CN114338213A - Temperature-assisted authentication system and authentication method thereof - Google Patents

Temperature-assisted authentication system and authentication method thereof Download PDF

Info

Publication number
CN114338213A
CN114338213A CN202111677328.3A CN202111677328A CN114338213A CN 114338213 A CN114338213 A CN 114338213A CN 202111677328 A CN202111677328 A CN 202111677328A CN 114338213 A CN114338213 A CN 114338213A
Authority
CN
China
Prior art keywords
authentication
temperature
client
server
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111677328.3A
Other languages
Chinese (zh)
Other versions
CN114338213B (en
Inventor
许怡楠
姜书艳
黄乐天
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN202111677328.3A priority Critical patent/CN114338213B/en
Publication of CN114338213A publication Critical patent/CN114338213A/en
Application granted granted Critical
Publication of CN114338213B publication Critical patent/CN114338213B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开了一种温度辅助认证的认证系统,在认证系统中增加一个可控的电压温度调节模块以实现二次认证,增设电压温度调节模块,双方根据挑战做出温度变化的应答,从而实现进一步的加解密映射,依靠双方内在的认证机制最终实现辅助认证的作用。同时提出一种温度辅助认证的认证方法,相比于环境温度难以控制,芯片温度可以通过电压、频率等因素进行有效调节。客户端和服务器端均采用定制芯片,根据双方认证要求进行数据传输以及温度调节,并进一步编解码,使得数据能够在特定的条件下传输并作为安全认证的一部分,从而实现辅助性的物理加密。借此,认证系统抵御中继攻击的能力增强,系统鲁棒性很强。

Figure 202111677328

The invention discloses an authentication system for temperature-assisted authentication. A controllable voltage and temperature adjustment module is added to the authentication system to realize secondary authentication, and a voltage and temperature adjustment module is added. Further encryption and decryption mapping relies on the internal authentication mechanism of both parties to finally realize the role of auxiliary authentication. At the same time, an authentication method of temperature-assisted authentication is proposed. Compared with the difficult control of ambient temperature, the chip temperature can be effectively adjusted by factors such as voltage and frequency. Both the client and the server use custom chips, which carry out data transmission and temperature adjustment according to the requirements of mutual authentication, and further encode and decode, so that the data can be transmitted under specific conditions as part of the security authentication, so as to achieve auxiliary physical encryption. In this way, the ability of the authentication system to resist relay attacks is enhanced, and the system has strong robustness.

Figure 202111677328

Description

一种温度辅助认证的认证系统及其认证方法A certification system for temperature-assisted certification and its certification method

技术领域technical field

本发明涉及认证协议领域,具体涉及一种温度辅助认证的认证辅助系统及其认证方法。The invention relates to the field of authentication protocols, in particular to an authentication assistance system for temperature assistance authentication and an authentication method thereof.

背景技术Background technique

传统的挑战—应答认证系统通过AES等加密算法进行加解密,以保护密钥不被盗取冒充,使得服务器端与客户端可以相互安全认证。但系统未经辅助加密,遭受中继攻击容易导致密钥的泄露,使得系统安全性大大降低,文献[1]利用环境检测传感器对认证双方的环境物理量进行测量并比较,使其作为认证系统的一部分,起辅助安全认证作用,能够降低系统遭受中继攻击后崩溃的风险,提高系统的鲁棒性。但这一辅助手段可控性较差,完全依赖于客观因素,且变化的波动性很小,长此以往,可靠性逐渐下降,被攻击破解的概率大大增加。The traditional challenge-response authentication system uses encryption algorithms such as AES to encrypt and decrypt to protect the key from being stolen and impersonated, so that the server and the client can authenticate each other securely. However, the system is not assisted encryption, and the relay attack will easily lead to the leakage of the key, which greatly reduces the security of the system. Reference [1] uses the environmental detection sensor to measure and compare the environmental physical quantities of the two sides of the authentication, making it the key of the authentication system. Part of it plays the role of auxiliary security authentication, which can reduce the risk of system collapse after being attacked by relay and improve the robustness of the system. However, the controllability of this auxiliary method is poor, it is completely dependent on objective factors, and the fluctuation of changes is small. If things go on like this, the reliability will gradually decline, and the probability of being attacked and cracked will greatly increase.

发明内容SUMMARY OF THE INVENTION

针对现有技术中的上述不足,本发明提供了一种温度辅助认证的认证系统及其认真方法。In view of the above-mentioned deficiencies in the prior art, the present invention provides an authentication system for temperature-assisted authentication and a serious method thereof.

为了达到上述发明目的,本发明采用的技术方案为:In order to achieve the above-mentioned purpose of the invention, the technical scheme adopted in the present invention is:

一种温度辅助认证的认证方法,包括如下步骤:An authentication method for temperature-assisted authentication, comprising the following steps:

S1、由客户端向认证服务器端发出认证请求,要求进行身份认证;S1. The client sends an authentication request to the authentication server, requiring identity authentication;

S2、认证服务器端判断客户端身份是否合法,若合法,则生成随机数并加密作为挑战发送至客户端;S2. The authentication server determines whether the identity of the client is legal. If it is legal, a random number is generated and encrypted and sent to the client as a challenge;

S3、客户端对接收到的挑战进行解码,并将解码的数据和自身温度信息合并生成应答发送至认证服务器;S3. The client decodes the received challenge, and combines the decoded data and its own temperature information to generate a response and send it to the authentication server;

S4、验证应答并判断客户端温度是否满足条件,若应答满足条件则进行温度校准并通知客户端第一认证结果;S4, verify the response and determine whether the client temperature meets the conditions, if the response meets the conditions, perform temperature calibration and notify the client of the first authentication result;

S5、在客户端和服务器端进行随机的温度调节,并对所述S2中的随机数进行解码,判断密码是否有效,若是,则向客户端返回最终的认证结果。S5. Perform random temperature adjustment on the client and the server, and decode the random number in the S2 to determine whether the password is valid, and if so, return the final authentication result to the client.

进一步的,所述S2中随机数为16bit随机数,其中高四位为密码传输的有效区间、次高八位为温度阈值、低四位为当次传输所选择的s盒映射。Further, the random number in the S2 is a 16-bit random number, wherein the upper four bits are the valid interval of the password transmission, the next-highest eight bits are the temperature threshold, and the lower four bits are the s-box mapping selected for the current transmission.

进一步的,所述S2中利用第一公钥对所生成的随机数进行加密,加密之后的挑战表示为:FP_C(r_A,ID_A),其中P_C表示客户端的公钥,用于加密认证端产生的随机数r_A和认证端身份信息ID_A。Further, the first public key is used to encrypt the generated random number in the S2, and the challenge after encryption is expressed as: F P_C (r_A, ID_A), where P_C represents the public key of the client, which is used to encrypt the authentication end to generate The random number r_A and the authentication terminal identity information ID_A.

进一步的,所述S3中利用第二公钥对所述应答进行加密,加密后的应答表示为:GP_A(r_A,T_C),其中P_A表示认证端的公钥,用于加密客户端解密出来的随机数r_A和温度信息T_C。Further, in the S3, the second public key is used to encrypt the response, and the encrypted response is expressed as: G P_A (r_A, T_C), wherein P_A represents the public key of the authentication terminal, and is used to encrypt the decrypted client terminal. Random number r_A and temperature information T_C.

进一步的,所述S4具体包括:Further, the S4 specifically includes:

S41、认证服务器将收到的应答解密后与自身的计算结果进行比较,判断g{GP_A(r_A,T_C)–T_C}=r_A是否成立,若不成立,则认证失败;若成立,则进入步骤S42;S41. The authentication server decrypts the received response and compares it with its own calculation result to determine whether g{G P_A (r_A, T_C)–T_C}=r_A is established, if not, the authentication fails; if so, enter the step S42;

S42、认证服务器根据客户端的温度进行温度校准,并向客户端通知第一认证结果。S42. The authentication server performs temperature calibration according to the temperature of the client, and notifies the client of the first authentication result.

进一步的,所述S5具体包括:Further, the S5 specifically includes:

S51、在客户端与服务器端进行随机的温度调节;S51. Perform random temperature adjustment on the client and the server;

S52、对所述S2中的随机数进行译码,计算密码的有效传输时间和映射方式的选择,并根据计算结果进行密码传输;S52, decode the random number in the described S2, calculate the effective transmission time of the password and the selection of the mapping mode, and carry out the password transmission according to the calculation result;

S53、认证服务器判断接收到的密码是否在有效传输时间范围内,若是则对密码进行反映射并校验,校验通过后想客户端返回追中的认证结果。S53: The authentication server determines whether the received password is within the valid transmission time range, and if so, reverse-maps the password and verifies it, and after the verification passes, the client returns the matching authentication result.

进一步的,所述S52具体为:Further, the S52 is specifically:

将随机数的高四位记为a,次高八位记为b,最低四位记为c;The high four bits of the random number are recorded as a, the next high eight bits are recorded as b, and the lowest four bits are recorded as c;

当随机的温度变化第a次处于温度阈值范围[b,b+1]的时间区段内为密码的有效传输时间;When the random temperature change is within the time range of the temperature threshold range [b, b+1] for the ath time, it is the effective transmission time of the password;

从客户端到认证端的密码在传输前通过多套s盒进行非线性映射,当次认证过程中选择第c个s盒作为映射方式。The password from the client to the authentication end is non-linearly mapped through multiple sets of s-boxes before transmission, and the c-th s-box is selected as the mapping method during the current authentication process.

进一步的,判断接收到密码时,判断认证客户端的温度是否正处于第a次达到阈值[b,b+1],即验证T传输=Tf[a,b]是否成立。Further, when it is judged that the password is received, it is judged whether the temperature of the authentication client is reaching the threshold [b, b+1] for the ath time, that is, it is verified whether T transmission =T f[a, b] is established.

还提供一种温度辅助认证的认证系统,包括服务器端认证系统和客户端认证系统,所述服务器端认证系统和客户端认证系统中均包含一个电压温度调节系统,所述电压温度调节系统包括电压温度调节芯片、电压温度调节模块和传感器模块,An authentication system for temperature-assisted authentication is also provided, including a server-side authentication system and a client-side authentication system, wherein both the server-side authentication system and the client-side authentication system include a voltage temperature regulation system, and the voltage temperature regulation system includes a voltage Temperature regulation chip, voltage temperature regulation module and sensor module,

所述电压温度调节芯片用于根据第一认证通知发送电压温度调节信号;The voltage and temperature adjustment chip is configured to send a voltage and temperature adjustment signal according to the first authentication notification;

所述电压温度调节模块与所述电压温度调节芯片相连,用于执行其发送的调节信号;The voltage and temperature adjustment module is connected to the voltage and temperature adjustment chip, and is used for executing the adjustment signal sent by it;

所述传感器模块用于监控所述客户端认证系统或服务器端认证系统的温度,并反馈其监控结果。The sensor module is used to monitor the temperature of the client authentication system or the server authentication system, and feed back the monitoring results.

本发明具有以下有益效果:The present invention has the following beneficial effects:

该认证系统通过在客户端与认证端增设电压温度调节模块,使得温度这一物理变量可控并将其作为认证的一部分,实现了物理与算法加密的结合,能够有效的增强系统对于中继攻击的抵抗性,易于使用。The authentication system adds a voltage and temperature adjustment module on the client and the authentication end, making the physical variable temperature controllable and taking it as part of the authentication, realizing the combination of physical and algorithmic encryption, which can effectively strengthen the system against relay attacks resistance and ease of use.

通过电压调节温度使得认证双方的温度在一定范围内变化,在温度达到特定要求时方可实现双方的认证校验,从而实现物理加密,增强系统安全性。Adjusting the temperature through voltage makes the temperature of both sides of the authentication change within a certain range. When the temperature reaches specific requirements, the authentication and verification of both sides can be realized, thereby realizing physical encryption and enhancing system security.

附图说明Description of drawings

图1为本发明一种温度辅助认证的认证方法流程示意图。FIG. 1 is a schematic flowchart of an authentication method for temperature-assisted authentication according to the present invention.

图2为本发明一种温度辅助认证的认证系统的一种结构示意图。FIG. 2 is a schematic structural diagram of an authentication system for temperature-assisted authentication according to the present invention.

具体实施方式Detailed ways

下面对本发明的具体实施方式进行描述,以便于本技术领域的技术人员理解本发明,但应该清楚,本发明不限于具体实施方式的范围,对本技术领域的普通技术人员来讲,只要各种变化在所附的权利要求限定和确定的本发明的精神和范围内,这些变化是显而易见的,一切利用本发明构思的发明创造均在保护之列。The specific embodiments of the present invention are described below to facilitate those skilled in the art to understand the present invention, but it should be clear that the present invention is not limited to the scope of the specific embodiments. For those skilled in the art, as long as various changes Such changes are obvious within the spirit and scope of the present invention as defined and determined by the appended claims, and all inventions and creations utilizing the inventive concept are within the scope of protection.

一种温度辅助认证的认证方法,如图1所示,包括如下步骤:An authentication method for temperature-assisted authentication, as shown in Figure 1, includes the following steps:

S1、由客户端向认证服务器端发出认证请求,要求进行身份认证;S1. The client sends an authentication request to the authentication server, requiring identity authentication;

S2、认证服务器端判断客户端身份是否合法,若合法,则生成随机数并加密作为挑战发送至客户端;S2. The authentication server determines whether the identity of the client is legal. If it is legal, a random number is generated and encrypted and sent to the client as a challenge;

认证端在接收到认证请求后,对身份信息进行判别,核实后产生一个16bit随机数,经过公钥加密后作为挑战传输回客户端。After receiving the authentication request, the authenticating end discriminates the identity information, and generates a 16-bit random number after verification, which is encrypted by the public key and transmitted back to the client as a challenge.

S3、客户端对接收到的挑战进行解码,并将解码的数据和自身温度信息合并加密生成应答发送至认证服务器;S3. The client decodes the received challenge, and combines and encrypts the decoded data and its own temperature information to generate a response and sends it to the authentication server;

客户端使用私钥将挑战解密并记录,以作为后续密码传输的参考要求。客户端将解密后的数据与温度信息合并,通过另一套公钥进行加密作为应答发送给认证端。The client decrypts and records the challenge using the private key as a reference requirement for subsequent password transfers. The client combines the decrypted data with the temperature information, encrypts it with another set of public keys, and sends it to the authenticator as a response.

S4、验证应答并判断客户端温度是否满足条件,若应答满足条件则进行温度校准并通知客户端第一认证结果;S4, verify the response and determine whether the client temperature meets the conditions, if the response meets the conditions, perform temperature calibration and notify the client of the first authentication result;

收到应答后,认证端通过配套的私钥将应答解密,对解码出来的数据进行校验,并审核客户端的温度是否合理,审核通过则以此温度进行自我校准,使得双方温度保持一致,并通知客户端通过第一认证。在双方完成第一认证后,随即控制温度调节模块进行温度变化。After receiving the response, the authenticating end decrypts the response through the matching private key, verifies the decoded data, and checks whether the temperature of the client is reasonable. Notify the client to pass the first authentication. After both parties complete the first authentication, the temperature adjustment module is then controlled to change the temperature.

S5、在客户端和服务器端进行随机的温度调节,并对所述S2中的随机数进行解码,判断密码是否有效,若是,则向客户端返回最终的认证结果。S5. Perform random temperature adjustment on the client and the server, and decode the random number in the S2 to determine whether the password is valid, and if so, return the final authentication result to the client.

16bit随机数的高四位记为a,次高八位记为b,最低四位记为c。意味着第a次处于温度阈值范围[b,b+1]的时间区段内,进行密码传输是有效的。从客户端到认证端的密码在传输前需要通过s盒进行非线性映射,为了提高安全性,设计了多套s盒,而c决定了本次传输使用哪套s盒映射。认证端接收到映射过的密码时,先判断接收数据的时间是否有效,有效后再通过逆s盒将密码反映射,进行校验,完成最终的认证,并返回认证结果。The high four bits of the 16-bit random number are recorded as a, the second high eight bits are recorded as b, and the lowest four bits are recorded as c. It means that the a-th time is within the time period of the temperature threshold range [b, b+1], it is valid to perform cryptographic transmission. The password from the client to the authentication end needs to be non-linearly mapped through the s-box before transmission. In order to improve security, multiple sets of s-boxes are designed, and c determines which set of s-box mapping is used for this transmission. When the authentication end receives the mapped password, it first determines whether the time of receiving the data is valid, and then reverse-maps the password through the inverse s box, performs verification, completes the final authentication, and returns the authentication result.

本实施例里,以一种基于FPGA的互连安全认证原型为例来详细介绍温度辅助认证的认证系统的实施过程。In this embodiment, an FPGA-based interconnection safety authentication prototype is used as an example to describe the implementation process of the authentication system for temperature-assisted authentication in detail.

如图2所示,本实施例中的客户端认证系统的电路结构和认证服务器端认证系统的电路结构相同,包括控制模块、认证模块和板内互联模块,其中,控制模块分别与认证模块和板内互联模块相连,客户端系统和认证服务器端系统之间通过班内互联模块进行通信。As shown in FIG. 2 , the circuit structure of the client authentication system in this embodiment is the same as the circuit structure of the authentication server authentication system, including a control module, an authentication module and an interconnection module on the board, wherein the control module is respectively connected with the authentication module and the The interconnection modules in the board are connected, and the client system and the authentication server system communicate through the interconnection module in the class.

板内互联模块按照以最小化系统为例,应包括有存储模块、解密模块、加密模块和板间通信模块,其中,存储模块用于存储各类秘钥和公钥以及初始生成的密码,加密和解密模块用于实现板间信息传输时的加密和解密过程,板间通信模块用于实现。Taking the minimization system as an example, the intra-board interconnection module should include a storage module, a decryption module, an encryption module and an inter-board communication module. And the decryption module is used to realize the encryption and decryption process when the information is transmitted between the boards, and the inter-board communication module is used for realization.

在客户端认证系统和认证服务器端认证系统中,还包含一个电压温度调节系统,所述电压温度调节系统包括电压温度调节芯片、电压温度调节模块和传感器模块,电压模块和传感器模块分别与其对应的控制模块和板内互联模块链接,具体的,In the client authentication system and the authentication server authentication system, a voltage and temperature adjustment system is also included. The voltage and temperature adjustment system includes a voltage and temperature adjustment chip, a voltage and temperature adjustment module and a sensor module. The voltage module and the sensor module respectively correspond to The control module and the interconnection module in the board are linked, specifically,

所述电压温度调节芯片用于根据第一认证通知发送电压温度调节指令;其The voltage and temperature adjustment chip is used for sending a voltage and temperature adjustment instruction according to the first authentication notification;

所述电压温度调节模块与所述电压温度调节芯片相连,用于执行其发送的调节指令;The voltage and temperature adjustment module is connected to the voltage and temperature adjustment chip, and is used for executing the adjustment instruction sent by it;

所述传感器模块用于监控所述客户端认证系统或服务器端认证系统的温度,并反馈其监控结果。The sensor module is used to monitor the temperature of the client authentication system or the server authentication system, and feed back the monitoring results.

具体的认证过程为:The specific certification process is as follows:

1)客户端向服务器端发出认证请求,要求进行身份认证;1) The client sends an authentication request to the server, requiring identity authentication;

2)认证服务器判断是否为合法用户,若不是,则不做进一步处理;2) The authentication server judges whether it is a legitimate user, if not, no further processing is performed;

3)认证服务器产生一个随机数,加密后作为“挑战”发送给客户端;3) The authentication server generates a random number, which is encrypted and sent to the client as a "challenge";

4)客户端将“挑战”解密,并将解密的数与自身温度信息合并,加密生成一个新的字符串作为应答,将数据传给认证服务器;4) The client decrypts the "challenge", combines the decrypted number with its own temperature information, encrypts and generates a new string as a response, and transmits the data to the authentication server;

5)认证服务器将应答串与自己计算的结果进行比较,并判断客户端的温度是否合理,若应答满足条件,认证服务器端则根据客户端的温度进行温度的校准以便实现后续的认证,校准完成后,通知客户端第一认证的结果;5) The authentication server compares the response string with the result calculated by itself, and judges whether the temperature of the client is reasonable. If the response meets the conditions, the authentication server performs temperature calibration according to the temperature of the client to achieve subsequent authentication. After the calibration is completed, Notify the client of the result of the first authentication;

6)在传输第一认证结果后,客户端与认证服务器端都根据硬件设计进行温度变化;6) After transmitting the first authentication result, both the client and the authentication server perform temperature changes according to the hardware design;

7)客户端与认证服务器端将随机数进行译码,得到密码的有效传输时间及其映射方式的选择,并据此进行密码的传输;7) The client and the authentication server decode the random number to obtain the effective transmission time of the password and the selection of the mapping method, and transmit the password accordingly;

8)认证服务器端判定传输来的密码是否在合理传输时间范围内,满足条件,则对密码进行反映射并校验;8) The authentication server determines whether the transmitted password is within a reasonable transmission time range and meets the conditions, and then reverse-maps and verifies the password;

9)认证服务器端向客户端返回最终的认证结果。9) The authentication server returns the final authentication result to the client.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

本发明中应用了具体实施例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。In the present invention, the principles and implementations of the present invention are described by using specific embodiments, and the descriptions of the above embodiments are only used to help understand the method and the core idea of the present invention; The idea of the invention will have changes in the specific implementation and application scope. To sum up, the content of this specification should not be construed as a limitation to the present invention.

本领域的普通技术人员将会意识到,这里所述的实施例是为了帮助读者理解本发明的原理,应被理解为本发明的保护范围并不局限于这样的特别陈述和实施例。本领域的普通技术人员可以根据本发明公开的这些技术启示做出各种不脱离本发明实质的其它各种具体变形和组合,这些变形和组合仍然在本发明的保护范围内。Those of ordinary skill in the art will appreciate that the embodiments described herein are intended to assist readers in understanding the principles of the present invention, and it should be understood that the scope of protection of the present invention is not limited to such specific statements and embodiments. Those skilled in the art can make various other specific modifications and combinations without departing from the essence of the present invention according to the technical teachings disclosed in the present invention, and these modifications and combinations still fall within the protection scope of the present invention.

Claims (9)

1. An authentication method for temperature-assisted authentication is characterized by comprising the following steps:
s1, the client sends out an authentication request to the authentication server to request identity authentication;
s2, the authentication server side judges whether the identity of the client side is legal, if so, a random number is generated and encrypted to serve as a challenge to be sent to the client side;
s3, the client decodes the received challenge, and combines and encrypts the decoded data and the self temperature information to generate a response and sends the response to the authentication server;
s4, verifying the response and judging whether the client temperature meets the condition, if so, performing temperature calibration and informing the client of a first authentication result;
and S5, carrying out random temperature regulation on the client and the server, decoding the random number in the S2, judging whether the password is valid, and if so, returning a final authentication result to the client.
2. The method of claim 1, wherein the random number in S2 is a 16-bit random number, and wherein the upper four bits are a valid interval of a cipher transmission, the second upper eight bits are a temperature threshold, and the lower four bits are an S-box mapping selected by the current transmission.
3. The method according to claim 2, wherein the generated random number is encrypted by the first public key in S2, and the encrypted challenge table is used as a challenge tableShown as follows: fP_C(r _ a, ID _ a), where P _ C represents a public key of the client for encrypting the random number r _ a generated by the authenticator and the authenticator identity information ID _ a.
4. The method according to claim 1, wherein the response is encrypted by the second public key in S3, and the encrypted response is represented as: gP_A(r _ A, T _ C), wherein P _ A represents the public key of the authentication end, and is used for encrypting the random number r _ A and the temperature information T _ C decrypted by the client.
5. The temperature-assisted authentication method according to claim 1, wherein the S4 specifically includes:
s41, the authentication server decrypts the received response and compares the decrypted response with the calculation result of the authentication server to judge G { G }P_AWhether r _ a, T _ C) -T _ C is true or not, and if not, authentication fails; if so, go to step S42;
and S42, the authentication server carries out temperature calibration according to the temperature of the client and informs the client of the first authentication result.
6. The temperature-assisted authentication method according to claim 1, wherein the S5 specifically includes:
s51, carrying out random temperature regulation on the client and the server;
s52, decoding the random number in S2, calculating the effective transmission time of the password and the selection of the mapping mode, and transmitting the password according to the calculation result;
and S53, the authentication server judges whether the received password is in the effective transmission time range, if so, the password is subjected to reverse mapping and verification, and the client returns a final authentication result after the verification is passed.
7. The temperature-assisted authentication method according to claim 6, wherein the S52 specifically comprises:
recording the high four bits of the random number as a, recording the next high eight bits as b, and recording the lowest four bits as c;
when the random temperature change is in a time section of the temperature threshold range [ b, b +1] for the first time, the effective transmission time of the password is obtained;
the password from the client to the authentication end is subjected to nonlinear mapping through a plurality of sets of s-boxes before transmission, and the c-th s-box is selected as a mapping mode in the secondary authentication process.
8. The method of claim 7, wherein the determining the password received determines whether the temperature of the authenticated client is reaching the threshold [ b, b +1] the a-th time]I.e. verifying TTransmission of=Tf[a,b]And if the authentication result is not successful, the authentication is successful and the final authentication result is returned.
9. An authentication system of temperature auxiliary authentication comprises a server authentication system and a client authentication system, and is characterized in that the server authentication system and the client authentication system both comprise a voltage temperature regulating system, the voltage temperature regulating system comprises a voltage temperature regulating chip, a voltage temperature regulating module and a sensor module,
the voltage temperature adjusting chip is used for sending a voltage temperature adjusting signal according to the first authentication notification;
the voltage temperature adjusting module is connected with the voltage temperature adjusting chip and used for executing adjusting signals sent by the voltage temperature adjusting chip;
the sensor module is used for monitoring the temperature of the client authentication system or the server authentication system and feeding back the monitoring result.
CN202111677328.3A 2021-12-31 2021-12-31 Temperature-assisted authentication method Active CN114338213B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111677328.3A CN114338213B (en) 2021-12-31 2021-12-31 Temperature-assisted authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111677328.3A CN114338213B (en) 2021-12-31 2021-12-31 Temperature-assisted authentication method

Publications (2)

Publication Number Publication Date
CN114338213A true CN114338213A (en) 2022-04-12
CN114338213B CN114338213B (en) 2022-09-13

Family

ID=81023109

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111677328.3A Active CN114338213B (en) 2021-12-31 2021-12-31 Temperature-assisted authentication method

Country Status (1)

Country Link
CN (1) CN114338213B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115361174A (en) * 2022-07-26 2022-11-18 电子科技大学 An auxiliary authentication method based on thermal imaging
CN115379065A (en) * 2022-07-26 2022-11-22 电子科技大学 A circuit architecture for self-excited heating for information hiding
CN115378657A (en) * 2022-07-26 2022-11-22 电子科技大学 An Authentication Synchronization Method Based on Integrated Circuit Internal Temperature Sensing

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102273176A (en) * 2009-01-14 2011-12-07 熵敏通讯股份有限公司 System and method for retransmission and fragmentation in a communication network
US20180232971A1 (en) * 2017-02-10 2018-08-16 Microchip Technology Incorporated Systems And Methods For Managing Access To A Vehicle Or Other Object Using Environmental Data
CN108572003A (en) * 2017-03-13 2018-09-25 欧姆龙株式会社 The authentication method of environmental sensor and its user, program
CN109005144A (en) * 2018-05-31 2018-12-14 杭州闪易科技有限公司 A kind of identity identifying method, equipment, medium and system
CN109313864A (en) * 2016-05-31 2019-02-05 肖特股份有限公司 Optical key protected quantum authentication and encryption
US20190268331A1 (en) * 2018-02-27 2019-08-29 Bank Of America Corporation Preventing Unauthorized Access to Secure Information Systems Using Multi-Factor, Hardware Based and/or Advanced Biometric Authentication
JP2020135789A (en) * 2019-02-26 2020-08-31 日本電気株式会社 Authentication device, authentication method, program, information processing terminal, and authentication system
CN112185529A (en) * 2020-09-27 2021-01-05 姜智广 Cold chain transportation effectiveness monitoring system and method
US20210367753A1 (en) * 2018-11-02 2021-11-25 Shenyang Institute Of Automation, Chinese Academy Of Sciences Trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption
CN113726763A (en) * 2021-08-27 2021-11-30 国网电力科学研究院有限公司 Challenge response identity authentication technology based on mobile phone number

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102273176A (en) * 2009-01-14 2011-12-07 熵敏通讯股份有限公司 System and method for retransmission and fragmentation in a communication network
CN109313864A (en) * 2016-05-31 2019-02-05 肖特股份有限公司 Optical key protected quantum authentication and encryption
US20190109719A1 (en) * 2016-05-31 2019-04-11 Schott Ag Optical key protected authentication and encryption
US20180232971A1 (en) * 2017-02-10 2018-08-16 Microchip Technology Incorporated Systems And Methods For Managing Access To A Vehicle Or Other Object Using Environmental Data
CN110024005A (en) * 2017-02-10 2019-07-16 密克罗奇普技术公司 For use environment data management to the system and method for the access of vehicle or other objects
CN108572003A (en) * 2017-03-13 2018-09-25 欧姆龙株式会社 The authentication method of environmental sensor and its user, program
US20190268331A1 (en) * 2018-02-27 2019-08-29 Bank Of America Corporation Preventing Unauthorized Access to Secure Information Systems Using Multi-Factor, Hardware Based and/or Advanced Biometric Authentication
CN109005144A (en) * 2018-05-31 2018-12-14 杭州闪易科技有限公司 A kind of identity identifying method, equipment, medium and system
US20210367753A1 (en) * 2018-11-02 2021-11-25 Shenyang Institute Of Automation, Chinese Academy Of Sciences Trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption
JP2020135789A (en) * 2019-02-26 2020-08-31 日本電気株式会社 Authentication device, authentication method, program, information processing terminal, and authentication system
CN112185529A (en) * 2020-09-27 2021-01-05 姜智广 Cold chain transportation effectiveness monitoring system and method
CN113726763A (en) * 2021-08-27 2021-11-30 国网电力科学研究院有限公司 Challenge response identity authentication technology based on mobile phone number

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
YINAN XU: "Combating Enhanced Thermal Covert Channel in Multi-/Many-Core Systems With Channel-Aware Jamming", 《IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS》 *
YUN-KYUNG LEE: "User authentication mechanism using authentication server in home network", 《2006 8TH INTERNATIONAL CONFERENCE ADVANCED COMMUNICATION TECHNOLOGY》 *
潘宇: "终端设备安全防护模块设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
王小妮等: "基于挑战/应答方式的身份认证系统的研究", 《北京机械工业学院学报》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115361174A (en) * 2022-07-26 2022-11-18 电子科技大学 An auxiliary authentication method based on thermal imaging
CN115379065A (en) * 2022-07-26 2022-11-22 电子科技大学 A circuit architecture for self-excited heating for information hiding
CN115378657A (en) * 2022-07-26 2022-11-22 电子科技大学 An Authentication Synchronization Method Based on Integrated Circuit Internal Temperature Sensing
CN115379065B (en) * 2022-07-26 2023-07-28 电子科技大学 A circuit architecture for self-excited heating for information hiding
CN115378657B (en) * 2022-07-26 2024-02-20 电子科技大学 Authentication synchronization method based on integrated circuit internal temperature sensing
CN115361174B (en) * 2022-07-26 2024-02-23 电子科技大学 Auxiliary authentication method based on thermal imaging

Also Published As

Publication number Publication date
CN114338213B (en) 2022-09-13

Similar Documents

Publication Publication Date Title
CN114338213B (en) Temperature-assisted authentication method
US8694778B2 (en) Enrollment of physically unclonable functions
WO2020087805A1 (en) Trusted authentication method employing two cryptographic values and chaotic encryption in measurement and control network
US7231526B2 (en) System and method for validating a network session
US7840993B2 (en) Protecting one-time-passwords against man-in-the-middle attacks
US12047519B2 (en) Physical unclonable function based mutual authentication and key exchange
KR100979576B1 (en) Method and computer readable medium for realizing a new password
TWI512524B (en) System and method for identifying users
JP5845393B2 (en) Cryptographic communication apparatus and cryptographic communication system
US20020166048A1 (en) Use and generation of a session key in a secure socket layer connection
WO2016019127A1 (en) System and method for implementing a one-time-password using asymmetric cryptography
US20110179478A1 (en) Method for secure transmission of sensitive data utilizing network communications and for one time passcode and multi-factor authentication
CN105871553A (en) Identity-free three-factor remote user authentication method
US11743053B2 (en) Electronic signature system and tamper-resistant device
US11991282B2 (en) Distributed private key recovery
CN104734856B (en) A kind of command identifying method of anti-server information leakage
Zhang et al. Privacy-preserving biometric authentication: Cryptanalysis and countermeasures
JP2008124987A (en) Cipher communication apparatus and cipher communication system and cipher communication method and program
JPH0981523A (en) Authentication method
CN117615373B (en) Lightweight key negotiation identity authentication and communication method based on ECC and PUF
CN118488443B (en) A method and system for encrypted communication of unmanned aerial vehicles
CN118647018B (en) A ship-shore identification method and system based on domestic encryption
TWI856757B (en) Cyber security authentication method for non-internet electronic device
US20240380585A1 (en) Method and system for generating a secret key using non-communicating entities
WO2024149029A1 (en) Authentication method and authentication apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant