CN114866255A - Multi-factor authentication method oriented to multi-IDP aggregation by taking user as center - Google Patents

Multi-factor authentication method oriented to multi-IDP aggregation by taking user as center Download PDF

Info

Publication number
CN114866255A
CN114866255A CN202210468887.1A CN202210468887A CN114866255A CN 114866255 A CN114866255 A CN 114866255A CN 202210468887 A CN202210468887 A CN 202210468887A CN 114866255 A CN114866255 A CN 114866255A
Authority
CN
China
Prior art keywords
user
authentication
identity
factor
idp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210468887.1A
Other languages
Chinese (zh)
Other versions
CN114866255B (en
Inventor
姜奇
刘怡静
杨雪
赵贵川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202210468887.1A priority Critical patent/CN114866255B/en
Publication of CN114866255A publication Critical patent/CN114866255A/en
Application granted granted Critical
Publication of CN114866255B publication Critical patent/CN114866255B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

A multi-factor authentication method oriented to multi-IDP aggregation by taking a user as a center is used for solving the problems of user identity privacy and incapability of realizing multi-IDP expandability, and comprises the following specific steps: the data registration center generates public parameters and signature keys and verification keys of each identity provider IDP; each identity provider IDP issues identity certificates for different authentication factors of the user and stores the identity certificates in a data registration center; obtaining a certificate from a data registration center by a user according to an authorization strategy of a Service Provider (SP); the user aggregates a plurality of certificates into one certificate; the service provider SP verifies the authentication factor in the credentials using zero-knowledge proof and bilinear mapping techniques. The method has the advantages of unlinkability and untraceability of the user, reduces the calculation cost of multi-IDP scene authentication, and can be widely applied to identity authentication application systems with high security level.

Description

Multi-factor authentication method oriented to multi-IDP aggregation by taking user as center
Technical Field
The invention belongs to the technical field of information security, and further relates to a multi-factor authentication method for multi-identity provider (IDP) (identity provider) aggregation by taking a user as a center in the technical field of identity authentication. The invention relies on the remote server to carry out identity authentication on the person to be authenticated (terminal user), and can be widely applied to the identity authentication scene of a multi-IDP scene to process the relationship between the identity of the terminal user and the authentication factors.
Background
Multi-factor authentication refers to the use of cryptographic technology to combine two or more different authentication factors to realize identity authentication, wherein the authentication factors are classified into three categories, namely, a secret (password) that a person can remember, equipment held by the person, a smart card, a long key, and the like, and features (a face, a fingerprint, and behaviors) possessed by the person. Only when all authentication factors are obtained at the same time, the authentication can be passed, and the safety intensity of identity authentication is enhanced by multi-factor authentication. However, as the number of digital platforms continues to increase, the threat faced by end users is becoming increasingly complex, and existing multi-factor authentication methods have deficiencies. On one hand, the problem of identity privacy is not considered, and a malicious attacker can track users or link to the same user according to the identity of the terminal user; on the other hand, the problem of multi-IDP expansibility is ignored, that is, the terminal user can only display the identity certificate issued by one IDP to the service provider SP (service provider) at a time, and the certificates issued by a plurality of IDPs need to be verified for many times, so that the calculation cost in the authentication process is increased.
The patent document "a dynamic multi-factor identity authentication method and communication method based on threshold" (patent application No. CN202111158752.7, application publication No. CN113904833A) applied by the university of beijing discloses a multi-factor authentication method based on threshold. The method constructs a Threshold Multi-factor Authentication method TMFA (Threshold Multi-factor Authentication) by utilizing an inadvertent Pseudo-Random function TOPRF (Threshold overhead Pseudo Random function) based on a Threshold and an Authentication Key Exchange protocol AKE (Authenticated Key-Exchange). The method allows the user to perform identity authentication through passwords, a plurality of optional devices and biological characteristics, and supports the user to autonomously select a plurality of authentication factors from a plurality of authentication factors for authentication according to requirements. The password is enhanced into a random key through a modified TOPRF protocol, and the random key is used for running an AKE protocol to carry out identity authentication. The key of the device factor is stored locally, and the biological factor extracts the biological characteristics of the user into the key through a fuzzy extraction technology so as to prevent the biological factor from being leaked when the storage file of the server is leaked. Although the method improves the safety of the multi-factor authentication and effectively realizes the flexibility of the user using factors in the multi-factor identity authentication, the method still has the following defects: firstly, because the method limits the authentication factor types, namely, a user can freely select t from passwords, biological characteristics and a plurality of devices (n in total) to realize authentication, the user can masquerade as the user as long as a malicious attacker obtains t of the n factors; secondly, for different SPs, a user may use the same credential authentication, resulting in multiple SPs being able to link the same user, thereby revealing other privacy of the user; finally, for multiple identity credentials issued by multiple IDPs, the SP needs to verify separately, which greatly increases the computational overhead.
Labrode R et al, in their published paper "A User-Central identification Management Framework on the W3C Verifiable creatives and the FIDO Universal Authentication Framework" (2020IEEE 17th Annual Consumer Communications & network Conference (CCNC), IEEE 2020:1-8.) propose an Identity Authentication method oriented towards multiple IDPs with a User as the center. The method divides IDP into a plurality of attribute authorities AA (attribute authorities), e.g., universities as AA claim diplomas or student identities, companies and municipalities as AA claim names and addresses, etc. Firstly, a user requests service from an SP (service provider), and the SP returns an authorization strategy containing AA and corresponding attributes; then, the user queries a plurality of AA, the AA verifies the user identity and signs the user Attribute to obtain a voucher (Attribute Based Credentials) Based on the Attribute; after receiving all the certificates, the user forwards the certificates to the SP; after the SP receives the certificate set, the AA public key is used for verifying the authenticity of the certificate, the verification is successful, the user passes the identity authentication, the SP provides service for the user, and otherwise, the service is refused. The SP can select the attribute required in the authorization strategy in a fine-grained manner, so that the flexibility of the authentication method is improved, but the method still has the following defects: firstly, the method requires that SP and AA must be on-line at the same time, because after SP puts forward an authorization strategy, a user needs to inquire AA immediately to obtain ABC; secondly, ABC issued by different AA needs to be verified separately, and the calculation cost of SP verification certificates is increased; thirdly, the method only supports multi-attribute authentication, common attributes comprise gender, language, address, age and the like, and the authentication accuracy of the user is difficult to guarantee by using the attributes for authenticating the user, because the users with the same attributes may not be the same person.
Disclosure of Invention
The invention aims to provide a multi-factor authentication method facing multi-IDP aggregation by taking a user as a center, aiming at overcoming the defects of the prior art, and aiming at solving the problems that other privacy of the user is revealed by linking the same user by a plurality of SPs, the SPs entrust IDP authentication, the IDP can track the SP accessed by the user, and the untraceability and the unlinkability are realized.
The idea for realizing the purpose of the invention is as follows: the present invention sets forth four participating entities, respectively a data registry, a user, an IDP, and an SP, according to the verifiable credential data model set forth by the W3C official agency. The invention adopts an authentication architecture taking a user as a center, the user and the IDP interact to obtain the certificate, the user interacts with the SP to verify the certificate, and interacts with the data registration center to store and retrieve the certificate, the rest three entities except the user can not interact, and the architecture taking the user as the center ensures that the IDP does not participate in the certificate verification process and can not track the SP accessed by the user, thereby solving the problem that the SP entrusts the IDP authentication, and the IDP can track the SP accessed by the user. Aiming at a plurality of IDPs, the invention verifies authentication factors such as passwords, biological characteristics and the like of the user by using a zero-knowledge proof technology, does not reveal the authentication factors to the IDPs in the authentication process, and issues an identity certificate based on the authentication factors to the user by a signature technology based on a label. In the invention, the user retrieves the certificates from the data registration center and carries out randomization treatment, and the zero-knowledge proof technology is used for authentication, so that different certificates are displayed for different SPs, and a plurality of SPs cannot be linked to the same user through the certificates, thereby solving the problem of other privacy disclosure of the user caused by the fact that the plurality of SPs are linked to the same user. The user of the invention aggregates a plurality of certificates and displays the certificates to the SP in the form of one certificate, the SP verifies the authenticity and integrity of the certificate, if the verification is successful, the service is provided, otherwise, the service is refused, the multi-IDP expansibility is realized, and the authentication efficiency is improved.
The implementation steps of the invention comprise the following steps:
step 1, the data registration center generates public parameters and signature keys and verification keys of each identity provider:
step 1.1, the data registration center respectively generates and discloses seven public parameters q, p, G 1 ,G 2 ,g,
Figure BDA0003620538510000031
G T The data registration center generates respective user identity for each user and transmits the user identity to the user; wherein p and q represent prime numbers with the length of 160 bits, the relation between p and q satisfies q | (p-1), | represents integer division symbol, G 1 And G 2 Denotes the cyclic group with q as the order, g and
Figure BDA0003620538510000032
each represents G 1 And G 2 The generator of (2), the cyclic group G 1 ,G 2 ,G T There is a bilinear mapping G between 1 ×G 2 →G T From group G 1 And G 2 Can generate a group G T All of the elements in (1);
step 1.2, the data registry generates random numbers (t) between integers 1 and q-1 by means of a random number generator j ,u j ,v j r j,i ,s j,i )∈[1,q-1]As a signing key for each identity provider; according to the standard of the public key infrastructure, the data registration center calculates a verification key corresponding to the signature key:
Figure BDA0003620538510000033
wherein j represents the serial number of the identity provider, and i represents the serial number of the user authentication factor;
step 2, each identity provider issues identity certificates for different authentication factors of each user:
step 2.1, user utilizationMap-to-point function, calculating group element H ═ H G (ID)∈G 2 (ii) a The user generates random numbers between integers 1 to q-1 using a random number generator
Figure BDA0003620538510000041
As a temporary secret for the user; user utilization of group element h and temporary secret
Figure BDA0003620538510000042
Construction label
Figure BDA0003620538510000043
Sending a request to each identity provider to issue a credential for the user; wherein, the ID represents the identity of the user, and the identity of each user is different;
step 2.2, the user performs with each identity provider regarding the user authentication factor (x) j,1 ,x j,2 ,…,x j,n ) Of (a), wherein x j,1 Representing a 1 st authentication factor that the user attests at a jth identity provider, n representing a total number of authentication factors that the user attests at the jth identity provider;
step 2.3, each identity provider authenticates the user with a signature factor (x) based on the label j,1 ,x j,2 ,…,x j,n ) Signing is carried out, and the following multi-factor certificate based on the tag tau is obtained and then sent to a user:
Figure BDA0003620538510000044
wherein σ j Represents a credential issued by the jth identity provider;
step 2.4, the user stores the certificate of each identity provider in a data registration center;
step 3, each user obtains the certificate from the data registration center according to the authorization strategy:
the user requests authentication from a service provider, the service provider sends an authorization strategy containing authentication factors required by the service provider to authenticate the user, and the user acquires a certificate corresponding to the authentication factors from a data registration center according to the authorization strategy;
step 4, each user utilizes an aggregation mode to construct an aggregation certificate:
user calculates sigma ═ Π sigma j Obtaining the aggregation voucher of the user; after randomizing the tag tau and the aggregation voucher sigma, the user sends a randomized tag tau 'and a randomized aggregation voucher sigma' to a service provider; wherein, Pi represents a successive multiplication symbol;
step 5, after receiving the randomized aggregate voucher sigma', the service provider uses the verification key vk of each identity provider j,i Performing authentication factor (x) with each user j,1 ,x j,2 ,…,x j,n ) Verifying the authentication factor in the certificate through bilinear mapping technology, if the verification is successful, executing the step 6, otherwise, executing the step 7;
step 6, each user is successfully authenticated, and the service provider provides the user service;
and 7, when the identity authentication of each user fails, the service provider sends authentication failure to the user and refuses to provide service for the user.
Compared with the prior art, the invention has the following advantages:
first, because the present invention uses a user-centric architecture, the IDP does not need to participate in the authentication process between the user and the SP, thereby overcoming the problem that the SP delegates the IDP authentication in the prior art, and the IDP can track the SP accessed by the user. The invention can ensure the identity privacy of the user at the IDP and provide the untraceability.
Secondly, the invention utilizes the zero-knowledge proof technology to verify the identity certificate of the user, thereby overcoming the problem that in the prior art, the user directly sends the certificate to the SP for authentication, so that a plurality of SPs can be linked to the same user according to the certificate, thereby revealing other privacy of the user. The invention can ensure the privacy of the user identity at the SP and provide unlinkability.
Thirdly, as the invention utilizes the signature technology based on the label to aggregate the certificates from a plurality of IDPs and displays the certificates to the SP for simultaneous authentication in the form of one certificate, the invention overcomes the problems that the certificates issued by a plurality of IDPs need to be verified for a plurality of times and the calculation cost is increased in the prior art. The authentication efficiency of the invention is greatly improved.
Drawings
FIG. 1 is a flow chart of an implementation of the method of the present invention;
fig. 2 is a schematic structural diagram of an identity authentication system to which the present invention is applicable.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
The implementation steps of the present invention are further described with reference to fig. 1 and the embodiment.
The embodiment of the invention carries out identity authentication on a mobile phone user to be authenticated under the conditions of two identity providers and three authentication factors.
Step 1, the data registry generates public parameters and signature keys and verification keys of each identity provider.
Step 1.1, adopting bilinear mapping rules and signature algorithm standards based on labels, 7 public parameters q, p and G are respectively generated by a data registration center 1 ,G 2 ,g,
Figure BDA0003620538510000051
G T Publicly, the data registry transmits the generated identity of each mobile phone user to the user, each mobile phone user generates a label by using the identity of the mobile phone user, the label can be regarded as an alias of the mobile phone user, wherein p and q both represent prime numbers with the length of 160 bits, the relation between p and q satisfies q | (p-1), and "|" represents an integer division symbol. G 1 And G 2 Denotes the cyclic group with q as the order, g and
Figure BDA0003620538510000052
each represents G 1 And G 2 The generator of (1). The circulation group G 1 ,G 2 ,G T There is a bilinear mapping relationship between them, G 1 ×G 2 →G T From group G 1 And G 2 All elements in (1) are rawGroup G T All of the elements in (1).
The label-based signature algorithm standard is one of the signature algorithms proposed by H beta. C et al in the published paper "Tracable Constant-Size Multi-Authority signatures [ J ]" (Cryptology embedding, Report2020/657, https:// embedding. or. org/2020/657,2020).
Step 1.2, the data registration center generates 7 random numbers between integers 1 and q-1 through a random number generator, and takes the 7 random numbers as a signature key sk of the 1 st identity provider according to the signature algorithm standard based on the label 1 =(t 1 ,u 1 ,v 1 ,r 1,1 ,s 1,1 ,r 1,2 ,s 1,2 )∈[1,q-1]. According to the standard of public key infrastructure, the data registration center generates a verification key corresponding to the signature key
Figure BDA0003620538510000061
Step 1.3, the data registration center generates 5 random numbers between integers 1 and q-1 through a random number generator, and takes the 5 random numbers as a signature key sk of a 2 nd identity provider according to a signature algorithm standard based on a label 2 =(t 2 ,u 2 ,v 2 ,r 2,1 ,s 2,1 )∈[1,q-1]. According to the standard of public key infrastructure, the data registration center generates a verification key corresponding to the signature key
Figure BDA0003620538510000062
And 2, each identity provider issues identity certificates for different authentication factors of the user, and the certificates are stored in the data registration center.
In the embodiment of the invention, the 1 st identity provider issues identity certificates based on passwords and equipment keys for mobile phone users, and the 2 nd identity provider issues identity certificates based on biological characteristics for mobile phone users.
Step 2.1, the mobile phone user utilizes the Map-to-point function H G (. o) calculate G 2 Group element H ═ H in cyclic group G (ID)∈G 2 And the ID represents the identity of the mobile phone user. Generating random numbers using a random number generator
Figure BDA0003620538510000063
As temporary secret of mobile phone user, calculating identity tag of mobile phone user according to signature algorithm standard based on tag
Figure BDA0003620538510000064
And respectively sending the identity labels to two identity providers to request to issue certificates for the mobile phone users. And after receiving the label, the identity provider inquires a registration list in the database whether the label of the mobile phone user exists, if so, the identity provider indicates that the mobile phone user is registered, and refuses to issue the certificate for the mobile phone user again, otherwise, the identity provider executes the step 2.2.
And 2.2, verifying the authentication factors of the user by the two identity providers by using a zero-knowledge proof technology respectively. The authentication of the handset user password pwd is described below using the first identity provider as an example U And the device key sk U The process of (1).
Step 1, mobile phone users respectively calculate zero knowledge proof information
Figure BDA0003620538510000065
Figure BDA0003620538510000071
And
Figure BDA0003620538510000072
and sent to a first identity provider, where x 1,1 Is the password hash x of the user of the mobile phone 1,1 =H(pwd U ),x 1,2 Is a key hash x of the mobile phone user 1,2 =H(sk U ) H (-) is the SHA-1 hash function, d 1 ,d 2 ∈[1,q-1]Is the random number generated by the random number generator and mod (-) is the modulo operation.
And step 2, after receiving the message, the first identity provider generates a random number c by using a random number generator and sends the random number c to the user, wherein c belongs to [1, q-1 ].
Step 3, according to the zero knowledge proof standard, the mobile phone user respectively calculates the zero knowledge proof information m 1 =d 1 +x 1,1 Cmodq and m 2 =d 2 +x 1,2 Cmodq and sends it to the first identity provider.
Step 4, the first identity provider receives m 1 And m 2 Later, verify the equation by zero knowledge proof
Figure BDA0003620538510000073
And
Figure BDA0003620538510000074
if yes, then the user of the mobile phone is determined to have the password pwd U And the device key sk U Then step 2.3 is executed, otherwise, the first identity provider refuses to issue the certificate for the mobile phone user.
And 2.3, respectively constructing different certificates for the user by the two identity providers by using the signature based on the label.
The first identity provider generates a password pwd owned by the user of the mobile phone U And the device key sk U Associated certificates
Figure BDA0003620538510000075
And transmitting to the mobile phone user, wherein (t) 1 ,u 1 ,v 1 ,r 1,1 ,s 1,1 ,r 1,2 ,s 1,2 ) Representing the signature key of the first identity provider.
Second identity provider generates and generates biometric features W for mobile phone user U Associated credentials
Figure BDA0003620538510000076
And transmitting to the mobile phone user, wherein (t) 2 ,u 2 ,v 2 ,r 2,1 ,s 2,1 ) Signature Key, x representing a second identity provider 2,1 Biometric hash x representing a user of a mobile phone 2,1 =H(R U ) Biological secret key R U Is generated by a fuzzy extractorGeneration algorithm Gen (W) U )→(R U ,P U ) Calculated.
Step 2.4, the mobile phone user obtains the certificate sigma obtained in step 2.3 1 And voucher sigma 2 Stored in a data registry.
Step 3, the mobile phone user requests authentication to the service provider SP, the service provider SP sends an authorization strategy, the authorization strategy refers to authentication factors required by the service provider SP for authentication, and the mobile phone user obtains a certificate sigma corresponding to the authentication factors in the authorization strategy from the data registration center through a mobile phone user tag 1 And σ 2
Step 4, the mobile phone user combines the certificate sigma in an aggregation mode 1 And σ 2 Configured as a credential.
The mobile phone user generates a random number rho E [1, q-1] through a random number generator]Randomizing tag τ to
Figure BDA0003620538510000081
Randomization refers to the indexing of elements with random numbers. The mobile phone user generates a random number b from a random number generator to be in an element of [1, q-1]]Certificate σ 1 And σ 2 Polymerizing to obtain sigma ═ h b ·σ 1 ·σ 2 ) ρ modp, the handset user sends the randomized tag τ 'and the aggregation credential σ' to the service provider SP.
And 5, after receiving the randomized label tau 'and the aggregation voucher sigma', the service provider SP verifies the authentication factors in the voucher by using zero knowledge proof and a bilinear mapping technology.
Step 5.1, the mobile phone user generates a random number (z) through a random number generator 0 ,z 1 ,z 2 ,z 3 )∈[1,q-1]Construction of password, device key and biometric-based secondary commitment using authentication keys of two identity providers
Figure BDA0003620538510000082
And sent to the service provider SP.
And 5.2, the service provider SP generates a random number k belonging to [1, q-1] by using a random number generator and sends the random number k belonging to [1, q-1] to the mobile phone user.
Step 5.3, the mobile phone user calculates zero knowledge proof information w 0 =z 0 +b·kmodq、w 1 =z 1 +x 1,1 ·kmodq、w 2 =z 2 +x 1,2 Kmdq and w 3 =z 3 +x 2,1 Kmodq and sent to the service provider SP, where x 1,1 Is the password hash x of the user of the mobile phone 1,1 =H(pwd U ),x 1,2 Is a key hash x of the mobile phone user 1,2 =H(sk U ),x 2,1 Is a biometric hash x of the user of the mobile phone 2,1 =H(R U ),R U Calculating Rep (P) by using fuzzy extractor technology U ,W U ) The obtained biometric key, Rep (-) of the mobile phone user is a reconstruction algorithm of the fuzzy extractor.
Step 5.4, after the service provider SP receives the zero knowledge proof information, the formula is verified
Figure BDA0003620538510000083
Figure BDA0003620538510000084
And if so, executing the step 6, otherwise, executing the step 7. Where e (-) represents a bilinear mapping function.
Step 6, the identity authentication of the mobile phone user is successful, and the service provider SP provides service for the mobile phone user
And 7, the identity authentication of the mobile phone user fails, and the service provider SP sends authentication failure to the mobile phone user to refuse to provide service for the mobile phone user.
The system architecture of the present invention is further described with reference to fig. 2.
The invention adopts an authentication architecture taking a mobile phone user as a center, the mobile phone user is placed in the center, and the functions of each participating entity are as follows.
The mobile phone user is arranged in the center of the authentication frame and is responsible for interacting with the IDP of the identity provider to acquire the identity certificate, interacting with the data registration center to store and retrieve the certificate, interacting with the SP of the service provider to realize authentication and acquire service.
And the data registry is responsible for generating parameters and storing the certificates.
And the identity provider IDP is responsible for verifying the information of the mobile phone user and issuing identity certificates to the mobile phone user.
And the service provider SP is responsible for verifying the identity certificate of the mobile phone user and providing corresponding service.
The overall operation flow of the invention is as follows.
The data registration center carries out system initialization, a plurality of identity providers respectively use the signature based on the label to issue certificates with different authentication factors for the mobile phone user, the reason for using the signature based on the label is that the signature can aggregate the certificates issued by different IDPs of the same mobile phone user according to the label, and the mobile phone user stores the certificates in the data registration center after receiving the certificates.
The mobile phone user requests service from the service provider SP, the service provider SP provides an authorization strategy, and the mobile phone user accesses the data registration center to retrieve the required certificate in the authorization strategy according to the authorization strategy. To prevent multiple service providers SP from linking to the same handset user, the handset user randomizes the credentials so that the credentials presented for different service providers SP are also different. In addition, in order to reduce the calculation cost, the mobile phone user aggregates the randomized certificates and utilizes the zero-knowledge certification technology to certify the identity of the service provider SP. And when the service provider SP is successfully verified, providing service for the mobile phone user.

Claims (5)

1. A multi-factor authentication method oriented to multi-IDP aggregation with a user as a center is characterized in that a user-centered authentication architecture is adopted, different certificates issued by a plurality of IDPs of identity providers are aggregated by using a signature based on a label, and authentication factors in the aggregated certificates are verified by using zero knowledge certification; the method comprises the following steps:
step 1, the data registration center generates public parameters and signature keys and verification keys of each identity provider:
step 1.1, the data registration center respectively generates and discloses seven public parameters q, p, G 1 ,G 2 ,g,
Figure FDA0003620538500000011
G T The data registration center generates respective user identity for each user and transmits the user identity to the user; wherein p and q represent prime numbers with the length of 160 bits, the relation between p and q satisfies q | (p-1), | represents integer division symbol, G 1 And G 2 Denotes the cyclic group with q as the order, g and
Figure FDA0003620538500000012
respectively represent G 1 And G 2 The generator of (2), the cyclic group G 1 ,G 2 ,G T There is a bilinear mapping G between 1 ×G 2 →G T From group G 1 And G 2 Can generate a group G T All of the elements in (1);
step 1.2, the data registry generates random numbers (t) between integers 1 and q-1 by means of a random number generator j ,u j ,v j r j,i ,s j,i )∈[1,q-1]As a signing key for each identity provider; according to the standard of the public key infrastructure, the data registration center calculates a verification key corresponding to the signature key:
Figure FDA0003620538500000013
wherein j represents the serial number of the identity provider, and i represents the serial number of the user authentication factor;
step 2, each identity provider issues identity certificates for different authentication factors of each user:
step 2.1, the user calculates the group element H ═ H by using the Map-to-point function G (ID)∈G 2 (ii) a The user generates random numbers between integers 1 to q-1 using a random number generator
Figure FDA0003620538500000014
As a temporary secret for the user; user utilization of group element h and temporary secret
Figure FDA0003620538500000015
Construction label
Figure FDA0003620538500000016
Sending a request to each identity provider to issue a credential for the user; wherein, the ID represents the identity of the user, and the identity of each user is different;
step 2.2, the user performs with each identity provider regarding the user authentication factor (x) j,1 ,x j,2 ,…,x j,n ) Of (a), wherein x j,1 Representing a 1 st authentication factor that the user attests at a jth identity provider, n representing a total number of authentication factors that the user attests at the jth identity provider;
step 2.3, each identity provider authenticates the user with a signature factor (x) based on the label j,1 ,x j,2 ,…,x j,n ) Signing is carried out, and the following multi-factor certificate based on the tag tau is obtained and then sent to a user:
Figure FDA0003620538500000021
wherein σ j Represents a credential issued by the jth identity provider;
step 2.4, the user stores the certificate of each identity provider in a data registration center;
step 3, each user obtains the certificate from the data registration center according to the authorization strategy:
the user requests authentication from a service provider, the service provider sends an authorization strategy containing authentication factors required by the service provider to authenticate the user, and the user acquires a certificate corresponding to the authentication factors from a data registration center according to the authorization strategy;
step 4, each user utilizes an aggregation mode to construct an aggregation certificate:
user calculates sigma ═ Π sigma j Obtaining the aggregation voucher of the user; after randomizing the label tau and the aggregation voucher sigma, the user sends the randomized label tau 'and the randomized aggregation voucher sigma' to the service providerA supplier; wherein, Pi represents a successive multiplication symbol;
step 5, after receiving the randomized aggregate voucher sigma', the service provider uses the verification key vk of each identity provider j,i Performing authentication factor (x) with each user j,1 ,x j,2 ,…,x j,n ) Verifying the authentication factor in the certificate through bilinear mapping technology, if the verification is successful, executing the step 6, otherwise, executing the step 7;
step 6, each user is successfully authenticated, and the service provider provides the user service;
and 7, when the identity authentication of each user fails, the service provider sends authentication failure to the user and refuses to provide service for the user.
2. The user-centric multi-IDP aggregation-oriented multi-factor authentication method of claim 1, wherein: authentication factor (x) as described in step 2.2, step 2.3 and step 5 j,1 ,x j,2 ,…,x j,n ) Refers to user passwords, biometrics, device keys, smart phones.
3. The user-centric multi-factor authentication method for multi-IDP aggregation according to claim 1, wherein: the zero-knowledge proof described in step 2.2 refers to an authentication agreement between the proving party and the verifying party, the objective of which is to convince the verifying party that the proving party has the secret without the proving party providing the verifying party with a clear text value of the secret.
4. The user-centric multi-IDP aggregation-oriented multi-factor authentication method of claim 1, wherein: the signature technology based on the label in step 2.3 means that the label can be regarded as a pseudonym of the user, the user aggregates signatures from a plurality of signing parties by using the label, and the verifying party verifies the aggregated signature.
5. The user-centric multi-factor authentication method for multi-IDP aggregation according to claim 1, wherein: the bilinear mapping technique described in step 5 is to generate a function of one element in the third vector space from the elements in the two vector spaces, and the function is linear for each parameter.
CN202210468887.1A 2022-04-28 2022-04-28 Multi-factor authentication method for multi-IDP aggregation with user as center Active CN114866255B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210468887.1A CN114866255B (en) 2022-04-28 2022-04-28 Multi-factor authentication method for multi-IDP aggregation with user as center

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210468887.1A CN114866255B (en) 2022-04-28 2022-04-28 Multi-factor authentication method for multi-IDP aggregation with user as center

Publications (2)

Publication Number Publication Date
CN114866255A true CN114866255A (en) 2022-08-05
CN114866255B CN114866255B (en) 2023-09-08

Family

ID=82635406

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210468887.1A Active CN114866255B (en) 2022-04-28 2022-04-28 Multi-factor authentication method for multi-IDP aggregation with user as center

Country Status (1)

Country Link
CN (1) CN114866255B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116866034A (en) * 2023-07-11 2023-10-10 吉客印(郑州)数字科技有限公司 Distributed node authentication method, electronic equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130262858A1 (en) * 2012-04-01 2013-10-03 Authentify, Inc. Secure authentication in a multi-party system
CN107294725A (en) * 2016-04-05 2017-10-24 电子科技大学 A kind of three factor authentication methods under environment of multi-server
US20170339138A1 (en) * 2016-05-23 2017-11-23 Pomian & Corella Llc Multifactor privacy-enhanced remote identification using a rich credential
CN107735984A (en) * 2015-07-07 2018-02-23 阿读随得有限公司 The method that shielded electronic communication, the safe transmission of information and processing are established between three or more main bodys
CN109347799A (en) * 2018-09-13 2019-02-15 深圳市图灵奇点智能科技有限公司 A kind of identity information management method and system based on block chain technology
CN110324151A (en) * 2019-06-25 2019-10-11 北京智涵芯宇科技有限公司 Safety chip and application method, system and medium based on PUF and zero-knowledge proof
CN113221089A (en) * 2021-03-15 2021-08-06 东北大学 Privacy protection attribute authentication system and method based on verifiable statement
CN113486324A (en) * 2021-07-23 2021-10-08 公安部第三研究所 Method for realizing three-factor anonymous identity authentication based on SM2 algorithm

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130262858A1 (en) * 2012-04-01 2013-10-03 Authentify, Inc. Secure authentication in a multi-party system
CN107735984A (en) * 2015-07-07 2018-02-23 阿读随得有限公司 The method that shielded electronic communication, the safe transmission of information and processing are established between three or more main bodys
CN107294725A (en) * 2016-04-05 2017-10-24 电子科技大学 A kind of three factor authentication methods under environment of multi-server
US20170339138A1 (en) * 2016-05-23 2017-11-23 Pomian & Corella Llc Multifactor privacy-enhanced remote identification using a rich credential
CN109347799A (en) * 2018-09-13 2019-02-15 深圳市图灵奇点智能科技有限公司 A kind of identity information management method and system based on block chain technology
CN110324151A (en) * 2019-06-25 2019-10-11 北京智涵芯宇科技有限公司 Safety chip and application method, system and medium based on PUF and zero-knowledge proof
CN113221089A (en) * 2021-03-15 2021-08-06 东北大学 Privacy protection attribute authentication system and method based on verifiable statement
CN113486324A (en) * 2021-07-23 2021-10-08 公安部第三研究所 Method for realizing three-factor anonymous identity authentication based on SM2 algorithm

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
QI JIANG , XIN ZHANG , NING ZHANG , YOULIANG TIAN , XINDI MA , JIANFENG MA: "Three-factor authentication protocol using physical unclonable function for IoV", 《COMPUTER COMMUNICATIONS》 *
WENZHENG LIU; XIAOFENG WANG; WEI PENG: "Secure Remote Multi-Factor Authentication Scheme Based on Chaotic Map Zero-Knowledge Proof for Crowdsourcing Internet of Things", 《IEEE ACCESS ( VOLUME: 8) 》 *
魏福山;张刚;马建峰;马传贵;: "标准模型下隐私保护的多因素密钥交换协议", 《软件学报》, no. 06 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116866034A (en) * 2023-07-11 2023-10-10 吉客印(郑州)数字科技有限公司 Distributed node authentication method, electronic equipment and storage medium
CN116866034B (en) * 2023-07-11 2024-03-08 吉客印(郑州)数字科技有限公司 Distributed node authentication method, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN114866255B (en) 2023-09-08

Similar Documents

Publication Publication Date Title
Xu et al. EVchain: an anonymous blockchain-based system for charging-connected electric vehicles
Wang et al. Identity-based data outsourcing with comprehensive auditing in clouds
CN109687976A (en) Fleet's establishment and management method and system based on block chain and PKI authentication mechanism
JP4639084B2 (en) Encryption method and encryption apparatus for secure authentication
US8930704B2 (en) Digital signature method and system
CN108270571A (en) Internet of Things identity authorization system and its method based on block chain
CN107196966A (en) The identity identifying method and system of multi-party trust based on block chain
CN106341232B (en) A kind of anonymous entity discrimination method based on password
CN104125199B (en) A kind of anonymous authentication method and system based on attribute
Yuen et al. How to construct identity-based signatures without the key escrow problem
CN105978695A (en) Batch self-auditing method for cloud storage data
CN108696360A (en) A kind of CA certificate distribution method and system based on CPK keys
CN102546173B (en) Digital signature system and signature method based on certificate
CN109963282A (en) Secret protection access control method in the wireless sensor network that IP is supported
CN109981292B (en) SM9 algorithm-based authentication method, device and system
CN108494559B (en) Electronic contract signing method based on semi-trusted third party
CN110378152B (en) Contract signing management system and method based on PKICA authentication and block chain technology
CN109639426A (en) Bidirectional self-authentication method based on identification password
CN108833373A (en) The instant messaging and anonymous access method of facing relation secret protection social networks
WO2006070682A1 (en) Limited blind signature system
GB2543072A (en) Public key infrastructure & method of distribution
CN105187405A (en) Reputation-based cloud computing identity management method
CN110932865B (en) Linkable ring signature generation method based on SM2 digital signature algorithm
CN106533681B (en) A kind of attribute method of proof and system that support section is shown
CN114866255B (en) Multi-factor authentication method for multi-IDP aggregation with user as center

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant