CN114513316B - Anonymous authentication method based on identity, server and user terminal equipment - Google Patents
Anonymous authentication method based on identity, server and user terminal equipment Download PDFInfo
- Publication number
- CN114513316B CN114513316B CN202011161056.7A CN202011161056A CN114513316B CN 114513316 B CN114513316 B CN 114513316B CN 202011161056 A CN202011161056 A CN 202011161056A CN 114513316 B CN114513316 B CN 114513316B
- Authority
- CN
- China
- Prior art keywords
- authentication
- user terminal
- server
- complete
- element value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000004891 communication Methods 0.000 claims abstract description 38
- 230000008569 process Effects 0.000 claims description 9
- 238000003491 array Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000006872 improvement Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Abstract
The invention relates to the field of information security and technology, in particular to an anonymous authentication method based on identity, a server and user terminal equipment, which aim to solve the technical problem that an attacker can steal user information under the condition that the server is held, and specifically comprise the following steps: generating a complete private key and a complete public key according to the user ID in the registration request; the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key; and authenticating the user terminal equipment according to the knowledge signature and the corresponding sending time stamp, if the authentication is successful, calculating an authentication parameter and sending the authentication parameter to the user terminal equipment so that the user terminal equipment authenticates the server according to the authentication parameter, otherwise, interrupting the communication connection with the user terminal equipment. According to the technical scheme provided by the invention, both communication parties can not obtain any sensitive information of the user even if the server is malicious while carrying out security authentication, so that the privacy of the user is protected.
Description
Technical Field
The invention relates to the field of information security and technology, in particular to an anonymous authentication method based on identity, a server and user terminal equipment.
Background
With the rapid development of mobile internet and wireless communication, smart devices such as smart phones and smart watches are increasingly popular, and more netizens use mobile devices to collect, transfer and store data for processing personal services such as instant messaging, online shopping and mobile payment. However, these data may often contain sensitive information of individuals, etc., and there is often risk of eavesdropping, impersonation, replay, etc. during the data interaction process.
For the risks, the effect of reducing the risks can be achieved by adopting a mutual authentication mechanism between the two parties in the mobile internet. The mechanism is that both parties (typically the user and the server) respectively prove to each other certain purported attributes. A secure authentication protocol can effectively resist fraud on the communication network by malicious attackers, and ensures secure operation of the communication network. While anonymous authentication protocols can provide both security authentication and anonymity, thereby protecting user privacy.
At present, most of anonymous authentication protocols are aimed at external attackers, namely, privacy protection effects can be well achieved for attack modes such as eavesdropping, replay and the like. In some extreme cases, however, once the server is held, an attacker can still link the user information with the data packet, thus stealing the user information.
Disclosure of Invention
The present invention is proposed to overcome the above-mentioned drawbacks by providing an identity-based anonymous authentication method, a server and a user terminal device that solve or at least partially solve the technical problem that an attacker can steal user information when the server is held.
The invention aims at adopting the following technical scheme:
in a first aspect, the present invention provides an identity-based anonymous authentication method, the method being applied to a server, the improvement comprising:
receiving a registration request sent by user terminal equipment;
generating a complete private key and a complete public key according to the user ID in the registration request;
the complete private key and the complete public key are sent to the user terminal equipment, so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
receiving a knowledge signature and a corresponding sending time stamp sent by the user terminal equipment;
and authenticating the user terminal equipment according to the knowledge signature and the corresponding sending time stamp, if the authentication is successful, calculating an authentication parameter and sending the authentication parameter to the user terminal equipment so that the user terminal equipment authenticates the server according to the authentication parameter, otherwise, interrupting the communication connection with the user terminal equipment.
In a second aspect, the present invention provides a server, the improvement comprising:
the first receiving module is used for receiving a registration request sent by the user terminal equipment;
the first generation module is used for generating a complete private key and a complete public key according to the user ID in the registration request;
the first sending module is used for sending the complete private key and the complete public key to the user terminal equipment so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
the second receiving module is used for receiving the knowledge signature and the corresponding sending time stamp sent by the user terminal equipment;
and the first authentication module is used for authenticating the user terminal equipment according to the knowledge signature and the corresponding sending time stamp, if authentication is successful, the authentication parameter is calculated and sent to the user terminal equipment, so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, the communication connection with the user terminal equipment is interrupted.
In a third aspect, the present invention provides an identity-based anonymous authentication method applied to a user terminal device, the improvement comprising:
sending a registration request to a server so that the server generates a complete private key and a complete public key according to a user ID in the registration request;
receiving the complete private key and the complete public key sent by the server;
storing the complete private key and disclosing the complete public key;
generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
the knowledge signature and the corresponding sending time stamp are sent to the server, so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending time stamp;
receiving authentication parameters sent by the server;
and authenticating the server according to the authentication parameters, if the authentication is successful, establishing communication connection with the server, otherwise, interrupting establishing communication connection with the server.
In a fourth aspect, the present invention provides a user terminal device, which is improved in that the user terminal device includes:
the second sending module is used for sending a registration request to a server so that the server generates a complete private key and a complete public key according to the user ID in the registration request;
the third receiving module is used for receiving the complete private key and the complete public key which are sent by the server;
the storage module is used for storing the complete private key and disclosing the complete public key;
the second generation module is used for generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
the third sending module is used for sending the knowledge signature and the corresponding sending time stamp to the server so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending time stamp;
the fourth receiving module is used for receiving the authentication parameters sent by the server;
and the second authentication module is used for authenticating the server according to the authentication parameters, if the authentication is successful, establishing communication connection with the server, and otherwise, interrupting establishing communication connection with the server.
The technical scheme provided by the invention has at least one or more of the following beneficial effects:
in the technical scheme of implementing the invention, a user randomizes a private key of the user through the user terminal equipment, converts the randomized private key into a signature in a zero knowledge proof mode, and then sends the signature to the server. After the signature is received by the server, whether the signature is valid or not can be verified according to the system parameters, but the user from which the signature comes cannot be obtained. By the method, the user sensitive information can be ensured while the mutual authentication of the two communication parties is ensured.
Drawings
FIG. 1 is a schematic illustration of an application scenario of the present invention;
FIG. 2 is a flow chart of the main steps of an identity-based anonymous authentication method applied to a server, according to one embodiment of the invention;
FIG. 3 is a block diagram of the main structure of a server according to one embodiment of the present invention;
fig. 4 is a flowchart illustrating main steps of an identity-based anonymous authentication method applied to a user terminal device according to an embodiment of the present invention;
fig. 5 is a main structural block diagram of a user terminal device according to an embodiment of the present invention.
Detailed Description
Some embodiments of the invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are merely for explaining the technical principles of the present invention, and are not intended to limit the scope of the present invention.
In the description of the present invention, a "module," "processor" may include hardware, software, or a combination of both. A module may comprise hardware circuitry, various suitable sensors, communication ports, memory, or software components, such as program code, or a combination of software and hardware. The processor may be a central processor, a microprocessor, an image processor, a digital signal processor, or any other suitable processor. The processor has data and/or signal processing functions. The processor may be implemented in software, hardware, or a combination of both. Non-transitory computer readable storage media include any suitable medium that can store program code, such as magnetic disks, hard disks, optical disks, flash memory, read-only memory, random access memory, and the like.
At present, most of traditional anonymous authentication protocols are aimed at external attackers, namely, privacy protection effects can be well achieved for attack modes such as eavesdropping, replay and the like. In some extreme cases, once the server is held, the attacker can still link the user information with the data packet, resulting in the user information being stolen.
In the embodiment of the invention, the user randomizes the private key through the user terminal equipment, converts the randomized private key into the signature through a zero knowledge proof mode, and then sends the signature to the server. After the signature is received by the server, whether the signature is valid or not can be verified according to the system parameters, but the user from which the signature comes cannot be obtained. By the method, the user sensitive information can be ensured while the mutual authentication of the two communication parties is ensured.
In one application scenario of the present invention, as shown in fig. 1, a user U is a user terminal device used by a user, in which a communication device is provided, and the user U establishes a communication connection with a server S through communication devices (including, but not limited to, WIFI communication devices and 4G communication devices (communication devices based on fourth-generation mobile communication and technology thereof)). In the process of establishing communication connection, firstly, a user U sends a registration request to a server, and the server S receives the registration request sent by user terminal equipment and generates a complete private key and a complete public key according to a user ID in the registration request; then, the user U receives the complete private key and the complete public key sent by the server, stores the complete private key, discloses the complete public key, generates a knowledge signature of the user terminal equipment according to the complete private key and the complete public key, and sends the knowledge signature and a corresponding sending time stamp to the server so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending time stamp; the server S receives the knowledge signature sent by the user terminal equipment and a corresponding sending time stamp; and authenticating the user terminal equipment according to the knowledge signature and the corresponding sending time stamp, if the authentication is successful, calculating an authentication parameter and sending the authentication parameter to the user terminal equipment so that the user terminal equipment authenticates the server according to the authentication parameter, otherwise, interrupting the communication connection with the user terminal equipment. Finally, the user U receives the authentication parameters sent by the server; and authenticating the server according to the authentication parameters, if the authentication is successful, establishing communication connection with the server, otherwise, interrupting establishing communication connection with the server. Thus, the mutual authentication between the user U and the server S is completed.
Referring to fig. 2, fig. 2 is a schematic flow chart of main steps of an identity-based anonymous authentication method applied to a server according to an embodiment of the present invention. As shown in fig. 2, the identity-based anonymous authentication method applied to a server in the embodiment of the present invention mainly includes the following steps:
step 101: receiving a registration request sent by user terminal equipment;
in this embodiment, the user terminal device may include smart devices such as a smart phone, a computer, a smart watch, and a tablet computer. The registration request may include: basic information such as user ID, user name, user identity, etc.
Step 102: generating a complete private key and a complete public key according to the user ID in the registration request;
in one embodiment, the full private key and the full public key may be generated by:
in the limited domainR is used as a first bit element value of the complete private key, and a second bit element value sk= (gamma+m+rmu) of the complete private key is calculated -1 ·P 1 Generating a complete private key (r, sk);
calculate the complete public key pk= (γ+m+rμ) ·p 2 =u+m·P 2 +r·v;
Where m is the hash value of the user ID, P 1 ,P 2 G respectively 1 ,G 2 G, G 1 、G 2 Bilinear groups with the order of q respectively, q is more than or equal to 2 160 And u, v are the third and fourth element values of the primary public key, respectively.
In one embodiment, the process of obtaining the master private key includes: in the limited domainThe random numbers gamma and mu are respectively used as a first bit element value and a second bit element value of the main private key to generate a main private key (gamma and mu);
the obtaining process of the main public key comprises the following steps: calculating a first bit element value of a master public keySecond bit element value +.>Third bit element value u=γ·p 2 And the fourth bit element value v=μ·p 2 Generating a master public key +.>
Further, step 103: the complete private key and the complete public key are sent to the user terminal equipment, so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
step 104: receiving a knowledge signature and a corresponding sending time stamp sent by the user terminal equipment;
after receiving the signature, the server can verify whether the signature is valid, but cannot derive from which user the signature came, step 105: and authenticating the user terminal equipment according to the knowledge signature and the corresponding sending time stamp, if the authentication is successful, calculating an authentication parameter and sending the authentication parameter to the user terminal equipment so that the user terminal equipment authenticates the server according to the authentication parameter, otherwise, interrupting the communication connection with the user terminal equipment.
In one embodiment, a first authentication value is first calculatedSecond authentication value-> Third authentication value-> Fourth authentication value->Fifth authentication value-> Sixth authentication value->Seventh authentication value->
Further, it is determined whether the fifth bit element value c in the knowledge signature is equal to
If yes, the authentication is successful, otherwise, the authentication is failed;
wherein,for the first bit element value of said main public key, -/->For the second bit element value of the main public key, u is the third bit element value of the main public key, v is the fourth bit element value of the main public key, P 1 ,P 2 G respectively 1 ,G 2 G, G 1 、G 2 Bilinear groups with the order of q respectively, q is more than or equal to 2 160 R is the first element value in the knowledge signature, T 1 For the second bit element value, T, in the knowledge signature 2 For the third element value, T, in the knowledge signature 3 C is the fourth element value in the knowledge signature, c is the fifth element value in the knowledge signature, s α For the thirteenth element value, s, in the knowledge signature β For the fourteenth element value, s, in the knowledge signature m For the fourteenth element value, s, in the knowledge signature r For the fifteenth element value in the knowledge signature, -/->For the sixteenth element value in the knowledge signature,>for the seventeenth element value in the knowledge signature,>for the eighteenth element value in the knowledge signature, -/->For the nineteenth element value, T, in the knowledge signature sm1 And e is a natural constant, which is a transmission time stamp when the knowledge transmitted by the user terminal equipment is signed.
In another embodiment, the calculating the authentication parameter includes:
array (R, sigma) s ,T 1 ,T 2 ,(γ) -1 T 1 +(μ) -1 T 2 ,T sm2 ) Wherein γ is the first bit element value of the master private key, μ is the first bit element value of the master private key, T sm2 Sigma, the current timestamp of the server s Sigma, for authentication key s =T 3 -(γ) -1 T 1 -(μ) -1 T 2 。
The server in the embodiment can ensure the mutual authentication of the two communication parties and the sensitive information of the user.
It should be noted that, although the foregoing embodiments describe the steps in a specific order, it will be understood by those skilled in the art that, in order to achieve the effects of the present invention, the steps are not necessarily performed in such an order, and may be performed simultaneously (in parallel) or in other orders, and these variations are within the scope of the present invention.
Based on the same inventive concept, this embodiment further provides a server, as shown in fig. 3, including:
the first receiving module is used for receiving a registration request sent by the user terminal equipment;
the first generation module is used for generating a complete private key and a complete public key according to the user ID in the registration request;
specifically, in one embodiment, the first generating module is specifically configured to:
in the limited domainR is used as a first bit element value of the complete private key, and a second bit element value sk= (gamma+m+rmu) of the complete private key is calculated -1 ·P 1 Generating a complete private key (r, sk);
calculate the complete public key pk= (γ+m+rμ) ·p 2 =u+m·P 2 +r·v;
Where m is the hash value of the user ID, P 1 ,P 2 G respectively 1 ,G 2 G, G 1 、G 2 Bilinear groups with the order of q respectively, q is more than or equal to 2 160 And u, v are the third and fourth element values of the primary public key, respectively.
The process for obtaining the master private key comprises the following steps: in the limited domainThe random numbers gamma and mu are respectively used as a first bit element value and a second bit element value of the main private key to generate a main private key (gamma and mu);
the obtaining process of the main public key comprises the following steps: calculating a first bit element value of a master public keySecond bit element value +.>Third bit element value u=γ·p 2 And the fourth bit element value v=μ·p 2 Generating a master public key +.>
The first sending module is used for sending the complete private key and the complete public key to the user terminal equipment so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
the second receiving module is used for receiving the knowledge signature and the corresponding sending time stamp sent by the user terminal equipment;
and the first authentication module is used for authenticating the user terminal equipment according to the knowledge signature and the corresponding sending time stamp, if authentication is successful, the authentication parameter is calculated and sent to the user terminal equipment, so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, the communication connection with the user terminal equipment is interrupted.
In one embodiment, the first authentication module is specifically configured to:
calculating a first authentication valueSecond authentication value->Third authentication valueFourth authentication value->Fifth authentication value->Sixth authentication value->Seventh authentication value->
Judging whether the fifth element value c in the knowledge signature is equal toIf yes, the authentication is successful, otherwise, the authentication is failed;
wherein,for the first bit element value of said main public key, -/->For the second bit element value of the main public key, u is the third bit element value of the main public key, v is the fourth bit element value of the main public key, P 1 ,P 2 G respectively 1 ,G 2 G, G 1 、G 2 Bilinear groups with the order of q respectively, q is more than or equal to 2 160 R is the first element value in the knowledge signature, T 1 For the second bit element value, T, in the knowledge signature 2 For the third element value, T, in the knowledge signature 3 C is the fourth element value in the knowledge signature, c is the fifth element value in the knowledge signature, s α For the thirteenth element value, s, in the knowledge signature β For the fourteenth element value, s, in the knowledge signature m For the fourteenth element value, s, in the knowledge signature r For the fifteenth element value in the knowledge signature, -/->For the sixteenth element value in the knowledge signature,>for the seventeenth element value in the knowledge signature,>for the eighteenth element value in the knowledge signature, -/->For the nineteenth element value, T, in the knowledge signature sm1 And e is a natural constant, which is a transmission time stamp when the knowledge transmitted by the user terminal equipment is signed.
Further, the calculating the authentication parameter includes:
array (R, sigma) s ,T 1 ,T 2 ,(γ) -1 T 1 +(μ) -1 T 2 ,T sm2 ) Wherein γ is the first bit element value of the master private key, μ is the first bit element value of the master private key, T sm2 Sigma, the current timestamp of the server s Sigma, for authentication key s =T 3 -(γ) -1 T 1 -(μ) -1 T 2 。
Referring to fig. 4, fig. 4 is a flowchart illustrating main steps of an identity-based anonymous authentication method applied to a user terminal device according to an embodiment of the present invention. As shown in fig. 4, the identity-based anonymous authentication method applied to a user terminal device in the embodiment of the present invention mainly includes the following steps:
step 201: sending a registration request to a server so that the server generates a complete private key and a complete public key according to a user ID in the registration request;
step 202: receiving the complete private key and the complete public key sent by the server;
step 203: storing the complete private key and disclosing the complete public key;
step 204: generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
in one embodiment, step 204 may be implemented based on the following:
in the finite fieldSelecting a random number t, and calculating an authentication key sigma u =t·sk, temporary variable r=t·p 1 ;
In the finite fieldIn which random numbers alpha and beta are chosen, for an authentication key sigma u Encryption is carried out to obtain ciphertext-> Computing a first variable delta that assists in computing a proof of knowledge 1 =α·m, second variable δ 2 =β·m, third variable δ 3 =α·r and fourth variable δ 4 =β·r;
From alpha, beta, m, r, delta 1 ,δ 2 ,δ 3 ,δ 4 Forming knowledge array in finite fieldIn selecting a random number r α ,r β ,r m ,r r ,And->Knowledge proof of computing knowledge array (R 1 ,R 2 ,R 3 ,R 4 ,R 5 ,R 6 ,R 7 ) Wherein, the method comprises the steps of, wherein,
zero knowledge proof of computing knowledge arraysWherein s is α =r α +cα,s β =r β +cβ,s m =r m +cm,s r =r r +cr,/>
Setting knowledge signature as
Where m is a hash value of the user ID, r is a first bit element value of the complete private key, sk is a second bit element value of the complete private key,a first bit element value for the master public key, is->Is the second bit element value of the main public key, u is the third bit element value of the main public key, v is the fourth bit element value of the main public key, and P 1 ,P 2 G respectively 1 ,G 2 G, G 1 、G 2 Bilinear groups with the order of q respectively, q is more than or equal to 2 160 C is a zero knowledge proof parameter whose value is equal to the number of arrays (R, T 1 ,T 2 ,T 3 ,R 1 ,R 2 ,R 3 ,R 4 ,R 5 ,R 6 ,R 7 ,T sm1 ) Hash value of T sm1 E is a natural constant, which is the current timestamp of the user terminal device.
Step 205: the knowledge signature and the corresponding sending time stamp are sent to the server, so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending time stamp;
step 206: receiving authentication parameters sent by the server;
step 207: and authenticating the server according to the authentication parameters, if the authentication is successful, establishing communication connection with the server, otherwise, interrupting establishing communication connection with the server.
In one embodiment, step 207 may be implemented based on the following:
determining whether the authentication parameter is equal to an array (R, sigma) u ,T 1 ,T 2 ,(α+β)·P 1 ,T sm2 ) If yes, authentication is successful, and if not, authentication is failed.
In the embodiment, the user randomizes the private key, converts the randomized private key into the signature through the zero knowledge proof mode, and then sends the signature to the server, so that the server is subjected to two-way authentication, and the sensitive information of the user can be ensured while the mutual authentication success of the two communication parties is ensured.
It should be noted that, although the foregoing embodiments describe the steps in a specific order, it will be understood by those skilled in the art that, in order to achieve the effects of the present invention, the steps are not necessarily performed in such an order, and may be performed simultaneously (in parallel) or in other orders, and these variations are within the scope of the present invention.
Based on the same inventive concept, this embodiment further provides a user terminal device, as shown in fig. 5, where the user terminal device includes:
the second sending module is used for sending a registration request to a server so that the server generates a complete private key and a complete public key according to the user ID in the registration request;
the third receiving module is used for receiving the complete private key and the complete public key which are sent by the server;
the storage module is used for storing the complete private key and disclosing the complete public key;
the second generation module is used for generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
in one embodiment, the second generating module is specifically configured to:
in the finite fieldSelecting a random number t, and calculating an authentication key sigma u =t·sk, temporary variable r=t·p 1 ;
In the finite fieldIn which random numbers alpha and beta are chosen, for an authentication key sigma u Encryption is carried out to obtain ciphertext-> Computing a first variable delta that assists in computing a proof of knowledge 1 =α·m, second variable δ 2 =β·m, third variable δ 3 =α·r and fourth variable δ 4 =β·r;
From alpha, beta, m, r, delta 1 ,δ 2 ,δ 3 ,δ 4 Forming knowledge array in finite fieldIn selecting a random number r α ,r β ,r m ,r r ,/>And->Knowledge proof of computing knowledge array (R 1 ,R 2 ,R 3 ,R 4 ,R 5 ,R 6 ,R 7 ) Wherein, the method comprises the steps of, wherein,
zero knowledge proof of computing knowledge arraysWherein s is α =r α +cα,s β =r β +cβ,s m =r m +cm,s r =r r +cr,/>
Setting knowledge signature as
Where m is a hash value of the user ID, r is a first bit element value of the complete private key, sk is a second bit element value of the complete private key,a first bit element value for the master public key, is->Is the second bit element value of the main public key, u is the third bit element value of the main public key, v is the fourth bit element value of the main public key, and P 1 ,P 2 G respectively 1 ,G 2 G, G 1 、G 2 Bilinear groups with the order of q respectively, q is more than or equal to 2 160 C is a zero knowledge proof parameter whose value is equal to the number of arrays (R, T 1 ,T 2 ,T 3 ,R 1 ,R 2 ,R 3 ,R 4 ,R 5 ,R 6 ,R 7 ,T sm1 ) Hash value of T sm1 E is a natural constant, which is the current timestamp of the user terminal device.
The third sending module is used for sending the knowledge signature and the corresponding sending time stamp to the server so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending time stamp;
the fourth receiving module is used for receiving the authentication parameters sent by the server;
and the second authentication module is used for authenticating the server according to the authentication parameters, if the authentication is successful, establishing communication connection with the server, and otherwise, interrupting establishing communication connection with the server.
In one embodiment, the second authentication module is specifically configured to:
determining whether the authentication parameter is equal to an array (R, sigma) u ,T 1 ,T 2 ,(α+β)·P 1 ,T sm2 ) If yes, authentication is successful, and if not, authentication is failed.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (8)
1. An identity-based anonymous authentication method, which is applied to a server, and is characterized in that the method comprises the following steps:
receiving a registration request sent by user terminal equipment;
generating a complete private key and a complete public key according to the user ID in the registration request;
the complete private key and the complete public key are sent to the user terminal equipment, so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
receiving a knowledge signature and a corresponding sending time stamp sent by the user terminal equipment;
authenticating the user terminal equipment according to the knowledge signature and the corresponding sending time stamp, if the authentication is successful, calculating an authentication parameter and sending the authentication parameter to the user terminal equipment so that the user terminal equipment authenticates the server according to the authentication parameter, otherwise, interrupting the communication connection with the user terminal equipment;
the generating a complete private key and a complete public key according to the user ID in the registration request includes:
in the limited domainR is selected as the complete private valueThe first bit element value of the key, the second bit element value sk= (γ+m+rμ) of the full private key is calculated -1 ·P 1 Generating a complete private key (r, sk);
calculate the complete public key pk= (γ+m+rμ) ·p 2 =u+m·P 2 +r·v;
Where m is the hash value of the user ID, P 1 ,P 2 G respectively 1 ,G 2 G, G 1 、G 2 Bilinear groups with the order of q respectively, q is more than or equal to 2 160 And u, v are the third and fourth element values of the primary public key, respectively.
2. The method of claim 1, wherein the primary private key obtaining process comprises: in the limited domainThe random numbers gamma and mu are respectively used as a first bit element value and a second bit element value of the main private key to generate a main private key (gamma and mu);
the obtaining process of the main public key comprises the following steps: calculating a first bit element value of a master public keySecond bit element valueThird bit element value u=γ·p 2 And the fourth bit element value v=μ·p 2 Generating a master public key +.>
3. The method according to claim 1, wherein said authenticating the user terminal device based on the knowledge signature and the corresponding transmission time stamp comprises:
calculating a first authentication valueSecond authentication value->Third authentication valueFourth authentication valueFifth authentication value->Sixth authentication value->Seventh authentication value->
Judging whether the fifth element value c in the knowledge signature is equal toIf yes, the authentication is successful, otherwise, the authentication is failed;
wherein,for the first bit element value of said main public key, -/->For the second bit element value of the main public key, u is the third bit element value of the main public key, v is the fourth bit element value of the main public key, P 1 ,P 2 G respectively 1 ,G 2 G, G 1 、G 2 Bilinear groups with the order of q respectively, q is more than or equal to 2 160 R is the first element value in the knowledge signature, T 1 For the second bit element value, T, in the knowledge signature 2 For the third element value, T, in the knowledge signature 3 C is the fourth element value in the knowledge signature, c is the fifth element value in the knowledge signature, s α For the thirteenth element value, s, in the knowledge signature β For the fourteenth element value, s, in the knowledge signature m For the fourteenth element value, s, in the knowledge signature r For the fifteenth element value in the knowledge signature, -/->For the sixteenth element value in the knowledge signature,>for the seventeenth element value in the knowledge signature,>for the eighteenth element value in the knowledge signature, -/->For the nineteenth element value, T, in the knowledge signature sm1 And e is a natural constant, which is a transmission time stamp when the knowledge transmitted by the user terminal equipment is signed.
4. A method according to claim 3, wherein said calculating an authentication parameter comprises:
array (R, sigma) s ,T 1 ,T 2 ,(γ) -1 T 1 +(μ) -1 T 2 ,T sm2 ) Wherein γ is the first bit element value of the master private key, μ is the first bit element value of the master private key, T sm2 Sigma, the current timestamp of the server s Sigma, for authentication key s =T 3 -(γ) -1 T 1 -(μ) -1 T 2 。
5. A server based on the identity-based anonymous authentication method of any of claims 1-4, the server comprising:
the first receiving module is used for receiving a registration request sent by the user terminal equipment;
the first generation module is used for generating a complete private key and a complete public key according to the user ID in the registration request;
the first sending module is used for sending the complete private key and the complete public key to the user terminal equipment so that the user terminal equipment generates a knowledge signature according to the complete private key and the complete public key;
the second receiving module is used for receiving the knowledge signature and the corresponding sending time stamp sent by the user terminal equipment;
and the first authentication module is used for authenticating the user terminal equipment according to the knowledge signature and the corresponding sending time stamp, if authentication is successful, the authentication parameter is calculated and sent to the user terminal equipment, so that the user terminal equipment authenticates the server according to the authentication parameter, and otherwise, the communication connection with the user terminal equipment is interrupted.
6. An identity-based anonymous authentication method applied to user terminal equipment, the method comprising:
sending a registration request to a server so that the server generates a complete private key and a complete public key according to a user ID in the registration request;
receiving the complete private key and the complete public key sent by the server;
storing the complete private key and disclosing the complete public key;
generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
the knowledge signature and the corresponding sending time stamp are sent to the server, so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending time stamp;
receiving authentication parameters sent by the server;
authenticating the server according to the authentication parameters, if authentication is successful, establishing communication connection with the server, otherwise, interrupting establishing communication connection with the server;
the generating a knowledge signature of the user terminal device according to the complete private key and the complete public key comprises the following steps:
in the finite fieldSelecting a random number t, and calculating an authentication key sigma u =t·sk, temporary variable r=t·p 1 ;
In the finite fieldIn which random numbers alpha and beta are chosen, for an authentication key sigma u Encryption is carried out to obtain ciphertext-> Computing a first variable delta that assists in computing a proof of knowledge 1 =α·m, second variable δ 2 =β·m, third variable δ 3 =α·r and fourth variable δ 4 =β·r;
From alpha, beta, m, r, delta 1 ,δ 2 ,δ 3 ,δ 4 Forming knowledge array in finite fieldRandom number +.>And->Knowledge proof of computing knowledge array (R 1 ,R 2 ,R 3 ,R 4 ,R 5 ,R 6 ,R 7 ) Wherein, the method comprises the steps of, wherein,
zero knowledge proof of computing knowledge arraysWherein s is α =r α +c α ,s β =r β +cβ,s m =r m +cm,s r =r r +cr,/>
Setting knowledge signature as
Where m is a hash value of the user ID, r is a first bit element value of the complete private key, sk is a second bit element value of the complete private key,a first bit element value for the master public key, is->Is the second bit element value of the main public key, u is the third bit element value of the main public key, v is the fourth bit element value of the main public key, and P 1 ,P 2 G respectively 1 ,G 2 G, G 1 、G 2 Bilinear groups with the order of q respectively, q is more than or equal to 2 160 C is a zero knowledge proof parameter whose value is equal to the number of arrays (R, T 1 ,T 2 ,T 3 ,R 1 ,R 2 ,R 3 ,R 4 ,R 5 ,R 6 ,R 7 ,T sm1 ) Hash value of T sm1 E is a natural constant, which is the current timestamp of the user terminal device.
7. The method of claim 6, wherein authenticating the server based on the authentication parameters comprises:
determining whether the authentication parameter is equal to an array (R, sigma) u ,T 1 ,T 2 ,(α+β)·P 1 ,T sm2 ) If yes, authentication is successful, and if not, authentication is failed.
8. A user terminal device based on the identity-based anonymous authentication method of any of claims 6-7, characterized in that the user terminal device comprises:
the second sending module is used for sending a registration request to a server so that the server generates a complete private key and a complete public key according to the user ID in the registration request;
the third receiving module is used for receiving the complete private key and the complete public key which are sent by the server;
the storage module is used for storing the complete private key and disclosing the complete public key;
the second generation module is used for generating a knowledge signature of the user terminal equipment according to the complete private key and the complete public key;
the third sending module is used for sending the knowledge signature and the corresponding sending time stamp to the server so that the server authenticates the user terminal equipment according to the knowledge signature and the corresponding sending time stamp;
the fourth receiving module is used for receiving the authentication parameters sent by the server;
and the second authentication module is used for authenticating the server according to the authentication parameters, if the authentication is successful, establishing communication connection with the server, and otherwise, interrupting establishing communication connection with the server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011161056.7A CN114513316B (en) | 2020-10-27 | 2020-10-27 | Anonymous authentication method based on identity, server and user terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011161056.7A CN114513316B (en) | 2020-10-27 | 2020-10-27 | Anonymous authentication method based on identity, server and user terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114513316A CN114513316A (en) | 2022-05-17 |
| CN114513316B true CN114513316B (en) | 2024-01-16 |
Family
ID=81546514
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011161056.7A Active CN114513316B (en) | 2020-10-27 | 2020-10-27 | Anonymous authentication method based on identity, server and user terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114513316B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115396225B (en) * | 2022-08-31 | 2023-04-11 | 北京华宜信科技有限公司 | Data platform user identity authentication method and device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107342859A (en) * | 2017-07-07 | 2017-11-10 | 安徽大学 | A kind of anonymous authentication method and its application |
| CN107659395A (en) * | 2017-10-30 | 2018-02-02 | 武汉大学 | The distributed authentication method and system of identity-based under a kind of environment of multi-server |
| JP2018037988A (en) * | 2016-09-02 | 2018-03-08 | 日本電信電話株式会社 | Secret key synchronization system, user terminal, and secret key synchronization method |
| CN107947913A (en) * | 2017-11-15 | 2018-04-20 | 武汉大学 | The anonymous authentication method and system of a kind of identity-based |
| CN108989050A (en) * | 2018-08-23 | 2018-12-11 | 电子科技大学 | A kind of certificateless digital signature method |
| CN110225023A (en) * | 2019-06-06 | 2019-09-10 | 湖南大学 | A kind of traceable anonymous authentication method and system |
| CN111010269A (en) * | 2019-11-29 | 2020-04-14 | 中国人民解放军国防科技大学 | Pair-based combined hierarchical interactive-free key agreement method |
| CN111181898A (en) * | 2018-11-13 | 2020-05-19 | 中国石油化工股份有限公司 | Data security protection method based on background server and APP client |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11374767B2 (en) * | 2019-01-14 | 2022-06-28 | EMC IP Holding Company LLC | Key-based authentication for backup service |
-
2020
- 2020-10-27 CN CN202011161056.7A patent/CN114513316B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2018037988A (en) * | 2016-09-02 | 2018-03-08 | 日本電信電話株式会社 | Secret key synchronization system, user terminal, and secret key synchronization method |
| CN107342859A (en) * | 2017-07-07 | 2017-11-10 | 安徽大学 | A kind of anonymous authentication method and its application |
| CN107659395A (en) * | 2017-10-30 | 2018-02-02 | 武汉大学 | The distributed authentication method and system of identity-based under a kind of environment of multi-server |
| CN107947913A (en) * | 2017-11-15 | 2018-04-20 | 武汉大学 | The anonymous authentication method and system of a kind of identity-based |
| CN108989050A (en) * | 2018-08-23 | 2018-12-11 | 电子科技大学 | A kind of certificateless digital signature method |
| CN111181898A (en) * | 2018-11-13 | 2020-05-19 | 中国石油化工股份有限公司 | Data security protection method based on background server and APP client |
| CN110225023A (en) * | 2019-06-06 | 2019-09-10 | 湖南大学 | A kind of traceable anonymous authentication method and system |
| CN111010269A (en) * | 2019-11-29 | 2020-04-14 | 中国人民解放军国防科技大学 | Pair-based combined hierarchical interactive-free key agreement method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114513316A (en) | 2022-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109672539B (en) | SM2 algorithm collaborative signature and decryption method, device and system | |
| Yang et al. | Provable data possession of resource-constrained mobile devices in cloud computing | |
| CN110324143A (en) | Data transmission method, electronic equipment and storage medium | |
| CN111095963A (en) | Method and architecture for secure ranging | |
| CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
| Wazid et al. | Provably secure biometric‐based user authentication and key agreement scheme in cloud computing | |
| CN108768608B (en) | Privacy protection identity authentication method supporting thin client under block chain PKI | |
| CN109818741B (en) | Decryption calculation method and device based on elliptic curve | |
| CN109818730B (en) | Blind signature acquisition method and device and server | |
| CN113268715A (en) | Software encryption method, device, equipment and storage medium | |
| CN113128999B (en) | Block chain privacy protection method and device | |
| CN111342955B (en) | Communication method and device and computer storage medium | |
| CN110955918A (en) | Contract text protection method based on RSA encrypted sha-256 digital signature | |
| CN101938500A (en) | Method and system for verifying source address | |
| CN106161472A (en) | A kind of method of data encryption, Apparatus and system | |
| Chang et al. | A practical secure and efficient enterprise digital rights management mechanism suitable for mobile environment | |
| CN111654481B (en) | Identity authentication method, identity authentication device and storage medium | |
| CN103237010A (en) | Server side for providing digital content in encryption mode | |
| CN113111386A (en) | Privacy protection method for block chain transaction data | |
| CN117220865A (en) | Longitude and latitude encryption method, longitude and latitude verification device and readable storage medium | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| US8954728B1 (en) | Generation of exfiltration-resilient cryptographic keys | |
| CN105162592B (en) | A kind of method and system of certification wearable device | |
| CN114513316B (en) | Anonymous authentication method based on identity, server and user terminal equipment | |
| CN103237011A (en) | Digital-content encryption transmission method and server side |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |