first terminal parameter and the first parameter; further sending the input key and the fingerprint to the smart card;
the smart card determines a biological characteristic key pair according to the fingerprint and a biological characteristic key extraction algorithm; the biological characteristic key pair comprises a biological characteristic private key and a biological characteristic public key;
the intelligent card determines first authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining second authentication information according to the first identity information and the first authentication information; determining third authentication information according to the second authentication information and the second identity information; determining fourth authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; storing the pseudonym information, the third authentication information, the second authentication information, the fourth authentication information, the biological characteristic public key and the response parameter in the smart card; the first terminal parameter is sent to a server through a secure channel, and the server stores the pseudonym information and the first terminal parameter;
the notebook terminal equipment logs in the intelligent card according to the identity information, the input key and the fingerprint;
the smart card determines a biological characteristic private key according to the fingerprint, the biological characteristic public key and a biological characteristic key copying algorithm; determining a first terminal parameter according to the physical unclonable function and the response parameter; determining first generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining first identity information according to the first generated authentication information and the second authentication information; determining fourth generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; further judging whether the fourth generated authentication information is equal to the fourth authentication information; if yes, continuing authentication; if not, refusing to log in;
randomly selecting a timestamp by the notebook equipment terminal; determining second identity information according to the third authentication information, the first generation authentication information and the biological characteristic private key; then, randomly selecting an authentication random number, and determining fifth authentication information according to the authentication random number and system parameters; determining sixth authentication information according to the fifth authentication information, the second identity information and the identity information; determining seventh authentication information according to the first hash function, the pseudonym information, the identity information, the second identity information, the fifth authentication information, the first terminal parameter and the timestamp; the pseudonym information, the sixth authentication information, the seventh authentication information, the third authentication information and the timestamp are sent to a server;
the server verifies the timestamp, and after the timestamp passes verification, corresponding pseudonym information and first terminal parameters are determined according to the pseudonym information; determining fifth generation authentication information according to the system parameters and the third authentication information; determining second identity information according to the system parameters and the pseudonym information; determining identity information according to the sixth authentication information, the fifth generated authentication information and the second identity information; inquiring whether the determined identity information is in a database; when the determined identity information is in the database, continuing authentication; then, determining seventh generation authentication information according to the first hash function, the pseudonym information, the determined identity information, the second identity information, the fifth generation authentication information, the first terminal parameter and the timestamp; further verifying whether the seventh generated authentication information is equal to the stored seventh authentication information; when the seventh generated authentication information is equal to the stored seventh authentication information, continuing authentication; then, the server randomly selects a timestamp and a second parameter, and determines a first server parameter and a second server parameter; the pseudonym information is updated, and then the updated first identity information and the updated second identity information are calculated; determining eighth authentication information according to the updated first identity information, the updated second identity information, the updated pseudonym information and the updated response parameter; determining ninth authentication information according to the second hash function, the updated kana information, the determined identity information, the second identity information, the updated first identity information, the updated second identity information, the second server parameter, the fifth generation authentication information and the first terminal parameter; determining tenth authentication information according to the first hash function, the updated kana information, the determined identity information, the ninth authentication information, the first terminal parameter and the timestamp randomly selected by the server; sending the first server parameter, the eighth authentication information, the tenth authentication information and the server random selection timestamp to the notebook terminal equipment;
the notebook terminal equipment randomly selects a timestamp for verification on the server, and determines a first terminal parameter according to a physical unclonable function after the verification is passed; determining a second generation server parameter according to the system parameter and the random number of the server, determining a ninth generation authentication information according to a second hash function, the updated kana information, the determined identity information, the second identity information, the updated first identity information, the updated second identity information, the fifth generation authentication information and the first terminal parameter, and determining a tenth generation authentication information according to the first hash function, the updated kana information, the determined identity information, the ninth authentication information, the first terminal parameter and the time stamp; judging whether the tenth generated authentication information is equal to the tenth authentication information; when the tenth generated authentication information is equal to the tenth authentication information, the session key of the notebook terminal device is equal to the session key of the server;
the notebook terminal equipment and the server communicate through the session key;
the smart card calculates the updated first terminal parameter, the updated first authentication information, the updated second authentication information, the updated third authentication information and the updated fourth authentication information; storing the updated pseudonym information, the updated third authentication information, the updated second authentication information, the updated fourth authentication information, the biological characteristic public key and the updated response parameter in the smart card; finally, the notebook terminal equipment and the server communicate through the session key;
the server selects the pseudonym information and the response parameter, and further determines first identity information and second identity information according to the system parameter, and the method specifically comprises the following steps:
wherein A isiAs first identity information, BiIn order to be the second identity information,in order to be the identity information,is pseudonym information, s is the private key of the server, H1In order to be the first hash function, the hash function,in order to update the pseudonym information,is a random value and is used as a reference,is a time stamp, WiFor the first terminal parameter, PUF () is a physically unclonable function, wiIn response to the parameter, H2Is a second hash function.
2. The security authentication method of the notebook terminal device according to claim 1, wherein initializing the server, determining system parameters of the server, and publishing the system parameters specifically comprises:
wherein e is the relationship between the first group and the second group, G1Is a first group, G2Is a second group, PpubIs a public key, H1Is a first hash function, H2Is a second hash function, P is a first parameter,uis a second parameter, s is a random number,is a prime number set, and q is a prime number.
3. The security authentication method of the notebook terminal device according to claim 1, wherein the notebook terminal device determines the first terminal parameter by using a physical unclonable function and a response parameter, and specifically comprises:
wherein, WiFor the first terminal parameter, PUF () is a physically unclonable function, wiIs a response parameter.
4. The security authentication method of the notebook terminal device according to claim 3, wherein the smart card determines the biometric key pair according to the fingerprint and the biometric key extraction algorithm, and specifically comprises:
5. The security authentication method of the notebook terminal device according to claim 4, wherein the smart card determines the first authentication information according to a first hash function, the input key, the pseudonym information, the biometric private key, the identity information, and the first terminal parameter; determining second authentication information according to the first identity information and the first authentication information; determining third authentication information according to the second authentication information and the second identity information; determining fourth authentication information according to the first hash function, the input key, the pseudonym information, the biological feature private key, the identity information and the first identity information, and specifically comprising:
wherein the content of the first and second substances,as the first authentication information, it is possible to authenticate the mobile terminal,in order to be the second authentication information,as the third authentication information, it is possible to,in order to be the fourth authentication information,is the input key.
6. The method of claim 1, wherein the notebook terminal device and the server communicate with each other via a session key, and thereafter further comprising:
the smart card updates the response parameter, the first authentication information, the second authentication information, the third authentication information and the fourth authentication information; and storing the updated pseudonym information, the second authentication information, the third authentication information, the fourth authentication information and the response parameter.
7. A security authentication system of a notebook terminal device, comprising:
the server initialization module is used for initializing the server, determining the system parameters of the server and publishing the system parameters; the system parameters include: the method comprises the steps of prime order, a first group and a second group determined according to the prime order, the relation between the first group and the second group, a public key, a first hash function, a second hash function, a first parameter and a second parameter; the first parameter is used for multiplying the random number to determine a public key; the second parameter is determined according to the relationship between the first group and the second group, the first parameter and the random number;
the notebook terminal equipment is registered on the server, and the server generates corresponding identity information; and storing the identity information in a database;
the server selects the pseudonym information and the response parameter, and then determines first identity information and second identity information according to the system parameter; sending first information comprising first identity information, second identity information, pseudonym information and response parameters to the smart card; the first information and the identity information are sent to the notebook terminal equipment; the notebook terminal equipment determines a first terminal parameter by using a physical unclonable function and a response parameter; determining an input key according to the first terminal parameter and the first parameter; further sending the input key and the fingerprint to the smart card; the smart card determines a biological characteristic key pair according to the fingerprint and a biological characteristic key extraction algorithm; the biological characteristic key pair comprises a biological characteristic private key and a biological characteristic public key;
the registration module is used for the smart card to determine first authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining second authentication information according to the first identity information and the first authentication information; determining third authentication information according to the second authentication information and the second identity information; determining fourth authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; storing the pseudonym information, the third authentication information, the second authentication information, the fourth authentication information, the biological characteristic public key and the response parameter in the smart card; the first terminal parameter is sent to a server through a secure channel, and the server stores the pseudonym information and the first terminal parameter;
the login authentication module is used for the notebook terminal equipment to log in the intelligent card according to the identity information, the input key and the fingerprint; the smart card determines a biological characteristic private key according to the fingerprint, the biological characteristic public key and a biological characteristic key copying algorithm; determining a first terminal parameter according to the physical unclonable function and the response parameter; determining first generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first terminal parameter; determining first identity information according to the first generated authentication information and the second authentication information; determining fourth generation authentication information according to the first hash function, the input key, the pseudonym information, the biological characteristic private key, the identity information and the first identity information; further judging whether the fourth generated authentication information is equal to the fourth authentication information; if yes, continuing authentication; if not, refusing to log in; randomly selecting a timestamp by a terminal of the equipment; determining second identity information according to the third authentication information, the first generation authentication information and the biological characteristic private key; then, randomly selecting an authentication random number, and determining fifth authentication information according to the authentication random number and system parameters; determining sixth authentication information according to the fifth authentication information, the second identity information and the identity information; determining seventh authentication information according to the first hash function, the pseudonym information, the identity information, the second identity information, the fifth authentication information, the first terminal parameter and the timestamp; the pseudonym information, the sixth authentication information, the seventh authentication information, the third authentication information and the timestamp are sent to a server; the server verifies the timestamp, and after the timestamp passes verification, corresponding pseudonym information and first terminal parameters are determined according to the pseudonym information; determining fifth generation authentication information according to the system parameters and the third authentication information; determining second identity information according to the system parameters and the pseudonym information; determining identity information according to the sixth authentication information, the fifth generated authentication information and the second identity information; inquiring whether the determined identity information is in a database; when the determined identity information is in the database, continuing authentication; then, determining seventh generation authentication information according to the first hash function, the pseudonym information, the determined identity information, the second identity information, the fifth generation authentication information, the first terminal parameter and the timestamp; further verifying whether the seventh generated authentication information is equal to the stored seventh authentication information; when the seventh generated authentication information is equal to the stored seventh authentication information, continuing authentication; then, the server randomly selects a timestamp and a second parameter, and determines a first server parameter and a second server parameter; the pseudonym information is updated, and then the updated first identity information and the updated second identity information are calculated; determining eighth authentication information according to the updated first identity information, the updated second identity information, the updated pseudonym information and the updated response parameter; determining ninth authentication information according to the second hash function, the updated kana information, the determined identity information, the second identity information, the updated first identity information, the updated second identity information, the second server parameter, the fifth generation authentication information and the first terminal parameter; determining tenth authentication information according to the first hash function, the updated kana information, the determined identity information, the ninth authentication information, the first terminal parameter and the timestamp randomly selected by the server; sending the first server parameter, the eighth authentication information, the tenth authentication information and the server random selection timestamp to the notebook terminal equipment; the notebook terminal equipment randomly selects a timestamp for verification on the server, and determines a first terminal parameter according to a physical unclonable function after the verification is passed; determining a second generation server parameter according to the system parameter and the random number of the server, determining a ninth generation authentication information according to a second hash function, the updated kana information, the determined identity information, the second identity information, the updated first identity information, the updated second identity information, the fifth generation authentication information and the first terminal parameter, and determining a tenth generation authentication information according to the first hash function, the updated kana information, the determined identity information, the ninth authentication information, the first terminal parameter and the time stamp; judging whether the tenth generated authentication information is equal to the tenth authentication information; when the tenth generated authentication information is equal to the tenth authentication information, the session key of the notebook terminal device is equal to the session key of the server;
the notebook terminal equipment and the server communicate through the session key;
the smart card calculates the updated first terminal parameter, the updated first authentication information, the updated second authentication information, the updated third authentication information and the updated fourth authentication information; storing the updated pseudonym information, the updated third authentication information, the updated second authentication information, the updated fourth authentication information, the biological characteristic public key and the updated response parameter in the smart card; finally, the notebook terminal equipment and the server communicate through the session key;
the server selects the pseudonym information and the response parameter, and further determines first identity information and second identity information according to the system parameter, and the method specifically comprises the following steps:
wherein A isiAs first identity information, BiIn order to be the second identity information,in order to be the identity information,is pseudonym information, s is the private key of the server, H1In order to be the first hash function, the hash function,in order for the pseudonym to be updated,is a random value and is used as a reference,is a time stamp, WiFor the first terminal parameter, PUF () is a physically unclonable function, wiIn response to the parameter, H2Is a second hash function.
8. The system of claim 7, further comprising:
the password updating module is used for updating the response parameter, the first authentication information, the second authentication information, the third authentication information and the fourth authentication information by the smart card; and storing the updated pseudonym information, the second authentication information, the third authentication information, the fourth authentication information and the response parameter.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111606869.7A CN113987451B (en) | 2021-12-27 | 2021-12-27 | Security authentication method and system for notebook terminal equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111606869.7A CN113987451B (en) | 2021-12-27 | 2021-12-27 | Security authentication method and system for notebook terminal equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113987451A CN113987451A (en) | 2022-01-28 |
CN113987451B true CN113987451B (en) | 2022-04-08 |
Family
ID=79734333
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111606869.7A Active CN113987451B (en) | 2021-12-27 | 2021-12-27 | Security authentication method and system for notebook terminal equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113987451B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768660A (en) * | 2018-05-28 | 2018-11-06 | 北京航空航天大学 | Internet of things equipment identity identifying method based on physics unclonable function |
CN111818039A (en) * | 2020-07-03 | 2020-10-23 | 西安电子科技大学 | Three-factor anonymous user authentication protocol method based on PUF in Internet of things |
EP3770888A1 (en) * | 2019-07-23 | 2021-01-27 | Universidad de Sevilla | A behavioral and physical unclonable function and a multi-modal cryptographic authentication method using the same |
CN113824570A (en) * | 2021-11-23 | 2021-12-21 | 北京中超伟业信息安全技术股份有限公司 | Block chain-based security terminal authentication method and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112069493A (en) * | 2019-06-10 | 2020-12-11 | 联阳半导体股份有限公司 | Authentication system and authentication method |
-
2021
- 2021-12-27 CN CN202111606869.7A patent/CN113987451B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768660A (en) * | 2018-05-28 | 2018-11-06 | 北京航空航天大学 | Internet of things equipment identity identifying method based on physics unclonable function |
EP3770888A1 (en) * | 2019-07-23 | 2021-01-27 | Universidad de Sevilla | A behavioral and physical unclonable function and a multi-modal cryptographic authentication method using the same |
CN111818039A (en) * | 2020-07-03 | 2020-10-23 | 西安电子科技大学 | Three-factor anonymous user authentication protocol method based on PUF in Internet of things |
CN113824570A (en) * | 2021-11-23 | 2021-12-21 | 北京中超伟业信息安全技术股份有限公司 | Block chain-based security terminal authentication method and system |
Non-Patent Citations (1)
Title |
---|
Lightweight and Physically Secure Anonymous Mutual Authentication Protocol for Real-Time Data Access in Industrial Wireless Sensor Networks;Prosanta Gope 等;《IEEE transactions on industrial informatics》;20190930;第15卷(第9期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113987451A (en) | 2022-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Amin et al. | A light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment | |
CN108768660B (en) | Internet of things equipment identity authentication method based on physical unclonable function | |
WO2020134942A1 (en) | Identity verification method and system therefor | |
US8627424B1 (en) | Device bound OTP generation | |
US20070130463A1 (en) | Single one-time password token with single PIN for access to multiple providers | |
CN105516201A (en) | Lightweight anonymous authentication and key negotiation method in multi-server environment | |
US8966263B2 (en) | System and method of network equipment remote access authentication in a communications network | |
CN108400962B (en) | Authentication and key agreement method under multi-server architecture | |
IES20020190A2 (en) | a biometric authentication system and method | |
US20150244695A1 (en) | Network authentication method for secure user identity verification | |
CN111835526B (en) | Method and system for generating anonymous credential | |
Jiang et al. | An anonymous and efficient remote biometrics user authentication scheme in a multi server environment | |
KR20210095093A (en) | Method for providing authentification service by using decentralized identity and server using the same | |
CN113971274B (en) | Identity recognition method and device | |
CN111600869A (en) | Verification code authentication method and system based on biological characteristics | |
CN107347073B (en) | A kind of resource information processing method | |
Roy et al. | An efficient biometric based remote user authentication scheme for secure internet of things environment | |
KR20050071768A (en) | System and method for one time password service | |
Rahmani et al. | AMAPG: Advanced mobile authentication protocol for GLOMONET | |
KR20130039745A (en) | System and method for authentication interworking | |
KR20210095061A (en) | Method for providing authentification service by using decentralized identity and server using the same | |
CN113987451B (en) | Security authentication method and system for notebook terminal equipment | |
KR102118556B1 (en) | Method for providing private blockchain based privacy information management service | |
CN114422106B (en) | Security authentication method and system for Internet of things system under multi-server environment | |
CN108566274B (en) | Method, equipment and storage equipment for seamless docking between block chain authentication systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |