CN114697099B - Multiparty authorization authentication method based on elliptic curve encryption algorithm - Google Patents

Multiparty authorization authentication method based on elliptic curve encryption algorithm Download PDF

Info

Publication number
CN114697099B
CN114697099B CN202210294258.1A CN202210294258A CN114697099B CN 114697099 B CN114697099 B CN 114697099B CN 202210294258 A CN202210294258 A CN 202210294258A CN 114697099 B CN114697099 B CN 114697099B
Authority
CN
China
Prior art keywords
authorization
party
authentication
elliptic curve
parameter
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210294258.1A
Other languages
Chinese (zh)
Other versions
CN114697099A (en
Inventor
张岚
王伟兵
宋明明
杨海勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Cloud Information Technology Co Ltd
Original Assignee
Inspur Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Cloud Information Technology Co Ltd filed Critical Inspur Cloud Information Technology Co Ltd
Priority to CN202210294258.1A priority Critical patent/CN114697099B/en
Publication of CN114697099A publication Critical patent/CN114697099A/en
Application granted granted Critical
Publication of CN114697099B publication Critical patent/CN114697099B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a multiparty authorization authentication scheme based on elliptic curve cryptography algorithm, and relates to the technical field of multiparty authorization authentication; generating public key private key pairs for all the participants by using elliptic curve encryption algorithm, storing private keys by all the participants by the public key private key pairs representing the identities of all the participants, disclosing the public keys to all the participants, generating intermediate parameters by using the current time stamp, the private key and the public key of the authentication party by the application party, transmitting the intermediate parameters to all the authorizers to apply for authorization, generating authorization information shares by using the private key of the application party, the public key of the authentication party and the intermediate parameters by all the authorizers, returning the authorization information shares to the application party, calculating the authorization parameters by using the authorization information shares by the application party, assembling authorization information according to the authorization parameters, transmitting the authorization information to the authentication party, generating authentication intermediate parameters by the authentication party, generating authorization verification parameters according to the authentication intermediate parameters, comparing whether the authorization verification parameters are consistent with the authorization parameters, if the authorization verification parameters are consistent, or not, and if the authorization verification is not successful.

Description

Multiparty authorization authentication method based on elliptic curve encryption algorithm
Technical Field
The invention discloses a scheme, relates to the technical field of multiparty authorization authentication, and in particular relates to a multiparty authorization authentication scheme based on an elliptic curve encryption algorithm.
Background
Currently, the main-stream authorization authentication is usually carried out one-to-one, however, a situation that a plurality of authorized parties are required to complete the authorization of an applicant party to calculate the success of the authorization exists, but a more perfect and easy-to-implement multiparty authorization authentication method is not available at present.
Elliptic curve encryption algorithm, namely: elliptic Curve Cryptography, ECC for short, is an asymmetric encryption algorithm implemented based on elliptic curve mathematical theory. The public and private keys of the ECC are generated based on an algorithm on the elliptic curve.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a multiparty authorization authentication scheme based on an elliptic curve encryption algorithm, which utilizes the public and private key generation principle of the elliptic curve encryption algorithm and the elliptic curve algorithm to complete the authorization and authentication process of multiple authorized parties on the premise of not transmitting exposure sensitive information, thereby enhancing the security and confidentiality of data.
The specific scheme provided by the invention is as follows:
The invention provides a multiparty authorization authentication scheme based on elliptic curve cryptography, which generates public key private key pairs for each participant by elliptic curve cryptography, the private key pairs represent the identity of each participant, the private key is stored by each participant, the public key is disclosed to each participant, the participants comprise an application party, an authorization party and an authentication party,
The applicant generates intermediate parameters by using the current time stamp, the private key of the applicant and the public key of the authenticator, and sends the intermediate parameters to each authorizer to apply for authorization,
Receiving the intermediate parameters of the application party by each authorizing party, generating an authorized information share by utilizing the private key of the authorizing party, the public key of the authenticating party and the intermediate parameters, and returning the authorized information share to the application party,
Receiving the authorization information shares of each authorization party by the application party, calculating authorization parameters by using the authorization information shares, assembling the authorization information according to the authorization parameters, sending the authorization information to the authentication party,
And generating an authentication intermediate parameter by the authentication party, generating an authorization check parameter according to the authentication intermediate parameter, comparing whether the authorization check parameter is consistent with the authorization parameter, if so, passing the authentication, otherwise, not passing the authentication.
Further, in the multiparty authorization authentication scheme based on elliptic curve cryptography, the generating the public key and private key pair by using the elliptic curve cryptography includes:
The public key private key relationship is represented by the formula p=s×g, where s represents the private key, G is the base point of the elliptic curve, and P is a point on the elliptic curve and represents the public key.
Further, in the multiparty authorization authentication scheme based on elliptic curve cryptography, the assembling authorization information according to the authorization parameters includes:
The applicant name, the authorized party name, the timestamp and the generated authorization parameter K are assembled into json format by the applicant and serve as authorization information.
Further, before the authentication intermediate parameter is generated by the authenticator in the multiparty authorization authentication scheme based on elliptic curve cryptography algorithm, the method comprises the following steps:
And acquiring a time stamp from the authorization information by the authenticator, judging whether the authorization information is expired according to the time stamp t, and continuously generating authentication intermediate parameters if the authorization information is not expired.
Further, in the multiparty authorization authentication scheme based on elliptic curve cryptography, the authentication intermediate parameter generated by the authenticator includes:
The authentication party obtains the time stamp from the authorization information, and the self private key and the public key of the applicant party are utilized to generate an authentication intermediate parameter.
Further, in the multiparty authorization authentication scheme based on elliptic curve cryptography, the generating authorization check parameters according to the authentication intermediate parameters includes:
and generating an authorization verification parameter by the authenticator by utilizing the private key of the authenticator, the public key of the authorizer and the authentication intermediate parameter.
The invention also provides a multiparty authorization authentication device based on elliptic curve cryptography algorithm, which comprises a key generation module and an authorization authentication module,
Generating public key private key pairs for each participant by using elliptic curve cryptography algorithm through a key generation module, representing the identities of each participant through the public key private key pairs, storing the private keys by each participant, disclosing the public keys to each participant, wherein each participant comprises an application party, an authorization party and an authentication party,
The authentication method comprises the steps that an authentication party generates an authentication intermediate parameter through an authentication module, an authentication verification parameter is generated according to the authentication intermediate parameter, whether the authentication verification parameter is consistent with the authentication parameter or not is compared, if yes, the authentication is passed, otherwise, the authentication is not passed, the authentication parameter is obtained from authorization information through the authentication module, the authorization information is assembled through the authorization parameter, the authorization parameter receives authorization information shares of all the authorization parties through application parties and is obtained through calculation by using the authorization information shares, the authorization information shares receive the intermediate parameter of the application parties through all the authorization parties, the intermediate parameter is generated by utilizing a private key of the application party, a public key of the authentication party and the intermediate parameter, and the intermediate parameter is generated by utilizing a current timestamp, the private key of the application party and the public key of the authentication party through the application party and is sent to all the authorization parties.
And the present invention provides a computer readable medium having stored thereon computer instructions that, when executed by a processor, cause the processor to perform the multiparty authentication scheme based on elliptic curve cryptography algorithm.
The invention has the advantages that:
The invention provides a multiparty authorization authentication scheme based on elliptic curve cryptography algorithm, which realizes the authorization authentication process of multiple authorizers, and only if a plurality of authorizers complete the authorization of an applicant, the authorization is calculated successfully, and finally the authorization is passed; in addition, only non-sensitive information is transmitted in the interaction process between the participants in the authorization process, so that the falsifier is prevented from generating fake information to pass the authentication; the security of the authorization authentication depends on an elliptic curve encryption algorithm, and the security of the algorithm is built on the difficulty of the discrete logarithm problem of an elliptic curve, and is enough to ensure.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of the method of the invention.
Detailed Description
Elliptic curve encryption algorithm, namely: elliptic Curve Cryptography, ECC for short, is an asymmetric encryption algorithm implemented based on elliptic curve mathematical theory. The public and private keys of the ECC are generated based on elliptic curves and algorithms on the elliptic curves, the essence of the public key (P) is a point on the elliptic curves, the essence of the private key(s) is a larger positive integer, and the two have the following relationship: p=s×g, where G is the base point of the elliptic curve.
The present invention will be further described with reference to the accompanying drawings and specific examples, which are not intended to be limiting, so that those skilled in the art will better understand the invention and practice it.
The invention provides a multiparty authorization authentication scheme based on elliptic curve cryptography, which generates public key private key pairs for each participant by elliptic curve cryptography, the private key pairs represent the identity of each participant, the private key is stored by each participant, the public key is disclosed to each participant, the participants comprise an application party, an authorization party and an authentication party,
The applicant generates intermediate parameters by using the current time stamp, the private key of the applicant and the public key of the authenticator, and sends the intermediate parameters to each authorizer to apply for authorization,
Receiving the intermediate parameters of the application party by each authorizing party, generating an authorized information share by utilizing the private key of the authorizing party, the public key of the authenticating party and the intermediate parameters, and returning the authorized information share to the application party,
Receiving the authorization information shares of each authorization party by the application party, calculating authorization parameters by using the authorization information shares, assembling the authorization information according to the authorization parameters, sending the authorization information to the authentication party,
And generating an authentication intermediate parameter by the authentication party, generating an authorization check parameter according to the authentication intermediate parameter, comparing whether the authorization check parameter is consistent with the authorization parameter, if so, passing the authentication, otherwise, not passing the authentication.
The method of the invention utilizes the public and private key generation principle of elliptic curve encryption algorithm and elliptic curve algorithm, completes the authorization and authentication process of multiple authorized parties on the premise of not transmitting exposure sensitive information, and enhances the security and confidentiality of data.
In some embodiments of the method, when multiparty authorization authentication is performed, the applicant is marked as u; the 3 authorized parties are denoted as a, b and c;1 authenticator is denoted as v, a public key private key pair is generated for each participant by using elliptic curve cryptography, as a representative of the identity of the public key private key pair, the public key of the applicant u is denoted as P u, the private key is denoted as s u, the public and private keys of the 3 authorizers are similarly denoted as P a、sa、Pb、sb、Pc、sc, and the public and private keys of the authenticators are denoted as P v、sv. The private key of each participant is stored by itself, the public key of each participant is disclosed out without being known by other parties, any party knows,
The private key public key of elliptic curve cryptography algorithm has the following relationship: p=s×g, where G is the base of the elliptic curve, the public key P is essentially a point on the elliptic curve, the private key is essentially a relatively large positive integer, denoted s, and the multiplication operation here refers to the multiplication operation on the elliptic curve, while satisfying both the exchange law and the combination law.
The method comprises the steps of generating an intermediate parameter by an applicant, wherein the applicant u obtains a current time stamp as t, and generates an intermediate parameter M by the applicant u through t, a private key s u of the applicant and a public key P v of an authenticator, and the generation formula is as follows: m=ts u×Pv;
M is a point on the elliptic curve, and a number obtained by adding the x coordinate and the y coordinate is taken as an intermediate parameter and is recorded as M.
The application party sends m to each authorizing party to apply for authorization, the generated authorization information share is marked as Qa, and the generation formula of Qa is as follows: q a=msa×Pv;
similarly, the share of the authorization information generated by the authorizer b is marked as Qb, Q b=msb×Pv;
the authorization information share generated by the authorizer c is Qc and Q c=msc×Pv;
Each authorizer returns the generated authorization information share to the applicant u.
The method comprises the steps of receiving the authorization information shares of all authorization parties through an application party, calculating authorization parameters by using the authorization information shares, assembling authorization information according to the authorization parameters, and sending the authorization information to an authentication party, wherein the application party calculates the authorization parameters by using the collected authorization information shares, and the authorization parameters are recorded as K, and the calculation formula is as follows:
k=q a+Qb+Qc, the addition is an addition on an elliptic curve;
the applicant assembles the applicant name, the authorized party name, the timestamp and the generated authorization parameter K into json format, and the json format is referred to as authorization information as follows:
acquiring a time stamp t from the authorization information by the authenticator v, judging whether the authorization information is expired according to the time stamp t, and if not, continuing the following steps to finish authentication:
The authentication intermediate parameter M is generated by an authentication party, wherein a timestamp t, an application party u and three authorization parties a, b and c are obtained from authorization information by the authentication party v, and the authentication party utilizes t to generate the intermediate parameter M' by using a private key s v of the authentication party and a public key Pu of the application party, and the generation formula is as follows: m' =ts v×Pu;
the authentication intermediate parameter M' generated by the authentication party is the same as the intermediate parameter M generated by the application party, and the deduction formula is as follows:
M′=tsv×Pu=tsv×(su×G)=tsu×(sv×G)=tsu×Pv=M
m is a point on the elliptic curve, the number obtained by adding the x coordinate and the y coordinate of the point is the intermediate parameter M,
Calculating an authorization check parameter by an authenticator, wherein the authenticator v calculates the authorization check parameter K' by using a private key of the authenticator v, a public key of the authenticator and an intermediate parameter m, and the calculation formula is as follows:
K′=msv×Pa+msv×Pb+msv×Pc
The authentication is completed through the authentication party, wherein the authentication party compares whether the value of K' is equal to that of K, if so, the authentication is passed, otherwise, the authentication is not passed;
The derivation formula for K' and K being equal is as follows:
K′=msv×Pa+msv×Pb+msv×Pc=msa×Pv+msb×Pv+msc×Pv=Qa+Qb+Qc=K
the method of the invention utilizes the public and private key generation principle of elliptic curve encryption algorithm and elliptic curve algorithm, completes the authorization and authentication process of multiple authorized parties on the premise of not transmitting exposure sensitive information, and enhances the security and confidentiality of data.
The invention also provides a multiparty authorization authentication device based on elliptic curve cryptography algorithm, which comprises a key generation module and an authorization authentication module,
Generating public key private key pairs for each participant by using elliptic curve cryptography algorithm through a key generation module, representing the identities of each participant through the public key private key pairs, storing the private keys by each participant, disclosing the public keys to each participant, wherein each participant comprises an application party, an authorization party and an authentication party,
The authentication method comprises the steps that an authentication party generates an authentication intermediate parameter through an authentication module, an authentication verification parameter is generated according to the authentication intermediate parameter, whether the authentication verification parameter is consistent with the authentication parameter or not is compared, if yes, the authentication is passed, otherwise, the authentication is not passed, the authentication parameter is obtained from authorization information through the authentication module, the authorization information is assembled through the authorization parameter, the authorization parameter receives authorization information shares of all the authorization parties through application parties and is obtained through calculation by using the authorization information shares, the authorization information shares receive the intermediate parameter of the application parties through all the authorization parties, the intermediate parameter is generated by utilizing a private key of the application party, a public key of the authentication party and the intermediate parameter, and the intermediate parameter is generated by utilizing a current timestamp, the private key of the application party and the public key of the authentication party through the application party and is sent to all the authorization parties.
The content of information interaction and execution process between the modules in the device is based on the same conception as the embodiment of the method of the present invention, and specific content can be referred to the description in the embodiment of the method of the present invention, which is not repeated here.
Similarly, the device of the invention realizes the authorization authentication process of multiple authorizers, and only if a plurality of authorizers complete the authorization of the application party, the authorization is calculated successfully, and finally the authorization is passed; in addition, only non-sensitive information is transmitted in the interaction process between the participants in the authorization process, so that the falsifier is prevented from generating fake information to pass the authentication; the security of the authorization authentication depends on an elliptic curve encryption algorithm, and the security of the algorithm is built on the difficulty of the discrete logarithm problem of an elliptic curve, and is enough to ensure.
And the present invention provides a computer readable medium having stored thereon computer instructions that, when executed by a processor, cause the processor to perform the multiparty authentication scheme based on elliptic curve cryptography algorithm.
Specifically, a system or apparatus provided with a storage medium on which a software program code realizing the functions of any of the above embodiments is stored, and a computer (or CPU or MPU) of the system or apparatus may be caused to read out and execute the program code stored in the storage medium.
In this case, the program code itself read from the storage medium may realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code form part of the present invention.
Examples of storage media for providing program code include floppy disks, hard disks, magneto-optical disks, optical disks (e.g., CD-ROMs, CD-R, CD-RWs, DVD-ROMs, DVD-RAMs, DVD-RWs, DVD+RWs), magnetic tapes, nonvolatile memory cards, and ROMs. Alternatively, the program code may be downloaded from a server computer by a communication network.
Further, it should be apparent that the functions of any of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform part or all of the actual operations based on the instructions of the program code.
Further, it is understood that the program code read out by the storage medium is written into a memory provided in an expansion board inserted into a computer or into a memory provided in an expansion unit connected to the computer, and then a CPU or the like mounted on the expansion board or the expansion unit is caused to perform part and all of actual operations based on instructions of the program code, thereby realizing the functions of any of the above embodiments.
It should be noted that not all the steps and modules in the above processes and the structures of the devices are necessary, and some steps or modules may be omitted according to actual needs. The execution sequence of the steps is not fixed and can be adjusted as required. The system structure described in the above embodiments may be a physical structure or a logical structure, that is, some modules may be implemented by the same physical entity, or some modules may be implemented by multiple physical entities, or may be implemented jointly by some components in multiple independent devices.
The above-described embodiments are merely preferred embodiments for fully explaining the present invention, and the scope of the present invention is not limited thereto. Equivalent substitutions and modifications will occur to those skilled in the art based on the present invention, and are intended to be within the scope of the present invention. The protection scope of the invention is subject to the claims.

Claims (4)

1. A multiparty authorization authentication method based on elliptic curve encryption algorithm is characterized in that public key private key pairs are generated for each participant by using elliptic curve encryption algorithm, the identities of each participant are represented by the public key private key pairs, the private keys are stored by each participant, the public keys are disclosed to each participant, the participants comprise an application party, an authorization party and an authentication party,
The applicant generates an intermediate parameter M by using the current time stamp, the private key of the applicant and the public key of the authenticator, and sends the intermediate parameter M to each authorizer to apply for authorization,
Receiving the intermediate parameters M of the application party by each authorizing party, generating an authorized information share by utilizing the private key of the authorizing party, the public key of the authenticating party and the intermediate parameters, and returning the authorized information share to the application party,
Receiving the authorization information shares of each authorizer by the applicant and calculating authorization parameters by using the authorization information shares, wherein the collected authorization information shares are added by the applicant to obtain the authorization parameters, the authorization parameters are marked as K, the addition is the addition on the elliptic curve,
Assembling authorization information according to the authorization parameter K, including: the applicant name, the authorized party name, the timestamp and the generated authorization parameter K are assembled into json format by the applicant and used as authorization information,
Transmitting the authorization information to the authenticator, generating an authentication intermediate parameter by the authenticator, comprising: the authentication party obtains a time stamp, an application party and an authorization party from authorization information, the authentication party multiplies the time stamp with a private key of the application party and multiplies the time stamp with a public key of the application party to generate an authentication intermediate parameter M ', the authentication intermediate parameter M' generated by the authentication party is the same as the intermediate parameter M generated by the application party, M is a point on an elliptic curve, a number obtained by adding an x coordinate and a y coordinate of M is taken as the intermediate parameter M,
Generating an authorization verification parameter according to the authentication intermediate parameter M', wherein the authorization verification parameter comprises the following steps: generating an authorization verification parameter K ' by the authentication party by utilizing the private key of the authentication party, the public key of the authorization party and the authentication intermediate parameter M ', wherein for each authorization party, multiplying the intermediate parameter M by the private key of the authentication party and then by the public key of the authorization party to obtain the product result of each authorization party and then summing to obtain the authorization verification parameter K ',
And comparing whether the authorization check parameter is consistent with the authorization parameter K, if so, authenticating, otherwise, authenticating is not passed.
2. The multiparty authentication method based on elliptic curve cryptography algorithm, according to claim 1, wherein said generating public-private key pair by elliptic curve cryptography algorithm comprises:
the public key private key relationship is represented by the formula p=s×g, where s represents the private key, G is the base point of the elliptic curve, and P is a point on the elliptic curve and represents the public key.
3. The multiparty authentication method based on elliptic curve cryptography algorithm, as set forth in claim 1, wherein the steps of:
And acquiring a time stamp from the authorization information by the authenticator, judging whether the authorization information is expired according to the time stamp t, and continuously generating authentication intermediate parameters if the authorization information is not expired.
4. A computer readable medium having stored thereon computer instructions which, when executed by a processor, cause the processor to perform a multiparty authorisation method based on elliptic curve cryptography algorithm as claimed in any one of claims 1 to 3.
CN202210294258.1A 2022-03-24 2022-03-24 Multiparty authorization authentication method based on elliptic curve encryption algorithm Active CN114697099B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210294258.1A CN114697099B (en) 2022-03-24 2022-03-24 Multiparty authorization authentication method based on elliptic curve encryption algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210294258.1A CN114697099B (en) 2022-03-24 2022-03-24 Multiparty authorization authentication method based on elliptic curve encryption algorithm

Publications (2)

Publication Number Publication Date
CN114697099A CN114697099A (en) 2022-07-01
CN114697099B true CN114697099B (en) 2024-05-17

Family

ID=82138795

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210294258.1A Active CN114697099B (en) 2022-03-24 2022-03-24 Multiparty authorization authentication method based on elliptic curve encryption algorithm

Country Status (1)

Country Link
CN (1) CN114697099B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006238142A (en) * 2005-02-25 2006-09-07 Toppan Printing Co Ltd Tag authentication system, authentication device and tag authentication method
KR20110082366A (en) * 2010-01-11 2011-07-19 고려대학교 산학협력단 System for authenticating a caller and method thereof
CN102594843A (en) * 2012-03-22 2012-07-18 中国农业银行股份有限公司 Identity authentication system and method
CN103248488A (en) * 2013-05-14 2013-08-14 顾纯祥 Identity-based key generation method and identity-based authentication method
CN103795692A (en) * 2012-10-31 2014-05-14 中国电信股份有限公司 Open authorization method, open authorization system and authentication and authorization server
CN111224784A (en) * 2019-11-27 2020-06-02 北京工业大学 Role separation distributed authentication and authorization method based on hardware trusted root
WO2020155794A1 (en) * 2019-01-31 2020-08-06 平安科技(深圳)有限公司 Timestamp-based encryption and authentication method, timestamp-based encryption and authentication system, and computer device
WO2020215709A1 (en) * 2019-04-25 2020-10-29 平安科技(深圳)有限公司 Identity authentication method and system, computer device, and storage medium
WO2021083179A1 (en) * 2019-10-30 2021-05-06 阿里巴巴集团控股有限公司 Secure multi-party computing method, apparatus, system, and storage medium
CN112989309A (en) * 2021-05-21 2021-06-18 统信软件技术有限公司 Login method, authentication method and system based on multi-party authorization and computing equipment
WO2021139244A1 (en) * 2020-07-28 2021-07-15 平安科技(深圳)有限公司 Permissions request verification method and apparatus, device, and storage medium
CN113346998A (en) * 2021-08-06 2021-09-03 苏州浪潮智能科技有限公司 Key updating and file sharing method, device, equipment and computer storage medium

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006238142A (en) * 2005-02-25 2006-09-07 Toppan Printing Co Ltd Tag authentication system, authentication device and tag authentication method
KR20110082366A (en) * 2010-01-11 2011-07-19 고려대학교 산학협력단 System for authenticating a caller and method thereof
CN102594843A (en) * 2012-03-22 2012-07-18 中国农业银行股份有限公司 Identity authentication system and method
CN103795692A (en) * 2012-10-31 2014-05-14 中国电信股份有限公司 Open authorization method, open authorization system and authentication and authorization server
CN103248488A (en) * 2013-05-14 2013-08-14 顾纯祥 Identity-based key generation method and identity-based authentication method
WO2020155794A1 (en) * 2019-01-31 2020-08-06 平安科技(深圳)有限公司 Timestamp-based encryption and authentication method, timestamp-based encryption and authentication system, and computer device
WO2020215709A1 (en) * 2019-04-25 2020-10-29 平安科技(深圳)有限公司 Identity authentication method and system, computer device, and storage medium
WO2021083179A1 (en) * 2019-10-30 2021-05-06 阿里巴巴集团控股有限公司 Secure multi-party computing method, apparatus, system, and storage medium
CN111224784A (en) * 2019-11-27 2020-06-02 北京工业大学 Role separation distributed authentication and authorization method based on hardware trusted root
WO2021139244A1 (en) * 2020-07-28 2021-07-15 平安科技(深圳)有限公司 Permissions request verification method and apparatus, device, and storage medium
CN112989309A (en) * 2021-05-21 2021-06-18 统信软件技术有限公司 Login method, authentication method and system based on multi-party authorization and computing equipment
CN113346998A (en) * 2021-08-06 2021-09-03 苏州浪潮智能科技有限公司 Key updating and file sharing method, device, equipment and computer storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
一个基于椭圆曲线的自认证代理密钥分配协议;段晶;;科技信息(第16期);全文 *
椭圆曲线数字签名算法下的公钥密钥验证;任强;赵德平;;计算机与数字工程(第03期);全文 *
王柏华 ; 孙长杰 ; 李照川 ; 王伟兵.远程办公中基于区块链技术的身份认证方法. 信息安全研究.2020,317-326. *

Also Published As

Publication number Publication date
CN114697099A (en) 2022-07-01

Similar Documents

Publication Publication Date Title
US11856104B2 (en) Methods for secure credential provisioning
Son et al. Design of secure authentication protocol for cloud-assisted telecare medical information system using blockchain
US11588637B2 (en) Methods for secure cryptogram generation
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
US20190280863A1 (en) Recovery of secret data in a distributed system
US9853816B2 (en) Credential validation
US10797879B2 (en) Methods and systems to facilitate authentication of a user
US9185111B2 (en) Cryptographic authentication techniques for mobile devices
US11784825B2 (en) Lattice based signatures with uniform secrets
CN110969431B (en) Secure hosting method, device and system for private key of blockchain digital coin
CN110380846B (en) Electronic medical record patient signature method and system
CN110138548B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and DH protocol
CN110380859B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol
CN111630810A (en) Key exchange device, key exchange system, key exchange method, and key exchange program
CN110176989B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool
CN110098925B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number
CN115174104A (en) Attribute-based online/offline signature method and system based on secret SM9
Agrawal et al. Game-set-MATCH: Using mobile devices for seamless external-facing biometric matching
CN110266483B (en) Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD
Zhu et al. A Novel One-Time Identity-Password Authenticated Scheme Based on Biometrics for E-coupon System.
CN114697099B (en) Multiparty authorization authentication method based on elliptic curve encryption algorithm
Hamian et al. Blockchain-based User Re-enrollment for Biometric Authentication Systems
CN114584975A (en) Anti-quantum satellite network access authentication method based on SDN
CN110138547B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and serial number
Hajny et al. Privacy-friendly access control based on personal attributes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant