CN114513316A - Identity-based anonymous authentication method, server and user terminal equipment - Google Patents

Identity-based anonymous authentication method, server and user terminal equipment Download PDF

Info

Publication number
CN114513316A
CN114513316A CN202011161056.7A CN202011161056A CN114513316A CN 114513316 A CN114513316 A CN 114513316A CN 202011161056 A CN202011161056 A CN 202011161056A CN 114513316 A CN114513316 A CN 114513316A
Authority
CN
China
Prior art keywords
authentication
user terminal
server
value
complete
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011161056.7A
Other languages
Chinese (zh)
Other versions
CN114513316B (en
Inventor
王继业
朱洪斌
刘圣龙
毛一凡
王衡
王迪
王海峰
高先周
于鹏飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Big Data Center Of State Grid Corp Of China
Original Assignee
Big Data Center Of State Grid Corp Of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Big Data Center Of State Grid Corp Of China filed Critical Big Data Center Of State Grid Corp Of China
Priority to CN202011161056.7A priority Critical patent/CN114513316B/en
Publication of CN114513316A publication Critical patent/CN114513316A/en
Application granted granted Critical
Publication of CN114513316B publication Critical patent/CN114513316B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to the field of information security and technology, in particular to an identity-based anonymous authentication method, a server and user terminal equipment, aiming at solving the technical problem that an attacker can steal user information under the condition that the server is clamped, and specifically comprising the following steps: generating a complete private key and a complete public key according to the user ID in the registration request; the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key; and authenticating the user terminal equipment according to the knowledge signature and the corresponding sending timestamp, if the authentication is successful, calculating an authentication parameter and sending the authentication parameter to the user terminal equipment so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, interrupting the communication connection with the user terminal equipment. According to the technical scheme provided by the invention, when two communication parties perform security authentication, even if the server is malicious, an attacker cannot obtain any sensitive information of the user, so that the privacy of the user is protected.

Description

Anonymous authentication method based on identity, server and user terminal equipment
Technical Field
The invention relates to the field of information security and technology, in particular to an identity-based anonymous authentication method, a server and user terminal equipment.
Background
With the rapid development of mobile internet and wireless communication, smart devices such as smart phones and smart watches are increasingly popularized, and more netizens use mobile devices to collect, transmit and store data for processing personal services such as instant messaging, online shopping and mobile payment. However, these data may contain sensitive information of individuals, and there is a risk of eavesdropping, impersonation, and replay during data interaction.
For the risks, the effect of reducing the risks can be achieved by adopting a mutual authentication mechanism between the two parties in the mobile internet. The mechanism is that two communication parties (generally, a user and a server) respectively prove certain claimed attributes to each other. A safe authentication protocol can effectively resist the cheating of a malicious attacker on the communication network and ensure the safe operation of the communication network. While the anonymous authentication protocol can provide both secure authentication and anonymity, thereby protecting user privacy.
At present, most of anonymous authentication protocols are aimed at external attackers, namely, the anonymous authentication protocols can play a good privacy protection role in attack modes such as interception, replay and the like. But in some extreme case, once the server is seized, the attacker can still link the user information with the data packet, thereby stealing the user information.
Disclosure of Invention
In order to overcome the above-mentioned drawbacks, the present invention is proposed to provide an identity-based anonymous authentication method, a server and a user terminal device that solve or at least partially solve the technical problem that an attacker can steal user information in the case of a server being held.
The purpose of the invention is realized by adopting the following technical scheme:
in a first aspect, the present invention provides a method of identity-based anonymous authentication for application to a server, the improvement comprising:
receiving a registration request sent by user terminal equipment;
generating a complete private key and a complete public key according to the user ID in the registration request;
sending the complete private key and the complete public key to the user terminal equipment so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
receiving a knowledge signature and a corresponding sending timestamp sent by the user terminal equipment;
and authenticating the user terminal equipment according to the knowledge signature and the corresponding sending timestamp, if the authentication is successful, calculating an authentication parameter and sending the authentication parameter to the user terminal equipment so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, interrupting the communication connection with the user terminal equipment.
In a second aspect, the present invention provides a server, the improvement comprising:
the first receiving module is used for receiving a registration request sent by user terminal equipment;
the first generation module is used for generating a complete private key and a complete public key according to the user ID in the registration request;
the first sending module is used for sending the complete private key and the complete public key to the user terminal equipment so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
the second receiving module is used for receiving the knowledge signature and the corresponding sending timestamp sent by the user terminal equipment;
and the first authentication module is used for authenticating the user terminal equipment according to the knowledge signature and the corresponding sending timestamp, if the authentication is successful, an authentication parameter is calculated and sent to the user terminal equipment, so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, the communication connection with the user terminal equipment is interrupted.
In a third aspect, the present invention provides an identity-based anonymous authentication method for use with a user terminal device, the improvement comprising:
sending a registration request to a server so that the server generates a complete private key and a complete public key according to a user ID in the registration request;
receiving the complete private key and the complete public key sent by the server;
saving the complete private key and disclosing the complete public key;
generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
sending the knowledge signature and a corresponding sending timestamp to the server so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending timestamp;
receiving an authentication parameter sent by the server;
and authenticating the server according to the authentication parameters, if the authentication is successful, establishing communication connection with the server, otherwise, interrupting the establishment of the communication connection with the server.
In a fourth aspect, the present invention provides a user terminal device, wherein the improvement is that the user terminal device comprises:
the second sending module is used for sending a registration request to the server so that the server generates a complete private key and a complete public key according to the user ID in the registration request;
the third receiving module is used for receiving the complete private key and the complete public key sent by the server;
the storage module is used for storing the complete private key and disclosing the complete public key;
the second generation module is used for generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
a third sending module, configured to send the knowledge signature and the corresponding sending timestamp to the server, so that the server authenticates the user terminal device according to the knowledge signature and the corresponding sending timestamp;
the fourth receiving module is used for receiving the authentication parameters sent by the server;
and the second authentication module is used for authenticating the server according to the authentication parameters, establishing communication connection with the server if the authentication is successful, and interrupting the establishment of the communication connection with the server if the authentication is not successful.
One or more technical schemes of the invention at least have one or more of the following beneficial effects:
in the technical scheme of the invention, a user randomizes a private key of the user through the user terminal equipment, converts the randomized private key into a signature in a zero-knowledge proof manner, and then sends the signature to the server. After the server receives the signature, whether the signature is valid can be verified according to system parameters, but which user the signature comes from cannot be obtained. By the method, the sensitive information of the user can be ensured while the mutual authentication between the two communication parties is ensured to be successful.
Drawings
FIG. 1 is a schematic diagram of an application scenario of the present invention;
FIG. 2 is a flow diagram illustrating the main steps of an identity-based anonymous authentication method applied to a server, according to an embodiment of the present invention;
FIG. 3 is a block diagram of the main structure of a server according to one embodiment of the present invention;
FIG. 4 is a flow chart illustrating the main steps of an identity-based anonymous authentication method applied to a user terminal device according to an embodiment of the present invention;
fig. 5 is a main structural block diagram of a user terminal device according to one embodiment of the present invention.
Detailed Description
Some embodiments of the invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and are not intended to limit the scope of the present invention.
In the description of the present invention, a "module" or "processor" may include hardware, software, or a combination of both. A module may comprise hardware circuitry, various suitable sensors, communication ports, memory, may comprise software components such as program code, or may be a combination of software and hardware. The processor may be a central processing unit, microprocessor, image processor, digital signal processor, or any other suitable processor. The processor has data and/or signal processing functionality. The processor may be implemented in software, hardware, or a combination thereof. Non-transitory computer readable storage media include any suitable medium that can store program code, such as magnetic disks, hard disks, optical disks, flash memory, read-only memory, random-access memory, and the like.
At present, most of traditional anonymous authentication protocols are aimed at external attackers, namely, the traditional anonymous authentication protocols can play a good privacy protection effect on attack modes such as interception, replay and the like. In some extreme cases, once the server is seized, the attacker can still link the user information with the data packet, resulting in theft of the user information.
In the embodiment of the invention, a user randomizes a private key of the user through user terminal equipment, converts the randomized private key into a signature in a zero-knowledge proof mode, and then sends the signature to a server. After the server receives the signature, whether the signature is valid can be verified according to the system parameters, but the user from which the signature comes can not be obtained. By the method, the sensitive information of the user can be ensured while the mutual authentication between the two communication parties is ensured to be successful.
In one application scenario of the present invention, as shown in fig. 1, a user U is a user terminal device used by a user, a communication device is disposed in the user U, and the user U establishes a communication connection with a server S through the communication device (including, but not limited to, a WIFI communication device and a 4G communication device (a communication device based on fourth generation mobile communication and technology thereof)). In the process of establishing the communication connection, firstly, a user U sends a registration request to a server, the server S receives the registration request sent by user terminal equipment, and a complete private key and a complete public key are generated according to a user ID in the registration request; then, the user U receives the complete private key and the complete public key sent by the server, stores the complete private key, discloses the complete public key, generates a knowledge signature of user terminal equipment according to the complete private key and the complete public key, and sends the knowledge signature and a corresponding sending timestamp to the server, so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending timestamp; the server S receives the knowledge signature and the corresponding sending timestamp sent by the user terminal equipment; and authenticating the user terminal equipment according to the knowledge signature and the corresponding sending timestamp, if the authentication is successful, calculating an authentication parameter and sending the authentication parameter to the user terminal equipment so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, interrupting the communication connection with the user terminal equipment. Finally, the user U receives the authentication parameters sent by the server; and authenticating the server according to the authentication parameters, if the authentication is successful, establishing communication connection with the server, otherwise, interrupting the establishment of the communication connection with the server. At this point, the mutual authentication between the user U and the server S is completed.
Referring to fig. 2, fig. 2 is a flow chart illustrating the main steps of the identity-based anonymous authentication method applied to a server according to an embodiment of the present invention. As shown in fig. 2, the identity-based anonymous authentication method applied to the server in the embodiment of the present invention mainly includes the following steps:
step 101: receiving a registration request sent by user terminal equipment;
in this embodiment, the user terminal device may include smart devices such as a smart phone, a computer, a smart watch, and a tablet computer. The registration request may include: basic information such as user ID, user name and user identity.
Step 102: generating a complete private key and a complete public key according to the user ID in the registration request;
in one embodiment, the full private key and the full public key may be generated by:
in a limited domain
Figure BDA0002744237940000061
Selecting a random number r, taking r as a first bit element value of the complete private key, and calculating a second bit element value sk of the complete private key as (gamma + m + r mu)-1·P1Generating a complete private key (r, sk);
calculating the complete public key pk ═ (γ + m + r μ) · P2=u+m·P2+r·v;
Where m is the hash value of the user ID, P1,P2Are each G1,G2A generator of (1), G1、G2Are bilinear groups with order q of more than or equal to 2160Is the first and second bit element values of the master private key, and u and v are the third and fourth bit element values of the master public key, respectively.
In one embodiment, the obtaining of the master private key comprises: in a limited domain
Figure BDA0002744237940000062
Selecting random numbers gamma and mu, and respectively using gamma and mu as a first bit element value and a second bit element value of the main private key to generate the main private key (gamma and mu);
the process of acquiring the master public key comprises the following steps: calculating the first bit element value of the master public key
Figure BDA0002744237940000063
Value of second bit element
Figure BDA0002744237940000064
The value u ═ γ · P of the third element2And the fourth element value v ═ μ · P2Generating a master public key
Figure BDA0002744237940000065
Further, step 103: sending the complete private key and the complete public key to the user terminal equipment so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
step 104: receiving a knowledge signature and a corresponding sending timestamp sent by the user terminal equipment;
after the server receives the signature, it can verify whether the signature is valid, but it cannot derive from which user the signature came, in detail step 105: and authenticating the user terminal equipment according to the knowledge signature and the corresponding sending timestamp, if the authentication is successful, calculating an authentication parameter and sending the authentication parameter to the user terminal equipment so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, interrupting the communication connection with the user terminal equipment.
In one embodiment, a first authentication value is first calculated
Figure BDA0002744237940000071
Second authentication value
Figure BDA0002744237940000072
Figure BDA0002744237940000073
Third authentication value
Figure BDA0002744237940000074
Figure BDA0002744237940000075
Fourth authentication value
Figure BDA0002744237940000076
Fifth authentication value
Figure BDA0002744237940000077
Figure BDA0002744237940000078
Sixth authentication value
Figure BDA0002744237940000079
Seventh authentication value
Figure BDA00027442379400000710
Further, whether the value c of the fifth bit element in the knowledge signature is equal to
Figure BDA00027442379400000711
If yes, the authentication is successful, otherwise, the authentication is failed;
wherein,
Figure BDA00027442379400000712
is the first bit element value of the master public key,
Figure BDA00027442379400000713
is the second bit element value of the main public key, u is the third bit element value of the main public key, v is the fourth bit element value of the main public key, P1,P2Are each G1,G2A generator of (1), G1、G2Are bilinear groups with order q of more than or equal to 2160R is the first bit element value in the knowledge signature, T1For the value of the second bit element in the knowledge signature, T2For the value of the third bit element, T, in the knowledge signature3Is the fourth bit element value in the knowledge signature, c is the fifth bit element value in the knowledge signature, sαIs the value of the thirteenth element, s, in the knowledge signatureβIs the fourteenth bit element value, s, in the knowledge signaturemIs the fourteenth bit element value, s, in the knowledge signaturerFor the value of the fifteenth bit element in the knowledge signature,
Figure BDA00027442379400000714
for the value of the sixteenth bit element in the knowledge signature,
Figure BDA00027442379400000715
for the value of the seventeenth bit element in the knowledge signature,
Figure BDA00027442379400000716
is the eighteenth bit element value in the knowledge signature,
Figure BDA00027442379400000717
is the value of the nineteenth element in the knowledge signature, Tsm1And e is a natural constant, and is a sending time stamp when the knowledge signature is sent by the user terminal equipment.
In another embodiment, the calculating the authentication parameter includes:
will array (R, sigma)s,T1,T2,(γ)-1T1+(μ)-1T2,Tsm2) Wherein γ is the first bit element value of the master private key, μ is the first bit element value of the master private key, and T is the first bit element value of the master private keysm2Is the current timestamp, σ, of the serversTo authenticate the key, σs=T3-(γ)-1T1-(μ)-1T2
The server in the embodiment can ensure the sensitive information of the user while ensuring the successful mutual authentication of the two communication parties.
It should be noted that, although the foregoing embodiments describe each step in a specific sequence, those skilled in the art will understand that, in order to achieve the effect of the present invention, different steps do not necessarily need to be executed in such a sequence, and they may be executed simultaneously (in parallel) or in other sequences, and these changes are all within the protection scope of the present invention.
Based on the same inventive concept, this embodiment further provides a server, as shown in fig. 3, where the server includes:
the first receiving module is used for receiving a registration request sent by user terminal equipment;
the first generation module is used for generating a complete private key and a complete public key according to the user ID in the registration request;
specifically, in an embodiment, the first generating module is specifically configured to:
in a limited domain
Figure BDA0002744237940000081
Selecting a random number r, taking r as a first bit element value of the complete private key, and calculating a second bit element value sk of the complete private key as (gamma + m + r mu)-1·P1Generating a complete private key (r, sk);
calculating the complete public key pk ═ (γ + m + r μ) · P2=u+m·P2+r·v;
Where m is the hash value of the user ID, P1,P2Are each G1,G2A generator of (1), G1、G2Are bilinear groups with order q of more than or equal to 2160Is the first and second bit element values of the master private key, and u and v are the third and fourth bit element values of the master public key, respectively.
Wherein, the obtaining process of the main private key comprises the following steps: in a limited domain
Figure BDA0002744237940000082
Selecting random numbers gamma and mu, and respectively using gamma and mu as a first bit element value and a second bit element value of the main private key to generate the main private key (gamma and mu);
the acquiring process of the master public key comprises the following steps: calculating the first bit element value of the master public key
Figure BDA0002744237940000083
Value of second bit element
Figure BDA0002744237940000084
The value u ═ γ · P of the third element2And the fourth element value v ═ μ · P2Generating a master public key
Figure BDA0002744237940000085
The first sending module is used for sending the complete private key and the complete public key to the user terminal equipment so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
the second receiving module is used for receiving the knowledge signature and the corresponding sending timestamp sent by the user terminal equipment;
and the first authentication module is used for authenticating the user terminal equipment according to the knowledge signature and the corresponding sending timestamp, if the authentication is successful, an authentication parameter is calculated and sent to the user terminal equipment, so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, the communication connection with the user terminal equipment is interrupted.
In one embodiment, the first authentication module is specifically configured to:
calculating a first authentication value
Figure BDA0002744237940000091
Second authentication value
Figure BDA0002744237940000092
Third authentication value
Figure BDA0002744237940000093
Fourth authentication value
Figure BDA0002744237940000094
Fifth authentication value
Figure BDA0002744237940000095
Sixth authentication value
Figure BDA0002744237940000096
Seventh authentication value
Figure BDA0002744237940000097
Judging whether the value c of the fifth bit element in the knowledge signature is equal to the value c
Figure BDA0002744237940000098
If yes, the authentication is successful, otherwise, the authentication is failed;
wherein,
Figure BDA0002744237940000099
is the first bit element value of the master public key,
Figure BDA00027442379400000910
is the second bit element value of the master public key, u is the third bit element value of the master public key, v is the fourth bit element value of the master public key, P1,P2Are each G1,G2A generator of (1), G1、G2Are bilinear groups with order q of more than or equal to 2160R is the first bit element value in the knowledge signature, T1For the value of the second bit element in the knowledge signature, T2For the value of the third bit element, T, in the knowledge signature3Is the fourth bit element value in the knowledge signature, c is the fifth bit element value in the knowledge signature, sαIs the value of the thirteenth element, s, in the knowledge signatureβIs the fourteenth bit element value, s, in the knowledge signaturemIs the fourteenth bit element value, s, in the knowledge signaturerFor the value of the fifteenth bit element in the knowledge signature,
Figure BDA00027442379400000911
for the value of the sixteenth bit element in the knowledge signature,
Figure BDA00027442379400000912
for the value of the seventeenth bit element in the knowledge signature,
Figure BDA00027442379400000913
is the eighteenth bit element value in the knowledge signature,
Figure BDA00027442379400000914
is the value of the nineteenth element in the knowledge signature, Tsm1And e is a natural constant, and the time stamp is a sending time stamp when the knowledge signature is sent by the user terminal equipment.
Further, the calculating the authentication parameter includes:
will array (R, sigma)s,T1,T2,(γ)-1T1+(μ)-1T2,Tsm2) Wherein γ is the first bit element value of the master private key, μ is the first bit element value of the master private key, and T is the first bit element value of the master private keysm2Is the current timestamp, σ, of the serversTo authenticate the key, σs=T3-(γ)-1T1-(μ)-1T2
Referring to fig. 4, fig. 4 is a flow chart illustrating the main steps of the identity-based anonymous authentication method applied to the user terminal device according to an embodiment of the present invention. As shown in fig. 4, the identity-based anonymous authentication method applied to the user terminal device in the embodiment of the present invention mainly includes the following steps:
step 201: sending a registration request to a server so that the server generates a complete private key and a complete public key according to a user ID in the registration request;
step 202: receiving the complete private key and the complete public key sent by the server;
step 203: saving the complete private key and disclosing the complete public key;
step 204: generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
in one embodiment, step 204 may be implemented based on the following:
in a limited domain
Figure BDA0002744237940000101
To select a random number t and calculate an authentication key sigmauT · sk, temporary variable R ═ t · P1
In a limited domain
Figure BDA0002744237940000102
To select random numbers alpha and beta, and to authenticate a key sigmauEncrypted to obtain ciphertext
Figure BDA0002744237940000103
Figure BDA0002744237940000104
Computing assisted computation of a first variable δ of proof of knowledge1α · m, second variable δ2β · m, third variable δ3α r and a fourth variable δ4=β·r;
From alpha, beta, m, r, delta1234Forming a knowledge array in a finite field
Figure BDA0002744237940000105
In selecting a random number rα,rβ,rm,rr,
Figure BDA0002744237940000106
And
Figure BDA0002744237940000107
computing proof of knowledge (R) of an array of knowledge1,R2,R3,R4,R5,R6,R7) Wherein
Figure BDA0002744237940000108
zero knowledge proof of computational knowledge array
Figure BDA0002744237940000111
Wherein s isα=rα+cα,sβ=rβ+cβ,sm=rm+cm,sr=rr+cr,
Figure BDA0002744237940000112
Figure BDA0002744237940000116
Set the knowledge signature as
Figure BDA0002744237940000113
Wherein m is a hash value of a user ID, r is a first bit element value of the complete private key, sk is a second bit element value of the complete private key,
Figure BDA0002744237940000114
is the first bit element value of the master public key,
Figure BDA0002744237940000115
is the second bit element value of the master public key, u is the third bit element value of the master public key, v is the fourth bit element value of the master public key, P1,P2Are each G1,G2A generator of (1), G1、G2Are bilinear groups with order q of more than or equal to 2160C is a zero proof of knowledge parameter whose value is equal to the array (R, T)1,T2,T3,R1,R2,R3,R4,R5,R6,R7,Tsm1) Hash value of, Tsm1And e is a natural constant, and is the current timestamp of the user terminal equipment.
Step 205: sending the knowledge signature and a corresponding sending timestamp to the server so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending timestamp;
step 206: receiving an authentication parameter sent by the server;
step 207: and authenticating the server according to the authentication parameters, if the authentication is successful, establishing communication connection with the server, otherwise, interrupting the establishment of the communication connection with the server.
In one embodiment, step 207 may be implemented based on:
determining whether the authentication parameter is equal to an array (R, σ)u,T1,T2,(α+β)·P1,Tsm2) If yes, the authentication is successful, and if not, the authentication is failed.
In the embodiment, the user randomizes the own private key, converts the randomized private key into the signature in a zero-knowledge proof mode, and sends the signature to the server, so that the server is subjected to bidirectional authentication, and sensitive information of the user can be ensured while the mutual authentication between two communication parties is ensured to be successful.
It should be noted that, although the foregoing embodiments describe each step in a specific sequence, those skilled in the art will understand that, in order to achieve the effect of the present invention, different steps do not necessarily need to be executed in such a sequence, and they may be executed simultaneously (in parallel) or in other sequences, and these changes are all within the protection scope of the present invention.
Based on the same inventive concept, this embodiment further provides a user terminal device, as shown in fig. 5, where the user terminal device includes:
the second sending module is used for sending a registration request to the server so that the server generates a complete private key and a complete public key according to the user ID in the registration request;
the third receiving module is used for receiving the complete private key and the complete public key sent by the server;
the storage module is used for storing the complete private key and disclosing the complete public key;
the second generation module is used for generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
in one embodiment, the second generating module is specifically configured to:
in a limited domain
Figure BDA0002744237940000121
To select a random number t and calculate an authentication key sigmauT · sk, temporary variable R ═ t · P1
In a limited domain
Figure BDA0002744237940000122
To select random numbers alpha and beta, and to authenticate a key sigmauEncrypted to obtain ciphertext
Figure BDA0002744237940000123
Figure BDA0002744237940000124
Computing assisted computation of a first variable δ of proof of knowledge1α · m, second variable δ2β · m, third variable δ3α r and a fourth variable δ4=β·r;
From alpha, beta, m, r, delta1234Forming a knowledge array in a finite field
Figure BDA0002744237940000125
In the selection of a random number rα,rβ,rm,rr,
Figure BDA0002744237940000126
And
Figure BDA0002744237940000127
computing proof of knowledge (R) of an array of knowledge1,R2,R3,R4,R5,R6,R7) Wherein
Figure BDA0002744237940000128
zero knowledge proof of computational knowledge array
Figure BDA0002744237940000129
Wherein s isα=rα+cα,sβ=rβ+cβ,sm=rm+cm,sr=rr+cr,
Figure BDA00027442379400001210
Figure BDA00027442379400001212
Set the knowledge signature as
Figure BDA00027442379400001211
Wherein m is a hash value of a user ID, r is a first bit element value of the complete private key, sk is a second bit element value of the complete private key,
Figure BDA0002744237940000131
is the first bit element value of the master public key,
Figure BDA0002744237940000132
is the second bit element value of the master public key, u is the third bit element value of the master public key, v is the fourth bit element value of the master public key, P1,P2Are each G1,G2A generator of (1), G1、G2Are bilinear groups with order q of more than or equal to 2160C is a zero proof of knowledge parameter whose value is equal to the array (R, T)1,T2,T3,R1,R2,R3,R4,R5,R6,R7,Tsm1) Hash value of, Tsm1And e is a natural constant, and is the current timestamp of the user terminal equipment.
A third sending module, configured to send the knowledge signature and the corresponding sending timestamp to the server, so that the server authenticates the user terminal device according to the knowledge signature and the corresponding sending timestamp;
the fourth receiving module is used for receiving the authentication parameters sent by the server;
and the second authentication module is used for authenticating the server according to the authentication parameters, establishing communication connection with the server if the authentication is successful, and interrupting the establishment of the communication connection with the server if the authentication is not successful.
In one embodiment, the second authentication module is specifically configured to:
determining whether the authentication parameter is equal to an array (R, σ)u,T1,T2,(α+β)·P1,Tsm2) If yes, the authentication is successful, and if not, the authentication is failed.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (10)

1. An identity-based anonymous authentication method applied to a server, the method comprising:
receiving a registration request sent by user terminal equipment;
generating a complete private key and a complete public key according to the user ID in the registration request;
sending the complete private key and the complete public key to the user terminal equipment so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
receiving a knowledge signature and a corresponding sending timestamp sent by the user terminal equipment;
and authenticating the user terminal equipment according to the knowledge signature and the corresponding sending timestamp, if the authentication is successful, calculating an authentication parameter and sending the authentication parameter to the user terminal equipment so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, interrupting the communication connection with the user terminal equipment.
2. The method of claim 1, wherein generating a complete private key and a complete public key from the user ID in the registration request comprises:
in a limited domain
Figure FDA0002744237930000011
Selecting a random number r, taking r as a first bit element value of the complete private key, and calculating a second bit element value sk of the complete private key as (gamma + m + r mu)-1·P1Generating a complete private key (r, sk);
calculating the complete public key pk ═ (γ + m + r μ) · P2=u+m·P2+r·v;
Where m is the hash value of the user ID, P1,P2Are each G1,G2A generator of (1), G1、G2Are bilinear groups with order q of more than or equal to 2160Is the first and second bit element values of the master private key, and u and v are the third and fourth bit element values of the master public key, respectively.
3. The method of claim 2, wherein the obtaining of the master private key comprises: in a limited domain
Figure FDA0002744237930000012
Selecting random numbers gamma and mu, and respectively using gamma and mu as a first bit element value and a second bit element value of the main private key to generate the main private key (gamma and mu);
the acquiring process of the master public key comprises the following steps: calculating the first bit element value of the master public key
Figure FDA0002744237930000013
Value of second bit element
Figure FDA0002744237930000014
The value u ═ γ · P of the third element2And the fourth element value v ═ μ · P2Generating a master public key
Figure FDA0002744237930000021
4. The method of claim 1, wherein authenticating the user terminal device according to the knowledge signature and the corresponding transmission timestamp comprises:
calculating a first authentication value
Figure FDA0002744237930000022
Second authentication value
Figure FDA0002744237930000023
Third authentication value
Figure FDA0002744237930000024
Fourth authentication value
Figure FDA0002744237930000025
Fifth authentication value
Figure FDA0002744237930000026
Sixth authentication value
Figure FDA0002744237930000027
Seventh authentication value
Figure FDA0002744237930000028
Judging whether the value c of the fifth bit element in the knowledge signature is equal to the value c
Figure FDA0002744237930000029
If yes, the authentication is successful, otherwise, the authentication is failed;
wherein,
Figure FDA00027442379300000210
is the first bit element value of the master public key,
Figure FDA00027442379300000211
is the second bit element value of the master public key, u is the third bit element value of the master public key, v is the fourth bit element value of the master public key, P1,P2Are each G1,G2A generator of (1), G1、G2Are bilinear groups with order q of more than or equal to 2160R is the first bit element value in the knowledge signature, T1For the value of the second bit element in the knowledge signature, T2For the value of the third bit element, T, in the knowledge signature3Is the fourth bit element value in the knowledge signature, c is the fifth bit element value in the knowledge signature, sαIs the value of the thirteenth element, s, in the knowledge signatureβIs the fourteenth bit element value, s, in the knowledge signaturemIs the fourteenth bit element value, s, in the knowledge signaturerFor the value of the fifteenth bit element in the knowledge signature,
Figure FDA00027442379300000212
for the value of the sixteenth bit element in the knowledge signature,
Figure FDA00027442379300000213
for the value of the seventeenth bit element in the knowledge signature,
Figure FDA00027442379300000214
is the eighteenth bit element value in the knowledge signature,
Figure FDA00027442379300000215
is the value of the nineteenth element in the knowledge signature, Tsm1And e is a natural constant, and the time stamp is a sending time stamp when the knowledge signature is sent by the user terminal equipment.
5. The method of claim 4, wherein said calculating an authentication quantity comprises:
will array (R, sigma)s,T1,T2,(γ)-1T1+(μ)-1T2,Tsm2) Wherein γ is the first bit element value of the master private key, μ is the first bit element value of the master private key, and T is the first bit element value of the master private keysm2Is the current timestamp, σ, of the serversTo authenticate the key, σs=T3-(γ)-1T1-(μ)-1T2
6. A server, characterized in that the server comprises:
the first receiving module is used for receiving a registration request sent by user terminal equipment;
the first generation module is used for generating a complete private key and a complete public key according to the user ID in the registration request;
the first sending module is used for sending the complete private key and the complete public key to the user terminal equipment so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
the second receiving module is used for receiving the knowledge signature and the corresponding sending timestamp sent by the user terminal equipment;
and the first authentication module is used for authenticating the user terminal equipment according to the knowledge signature and the corresponding sending timestamp, if the authentication is successful, an authentication parameter is calculated and sent to the user terminal equipment, so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, the communication connection with the user terminal equipment is interrupted.
7. An identity-based anonymous authentication method applied to user terminal equipment is characterized by comprising the following steps:
sending a registration request to a server so that the server generates a complete private key and a complete public key according to a user ID in the registration request;
receiving the complete private key and the complete public key sent by the server;
saving the complete private key and disclosing the complete public key;
generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
sending the knowledge signature and a corresponding sending timestamp to the server so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending timestamp;
receiving an authentication parameter sent by the server;
and authenticating the server according to the authentication parameters, if the authentication is successful, establishing communication connection with the server, otherwise, interrupting the establishment of the communication connection with the server.
8. The method of claim 7, wherein generating the knowledge signature of the user terminal device from the complete private key and the complete public key comprises:
in a limited domain
Figure FDA0002744237930000041
To select a random number t and calculate an authentication key sigmauT · sk, temporary variable R ═ t · P1
In a limited domain
Figure FDA0002744237930000042
To select random numbers alpha and beta, and to authenticate a key sigmauEncrypted to obtain ciphertext
Figure FDA0002744237930000043
Figure FDA0002744237930000044
Computing assisted computation of a first variable δ of proof of knowledge1α · m, second variable δ2β · m, third variable δ3α r and a fourth variable δ4=β·r;
The combination of alpha, beta,m,r,δ1234forming a knowledge array in a finite field
Figure FDA0002744237930000045
In the selection of a random number rα,rβ,rm,rr,
Figure FDA0002744237930000046
And
Figure FDA0002744237930000047
computing proof of knowledge (R) of an array of knowledge1,R2,R3,R4,R5,R6,R7) Wherein
Figure FDA0002744237930000048
Figure FDA0002744237930000049
Figure FDA00027442379300000410
zero knowledge proof of computational knowledge array
Figure FDA00027442379300000411
Wherein s isα=rα+cα,sβ=rβ+cβ,sm=rm+cm,sr=rr+cr,
Figure FDA00027442379300000412
Figure FDA00027442379300000413
Set the knowledge signature as
Figure FDA00027442379300000414
Wherein m is a hash value of a user ID, r is a first bit element value of the complete private key, sk is a second bit element value of the complete private key,
Figure FDA00027442379300000415
is the first bit element value of the master public key,
Figure FDA00027442379300000416
is the second bit element value of the master public key, u is the third bit element value of the master public key, v is the fourth bit element value of the master public key, P1,P2Are each G1,G2A generator of (1), G1、G2Are bilinear groups with order q of more than or equal to 2160C is a zero proof of knowledge parameter whose value is equal to the array (R, T)1,T2,T3,R1,R2,R3,R4,R5,R6,R7,Tsm1) Hash value of, Tsm1And e is a natural constant, and is the current timestamp of the user terminal equipment.
9. The method of claim 8, wherein authenticating the server according to the authentication parameter comprises:
determining whether the authentication parameter is equal to an array (R, σ)u,T1,T2,(α+β)·P1,Tsm2) If yes, the authentication is successful, and if not, the authentication is failed.
10. A user terminal device, characterized in that the user terminal device comprises:
the second sending module is used for sending a registration request to the server so that the server generates a complete private key and a complete public key according to the user ID in the registration request;
the third receiving module is used for receiving the complete private key and the complete public key sent by the server;
the storage module is used for storing the complete private key and disclosing the complete public key;
the second generation module is used for generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
a third sending module, configured to send the knowledge signature and the corresponding sending timestamp to the server, so that the server authenticates the user terminal device according to the knowledge signature and the corresponding sending timestamp;
the fourth receiving module is used for receiving the authentication parameters sent by the server;
and the second authentication module is used for authenticating the server according to the authentication parameters, establishing communication connection with the server if the authentication is successful, and interrupting the establishment of the communication connection with the server if the authentication is not successful.
CN202011161056.7A 2020-10-27 2020-10-27 Anonymous authentication method based on identity, server and user terminal equipment Active CN114513316B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011161056.7A CN114513316B (en) 2020-10-27 2020-10-27 Anonymous authentication method based on identity, server and user terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011161056.7A CN114513316B (en) 2020-10-27 2020-10-27 Anonymous authentication method based on identity, server and user terminal equipment

Publications (2)

Publication Number Publication Date
CN114513316A true CN114513316A (en) 2022-05-17
CN114513316B CN114513316B (en) 2024-01-16

Family

ID=81546514

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011161056.7A Active CN114513316B (en) 2020-10-27 2020-10-27 Anonymous authentication method based on identity, server and user terminal equipment

Country Status (1)

Country Link
CN (1) CN114513316B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115396225A (en) * 2022-08-31 2022-11-25 北京华宜信科技有限公司 Data platform user identity authentication method and device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107342859A (en) * 2017-07-07 2017-11-10 安徽大学 Anonymous authentication method and application thereof
CN107659395A (en) * 2017-10-30 2018-02-02 武汉大学 The distributed authentication method and system of identity-based under a kind of environment of multi-server
JP2018037988A (en) * 2016-09-02 2018-03-08 日本電信電話株式会社 Secret key synchronization system, user terminal, and secret key synchronization method
CN107947913A (en) * 2017-11-15 2018-04-20 武汉大学 The anonymous authentication method and system of a kind of identity-based
CN108989050A (en) * 2018-08-23 2018-12-11 电子科技大学 A kind of certificateless digital signature method
CN110225023A (en) * 2019-06-06 2019-09-10 湖南大学 A kind of traceable anonymous authentication method and system
CN111010269A (en) * 2019-11-29 2020-04-14 中国人民解放军国防科技大学 Pair-based combined hierarchical interactive-free key agreement method
CN111181898A (en) * 2018-11-13 2020-05-19 中国石油化工股份有限公司 Data security protection method based on background server and APP client
US20200228343A1 (en) * 2019-01-14 2020-07-16 EMC IP Holding Company LLC Key-based authentication for backup service

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018037988A (en) * 2016-09-02 2018-03-08 日本電信電話株式会社 Secret key synchronization system, user terminal, and secret key synchronization method
CN107342859A (en) * 2017-07-07 2017-11-10 安徽大学 Anonymous authentication method and application thereof
CN107659395A (en) * 2017-10-30 2018-02-02 武汉大学 The distributed authentication method and system of identity-based under a kind of environment of multi-server
CN107947913A (en) * 2017-11-15 2018-04-20 武汉大学 The anonymous authentication method and system of a kind of identity-based
CN108989050A (en) * 2018-08-23 2018-12-11 电子科技大学 A kind of certificateless digital signature method
CN111181898A (en) * 2018-11-13 2020-05-19 中国石油化工股份有限公司 Data security protection method based on background server and APP client
US20200228343A1 (en) * 2019-01-14 2020-07-16 EMC IP Holding Company LLC Key-based authentication for backup service
CN110225023A (en) * 2019-06-06 2019-09-10 湖南大学 A kind of traceable anonymous authentication method and system
CN111010269A (en) * 2019-11-29 2020-04-14 中国人民解放军国防科技大学 Pair-based combined hierarchical interactive-free key agreement method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115396225A (en) * 2022-08-31 2022-11-25 北京华宜信科技有限公司 Data platform user identity authentication method and device

Also Published As

Publication number Publication date
CN114513316B (en) 2024-01-16

Similar Documents

Publication Publication Date Title
CN109672539B (en) SM2 algorithm collaborative signature and decryption method, device and system
CN109309569B (en) SM2 algorithm-based collaborative signature method and device and storage medium
CN111095963A (en) Method and architecture for secure ranging
CN109729523B (en) Terminal networking authentication method and device
Wazid et al. Provably secure biometric‐based user authentication and key agreement scheme in cloud computing
CN110401615B (en) Identity authentication method, device, equipment, system and readable storage medium
CN109818741B (en) Decryption calculation method and device based on elliptic curve
CN109150897B (en) End-to-end communication encryption method and device
EP3010177A1 (en) Method for authenticating a client device with a server using a secret element
CN103414690A (en) Publicly-verifiable cloud data possession checking method
CN113067823B (en) Mail user identity authentication and key distribution method, system, device and medium
CN109040060B (en) Terminal matching method and system and computer equipment
CN112241527B (en) Secret key generation method and system of terminal equipment of Internet of things and electronic equipment
CN111342955A (en) Communication method and device thereof, and computer storage medium
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN111654481B (en) Identity authentication method, identity authentication device and storage medium
CN107395627B (en) Lightweight authentication protocol based on one-way function
CN117675285A (en) Identity verification method, chip and equipment
US8954728B1 (en) Generation of exfiltration-resilient cryptographic keys
CN111565108B (en) Signature processing method, device and system
CN114070549B (en) Key generation method, device, equipment and storage medium
CN114513316B (en) Anonymous authentication method based on identity, server and user terminal equipment
CN116170144B (en) Smart power grid anonymous authentication method, electronic equipment and storage medium
Kim et al. Further improved remote user authentication scheme
CN115314205B (en) Collaborative signature system and method based on key segmentation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant