CN115150098A - Identity authentication method based on challenge response mechanism and related equipment - Google Patents

Identity authentication method based on challenge response mechanism and related equipment Download PDF

Info

Publication number
CN115150098A
CN115150098A CN202210772874.3A CN202210772874A CN115150098A CN 115150098 A CN115150098 A CN 115150098A CN 202210772874 A CN202210772874 A CN 202210772874A CN 115150098 A CN115150098 A CN 115150098A
Authority
CN
China
Prior art keywords
authentication
data
terminal
authentication server
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210772874.3A
Other languages
Chinese (zh)
Inventor
邱艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202210772874.3A priority Critical patent/CN115150098A/en
Publication of CN115150098A publication Critical patent/CN115150098A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The embodiment of the disclosure provides an identity authentication method based on a challenge response mechanism and related equipment, and relates to the technical field of communication. Performed by a terminal the method comprises the following steps: sending identity authentication request information to an authentication server, receiving request response information sent by an authentication server; generating first authentication data and sending the first authentication data to an authentication server; if the authentication server successfully authenticates the first authentication data, receiving second authentication data sent by the authentication server, and authenticating the second authentication data; if the second authentication data is successfully authenticated, generating third authentication data and sending the third authentication data to the authentication server; and if the authentication server successfully authenticates the third authentication data, receiving identity authentication success information sent by the authentication server. The identity authentication method based on the challenge response mechanism can perform bidirectional identity authentication on the terminal and the authentication server.

Description

Identity authentication method based on challenge response mechanism and related equipment
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an identity authentication method, a terminal, an authentication server, an electronic device, and a computer-readable storage medium based on a challenge-response mechanism.
Background
Identity authentication is an important way for ensuring information security in the process of using information technology, and is an important precondition for ensuring that various security measures can normally play a role. In the existing identity authentication mechanism, the one-way authentication of the authentication server to the terminal is mostly realized, the authentication of the terminal to the authentication server is ignored, and the key and the data are easily attacked and stolen by counterfeit servers such as phishing websites and the like.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The embodiment of the disclosure provides an identity authentication method, a terminal, an authentication server, an electronic device and a computer readable storage medium based on a challenge response mechanism, which can perform bidirectional identity authentication on the terminal and the authentication server, and solve the problem that the terminal does not perform authentication on the authentication server.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of the present disclosure, there is provided an identity authentication method based on a challenge-response mechanism, the method being performed by a terminal and including: sending identity authentication request information to an authentication server, and receiving request response information sent by the authentication server; generating first authentication data, and sending the first authentication data to the authentication server; if the authentication server successfully authenticates the first authentication data, receiving second authentication data sent by the authentication server, and authenticating the second authentication data; if the second authentication data is successfully authenticated, generating third authentication data, and sending the third authentication data to the authentication server; and if the authentication server successfully authenticates the third authentication data, receiving identity authentication success information sent by the authentication server.
In some embodiments of the present disclosure, the identity authentication request information includes a terminal identity and a terminal digital certificate; the request response information comprises an authentication server identity mark, an authentication server digital certificate and identity authentication challenge starting information.
In some embodiments of the present disclosure, the first authentication data comprises a challenge cryptogram and a first timestamp; wherein generating first authentication data and sending the first authentication data to the authentication server comprises: if receiving identity authentication challenge starting information sent by the authentication server, generating a first random number; encrypting the first random number using an authentication server public key in the authentication server digital certificate, obtaining first encrypted data; performing hash transformation on the terminal identity and the first random number to obtain first hash data; generating the challenge ciphertext according to the first encrypted data and the first hash data; and determining the first time stamp, and sending the challenge ciphertext and the first time stamp to the authentication server.
In some embodiments of the present disclosure, the second authentication data includes a response cryptogram of the authentication server and a second timestamp; the response ciphertext of the authentication server comprises second encrypted data and second hash data; and the second encrypted data is obtained by encrypting a second random number by the authentication server by using a terminal public key in the terminal digital certificate, and the second hash data is obtained by performing hash transformation on the authentication server identity and the second random number, wherein the second random number is generated under the condition that the authentication server successfully authenticates the first authentication data.
In some embodiments of the present disclosure, the receiving second authentication data sent by the authentication server, and authenticating the second authentication data includes: receiving a response ciphertext of the authentication server and the second timestamp sent by the authentication server; verifying whether the second timestamp is valid; if the second timestamp is valid, decrypting the second encrypted data in the response ciphertext of the authentication server by using a terminal private key to obtain a second random number, and then performing hash transformation on the identity of the authentication server and the second random number to obtain authentication hash data; judging whether the obtained authentication hash data is consistent with the second hash data in the response ciphertext of the authentication server; and if the obtained authentication hash data is consistent with the second hash data, determining that the second authentication data is successfully authenticated.
In some embodiments of the present disclosure, the third authentication data includes a response ciphertext of the terminal and a third timestamp; wherein, if the authentication of the second authentication data is successful, generating third authentication data, and sending the third authentication data to the authentication server includes: if the second authentication data is successfully authenticated, generating a third random number; encrypting the third random number and the second random number by using an authentication server public key in the authentication server digital certificate to obtain third encrypted data; performing hash transformation on the terminal identity and the third random number to obtain third hash data; generating a response ciphertext of the terminal according to the third encrypted data and the third hash data; and determining the third timestamp, and sending a response ciphertext of the terminal and the third timestamp to the authentication server.
In some embodiments of the present disclosure, after receiving the identity authentication success information sent by the authentication server, the method further includes: and generating a communication key according to the random number generated by the terminal in the identity authentication process and the random number generated by the authentication server in the identity authentication process.
In some embodiments of the present disclosure, the method further comprises: if the authentication server fails to authenticate the first authentication data, or the authentication server fails to authenticate the third authentication data, receiving authentication failure information sent by the authentication server; and if the authentication of the second authentication data fails, sending authentication failure information to the authentication server.
According to yet another aspect of the present disclosure, there is provided an identity authentication method based on a challenge-response mechanism, the method being performed by an authentication server, including: receiving identity authentication request information sent by a terminal, and sending request response information to the terminal; receiving first authentication data sent by the terminal, and authenticating the first authentication data; if the first authentication data is successfully authenticated, generating second authentication data, and sending the second authentication data to the terminal; if the terminal successfully authenticates the second authentication data, third authentication data sent by the terminal are received, and the third authentication data are authenticated; and if the third authentication data is successfully authenticated, determining that the identity authentication is successful, and sending identity authentication success information to the terminal.
In some embodiments of the present disclosure, the identity authentication request information includes a terminal identity and a terminal digital certificate; the request response information comprises an authentication server identity mark, an authentication server digital certificate and identity authentication challenge starting information.
In some embodiments of the present disclosure, the first authentication data comprises a challenge cryptogram and a first timestamp; the challenge ciphertext comprises first encrypted data and first hash data; and the first encrypted data is obtained by the terminal encrypting a first random number by using an authentication server public key in the authentication server digital certificate, and the first hash data is obtained by the terminal performing hash transformation on the terminal identity identifier and the first random number, wherein the first random number is generated by the terminal after receiving identity authentication challenge start information sent by the authentication server.
In some embodiments of the present disclosure, the receiving first authentication data sent by the terminal, and authenticating the first authentication data include: receiving the challenge ciphertext and the first timestamp sent by the terminal; verifying whether the first timestamp is valid; if the first timestamp is valid, decrypting the first encrypted data in the challenge ciphertext by using a private key of an authentication server to obtain the first random number, and then performing hash transformation on the terminal identity and the first random number to obtain authentication hash data; judging whether the obtained authentication hash data is consistent with the first hash data in the challenge ciphertext; and if the obtained authentication hash data is consistent with the first hash data, determining that the first authentication data is successfully authenticated.
In some embodiments of the present disclosure, the second authentication data includes a response cryptogram of the authentication server and a second timestamp; if the authentication of the first authentication data is successful, generating second authentication data, and sending the second authentication data to the terminal, including: if the first authentication data is successfully authenticated, generating a second random number; encrypting the second random number by using a terminal public key in the terminal digital certificate to obtain second encrypted data; performing hash transformation on the authentication server identity and the second random number to obtain second hash data; generating a response ciphertext of the authentication server according to the second encrypted data and the second hash data; and determining the second time stamp, and sending a response ciphertext of the authentication server and the second time stamp to the terminal.
In some embodiments of the present disclosure, the third authentication data includes a response ciphertext of the terminal and a third timestamp; the response ciphertext of the terminal comprises third encrypted data and third hash data; and the third encrypted data is obtained by the terminal encrypting a third random number and a second random number by using an authentication server public key in the authentication server digital certificate, and the third hash data is obtained by the terminal performing hash transformation on the terminal identity and the third random number, wherein the third random number is generated under the condition that the terminal successfully authenticates the second authentication data, and the second random number is obtained by the terminal decrypting the second encrypted data in the second authentication data.
In some embodiments of the present disclosure, the receiving third authentication data sent by the terminal, and authenticating the third authentication data includes: receiving a response ciphertext and the third timestamp of the terminal, which are sent by the terminal; verifying whether the third timestamp is valid; if the third timestamp is valid, decrypting the third encrypted data in the response ciphertext of the terminal by using a private key of an authentication server to obtain a third random number and a second random number, and then performing hash transformation on the terminal identity and the third random number to obtain authentication hash data; judging whether the obtained authentication hash data is consistent with the third hash data in the response ciphertext of the terminal; and if the obtained authentication hash data is consistent with the third hash data, determining that the third authentication data is successfully authenticated.
In some embodiments of the present disclosure, after determining that the identity authentication is successful, the method further comprises: and generating a communication key according to the random number generated by the terminal in the identity authentication process and the random number generated by the authentication server in the identity authentication process.
In some embodiments of the present disclosure, the method further comprises: if the authentication on the first authentication data fails or the authentication on the third authentication data fails, authentication failure information is sent to the terminal; and if the terminal fails to authenticate the second authentication data, receiving authentication failure information sent by the terminal.
According to still another aspect of the present disclosure, there is provided a terminal including: the first information transceiver module is used for sending identity authentication request information to an authentication server and receiving request response information sent by the authentication server; the first authentication data generation module is used for generating first authentication data and sending the first authentication data to the authentication server; the first authentication module is used for receiving second authentication data sent by the authentication server and authenticating the second authentication data if the authentication server successfully authenticates the first authentication data; the first authentication data generation module is further configured to generate third authentication data if the second authentication data is successfully authenticated, and send the third authentication data to the authentication server; the first information transceiver module is further configured to receive identity authentication success information sent by the authentication server if the authentication server successfully authenticates the third authentication data.
In some embodiments of the present disclosure, the identity authentication request information includes a terminal identity identifier and a terminal digital certificate; the request response information comprises an authentication server identity mark, an authentication server digital certificate and identity authentication challenge starting information.
In some embodiments of the present disclosure, the first authentication data comprises a challenge cryptogram and a first timestamp; wherein the first authentication data generation module is further configured to: if receiving identity authentication challenge starting information sent by the authentication server, generating a first random number; encrypting the first random number by using an authentication server public key in the authentication server digital certificate to obtain first encrypted data; performing hash transformation on the terminal identity and the first random number to obtain first hash data; generating the challenge ciphertext according to the first encrypted data and the first hash data; and determining the first time stamp, and sending the challenge ciphertext and the first time stamp to the authentication server.
In some embodiments of the present disclosure, the second authentication data includes a response cryptogram of the authentication server and a second timestamp; the response ciphertext of the authentication server comprises second encrypted data and second hash data; and the second encrypted data is obtained by encrypting a second random number by the authentication server by using a terminal public key in the terminal digital certificate, and the second hash data is obtained by performing hash transformation on the authentication server identity and the second random number, wherein the second random number is generated under the condition that the authentication server successfully authenticates the first authentication data.
In some embodiments of the present disclosure, the first authentication module is further configured to: receiving a response ciphertext of the authentication server and the second timestamp sent by the authentication server; verifying whether the second timestamp is valid; if the second timestamp is valid, decrypting the second encrypted data in the response ciphertext of the authentication server by using a terminal private key to obtain a second random number, and then performing hash transformation on the identity of the authentication server and the second random number to obtain authentication hash data; judging whether the obtained authentication hash data is consistent with the second hash data in the response ciphertext of the authentication server; and if the obtained authentication hash data is consistent with the second hash data, determining that the second authentication data is successfully authenticated.
In some embodiments of the present disclosure, the third authentication data includes a response ciphertext of the terminal and a third timestamp; wherein the first authentication data generation module is further configured to: if the second authentication data is successfully authenticated, generating a third random number; encrypting the third random number and the second random number by using an authentication server public key in the authentication server digital certificate to obtain third encrypted data; performing hash transformation on the terminal identity and the third random number to obtain third hash data; generating a response ciphertext of the terminal according to the third encrypted data and the third hash data; and determining the third timestamp, and sending a response ciphertext of the terminal and the third timestamp to the authentication server.
In some embodiments of the present disclosure, the terminal further includes a first key generation module, configured to generate a communication key according to a random number generated by the terminal in an identity authentication process and a random number generated by the authentication server in an identity authentication process.
In some embodiments of the present disclosure, the first information transceiving module is further configured to: if the authentication server fails to authenticate the first authentication data, or the authentication server fails to authenticate the third authentication data, receiving authentication failure information sent by the authentication server; and if the second authentication data fails to be authenticated, sending authentication failure information to the authentication server.
According to still another aspect of the present disclosure, there is provided an authentication server including: the second information transceiver module is used for receiving identity authentication request information sent by a terminal and sending request response information to the terminal; the second authentication module is used for receiving first authentication data sent by the terminal and authenticating the first authentication data; the second authentication data generation module is used for generating second authentication data and sending the second authentication data to the terminal if the first authentication data is successfully authenticated; the second authentication module is further configured to receive third authentication data sent by the terminal and authenticate the third authentication data if the terminal successfully authenticates the second authentication data; and the second information transceiver module is further configured to determine that the identity authentication is successful if the third authentication data is successfully authenticated, and send identity authentication success information to the terminal.
In some embodiments of the present disclosure, the identity authentication request information includes a terminal identity and a terminal digital certificate; the request response information comprises an authentication server identity identification, an authentication server digital certificate and identity authentication challenge start information.
In some embodiments of the present disclosure, the first authentication data comprises a challenge cryptogram and a first timestamp; the challenge ciphertext comprises first encrypted data and first hash data; and the first encrypted data is obtained by the terminal encrypting a first random number by using an authentication server public key in the authentication server digital certificate, and the first hash data is obtained by the terminal performing hash transformation on the terminal identity identifier and the first random number, wherein the first random number is generated by the terminal after receiving identity authentication challenge start information sent by the authentication server.
In some embodiments of the present disclosure, the second authentication module is further configured to: receiving the challenge ciphertext and the first timestamp sent by the terminal; verifying whether the first timestamp is valid; if the first timestamp is valid, decrypting the first encrypted data in the challenge ciphertext by using a private key of an authentication server to obtain the first random number, and then performing hash transformation on the terminal identity and the first random number to obtain authentication hash data; judging whether the obtained authentication hash data is consistent with the first hash data in the challenge ciphertext; and if the obtained authentication hash data is consistent with the first hash data, determining that the first authentication data is successfully authenticated.
In some embodiments of the present disclosure, the second authentication data includes a response cryptogram of the authentication server and a second timestamp; wherein the second authentication data generation module is further configured to: if the first authentication data is successfully authenticated, generating a second random number; encrypting the second random number by using a terminal public key in the terminal digital certificate to obtain second encrypted data; performing hash transformation on the authentication server identity and the second random number to obtain second hash data; generating a response ciphertext of the authentication server according to the second encrypted data and the second hash data; and determining the second time stamp, and sending a response ciphertext of the authentication server and the second time stamp to the terminal.
In some embodiments of the present disclosure, the third authentication data includes a response ciphertext of the terminal and a third timestamp; the response ciphertext of the terminal comprises third encrypted data and third hash data; and the third encrypted data is obtained by the terminal encrypting a third random number and a second random number by using an authentication server public key in the authentication server digital certificate, the third hash data is obtained by the terminal performing hash transformation on the terminal identity and the third random number, the third random number is generated when the terminal successfully authenticates the second authentication data, and the second random number is obtained by decrypting, by the terminal, the second encrypted data in the second authentication data.
In some embodiments of the present disclosure, the second authentication module is further configured to: receiving a response ciphertext and the third timestamp of the terminal, which are sent by the terminal; verifying whether the third timestamp is valid; if the third timestamp is valid, decrypting the third encrypted data in the response ciphertext of the terminal by using a private key of an authentication server to obtain a third random number and a second random number, and then performing hash transformation on the terminal identity and the third random number to obtain authentication hash data; judging whether the obtained authentication hash data is consistent with the third hash data in the response ciphertext of the terminal; and if the obtained authentication hash data is consistent with the third hash data, determining that the third authentication data is successfully authenticated.
In some embodiments of the present disclosure, the authentication server further includes a second key generation module, configured to generate a communication key according to the random number generated by the terminal in the identity authentication process and the random number generated by the authentication server in the identity authentication process.
In some embodiments of the present disclosure, the second information transceiving module is further configured to: if the authentication on the first authentication data fails or the authentication on the third authentication data fails, sending authentication failure information to the terminal; and if the terminal fails to authenticate the second authentication data, receiving authentication failure information sent by the terminal.
According to yet another aspect of the present disclosure, there is provided an electronic device including: one or more processors; a storage device configured to store one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the method for identity authentication based on a challenge-response mechanism as described in the embodiments above.
According to yet another aspect of the present disclosure, there is provided a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the identity authentication method based on the challenge-response mechanism as described in the above embodiments.
In the identity authentication method based on the challenge response mechanism provided by the embodiment of the disclosure, the terminal sends identity authentication request information to the authentication server, so that the authentication server returns request response information to the terminal; if the terminal receives the request response information returned by the authentication server, the challenge is started, so that the terminal generates first authentication data and sends the first authentication data to the authentication server; the authentication server receives the first authentication data and authenticates the first authentication data, if the authentication server successfully authenticates the first authentication data, the authentication server successfully authenticates the identity of the terminal, and then the authentication server sends second authentication data to the terminal; the terminal receives the second authentication data and authenticates the second authentication data, if the terminal successfully authenticates the second authentication data, the identity authentication of the terminal to the authentication server is successful, and then the terminal generates third authentication data and sends the third authentication data to the authentication server; the authentication server receives the third authentication data and authenticates the third authentication data, if the authentication server successfully authenticates the third authentication data, the bidirectional identity authentication is successful, and the authentication server sends identity authentication success information to the terminal.
Therefore, according to the identity authentication method based on the challenge response mechanism provided by the embodiment of the disclosure, the authentication server authenticates the identity of the terminal through the first authentication data, the terminal authenticates the identity of the authentication server through the second authentication data, and the authentication server determines the authentication result of the terminal through the third authentication data, so that bidirectional identity authentication of the terminal and the authentication server can be realized, and the risk that a phishing website and other counterfeit servers attack and steal keys and data is reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure and are not to be construed as limiting the disclosure.
FIG. 1 is a flow chart of a prior identity authentication method based on a challenge-response mechanism;
FIG. 2 is a flow diagram illustrating a method of identity authentication based on a challenge-response mechanism in accordance with an exemplary embodiment;
FIG. 3 is a flowchart illustrating a terminal generating a challenge cryptogram in accordance with an example embodiment;
fig. 4 is a flow diagram illustrating authentication of second authentication data by a terminal in accordance with an example embodiment;
FIG. 5 is a flowchart illustrating a terminal generating a reply ciphertext in accordance with an example embodiment;
FIG. 6 is a flowchart illustrating a method of identity authentication based on a challenge-response mechanism, in accordance with yet another illustrative embodiment;
fig. 7 is a flow diagram illustrating an authentication server authenticating first authentication data in accordance with an example embodiment;
FIG. 8 is a flowchart illustrating an authentication server generating a response ciphertext in accordance with an illustrative embodiment;
fig. 9 is a flowchart illustrating an authentication server authenticating third authentication data according to an example embodiment;
fig. 10 is a diagram illustrating data interaction between a terminal and an authentication server according to an example embodiment;
fig. 11 is a schematic diagram of a structure of a terminal shown in accordance with an example embodiment;
FIG. 12 is a schematic diagram illustrating the structure of an authentication server in accordance with an illustrative embodiment;
fig. 13 is a block diagram illustrating the structure of an electronic device according to an example embodiment.
Detailed Description
In order to make the technical solution of the present disclosure better understood by those of ordinary skill in the art, reference will now be made to the drawings, the technical scheme in the embodiment of the disclosure is clearly and completely described.
It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in sequences other than those illustrated or otherwise described herein. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
It should be noted that the user information related to the present disclosure, including but not limited to user device information, user personal information, etc., is information authorized by the user or fully authorized by each party.
The method provided by the embodiment of the present disclosure may be executed by any type of electronic device, for example, an authentication server or a terminal, or an interaction between the authentication server and the terminal. The terminal and the authentication server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.
The authentication server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform, and the like.
The terminal may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like.
The challenge-response mechanism is a currently accepted reliable and effective authentication method. The identity authentication based on the challenge-response mechanism is that the authentication server sends different challenge strings to the terminal (namely, the client) during each authentication, and the terminal makes a corresponding response after receiving the challenge strings. Fig. 1 is a flowchart of a prior identity authentication method based on a challenge-response mechanism. As shown in fig. 1, the flow of the identity authentication method based on the challenge-response mechanism includes the following steps.
Step S101: the terminal sends an authentication request to an authentication server to request identity authentication, wherein the authentication request sent by the terminal comprises a terminal identity identifier and a user password s;
step S102: the authentication server verifies whether the user is a legal user according to the terminal identity;
step S103: if the terminal is verified to be a legal user, the terminal identity identification and the user password s are saved, and a random number R is generated;
step S104: the authentication server sends a random number R to the terminal, and the random number R is used as a question;
step S105: the terminal combines the user password s and the random number R and calculates a hash value H (s | | | R);
step S106: the terminal sends the terminal identity identification and the calculated hash value H (s | | | R) to the authentication server, and the hash value H (s | | | R) serves as a response;
step S107: the authentication server calculates a hash value H ' (s | | R), which is calculated according to a stored user password s and a random number R, and then compares the calculated hash value H ' (s | | R) with the received hash value H (s | | | R) to judge whether the calculated hash value H ' (s | | R) is the same or not, if so, the authentication is successful, otherwise, the authentication is failed;
step S108: the authentication server notifies the terminal of success or failure of authentication.
In step S103, fig. 1 shows a case where the terminal is authenticated as a valid user. If the authentication server verifies that the terminal is not a legitimate user, authentication failure may be returned to the terminal, or the authentication server does not do further processing.
Therefore, in the existing identity authentication method based on the challenge response mechanism, the authentication server performs identity authentication on the terminal, and identity authentication performed on the authentication server by the terminal is omitted, so that the terminal is easily attacked and stolen by counterfeit servers such as phishing websites and the like to steal keys and data. Moreover, the existing identity authentication method based on the challenge response mechanism has no mechanism for resisting replay attack and does not verify the reliability of the random number source in the verification process of the random number.
In order to solve the above problem, an embodiment of the present disclosure provides an identity authentication method, a terminal, an authentication server, an electronic device, and a computer-readable storage medium based on a challenge-response mechanism, which are capable of performing bidirectional identity authentication on the terminal and the authentication server. Fig. 2 is a flowchart illustrating a method of identity authentication based on a challenge-response mechanism, according to an example embodiment. The identity authentication method based on the challenge-response mechanism provided by the embodiment of fig. 2 may be executed by the terminal. As shown in fig. 2, the identity authentication method based on the challenge-response mechanism specifically includes the following steps S201 to S205.
Step S201: sending identity authentication request information to an authentication server, and receiving request response information sent by the authentication server;
step S202: generating first authentication data and sending the first authentication data to an authentication server;
step S203: if the authentication server successfully authenticates the first authentication data, receiving second authentication data sent by the authentication server, and authenticating the second authentication data;
step S204: if the second authentication data is successfully authenticated, generating third authentication data and sending the third authentication data to the authentication server;
step S205: and if the authentication server successfully authenticates the third authentication data, receiving identity authentication success information sent by the authentication server.
In steps S201 to S205, the terminal sends identity authentication request information to the authentication server, so that the authentication server returns request response information to the terminal; if the terminal receives the request response information returned by the authentication server, the challenge is started, so that the terminal generates first authentication data and sends the first authentication data to the authentication server; the authentication server receives the first authentication data and authenticates the first authentication data, if the authentication server successfully authenticates the first authentication data, the authentication server successfully authenticates the identity of the terminal, and then the authentication server sends second authentication data to the terminal; the terminal receives the second authentication data and authenticates the second authentication data, if the terminal successfully authenticates the second authentication data, the terminal indicates that the terminal successfully authenticates the identity of the authentication server, and then the terminal generates third authentication data and sends the third authentication data to the authentication server; the authentication server receives the third authentication data and authenticates the third authentication data, if the authentication server successfully authenticates the third authentication data, the bidirectional identity authentication is successful, and the authentication server sends identity authentication success information to the terminal.
In some embodiments of the present disclosure, the method may further comprise: if the authentication server fails to authenticate the first authentication data, or the authentication server fails to authenticate the third authentication data, receiving authentication failure information sent by the authentication server; and if the authentication of the second authentication data fails, sending authentication failure information to the authentication server. That is, if the first authentication data, the second authentication data and the third authentication data are successfully authenticated, the bidirectional identity authentication between the terminal and the authentication server is successful; otherwise, the authentication is failed.
Therefore, according to the identity authentication method based on the challenge response mechanism provided by the embodiment of the disclosure, the authentication server authenticates the identity of the terminal through the first authentication data, the terminal authenticates the identity of the authentication server through the second authentication data, and the authentication server determines the authentication result of the terminal through the third authentication data, so that bidirectional identity authentication of the terminal and the authentication server can be realized, and the risk that a phishing website and other counterfeit servers attack and steal keys and data is reduced.
The following describes a specific implementation manner of each method step of the identity authentication method based on the challenge-response mechanism executed by the terminal in detail.
In step S201, identity authentication request information is sent to the authentication server, and request response information sent by the authentication server is received.
The identity authentication request information comprises a terminal identity identifier and a terminal digital certificate. And the request response information comprises an authentication server identity mark, an authentication server digital certificate and identity authentication challenge starting information.
The challenge-response mechanism is an authentication protocol for verifying an identity through information interaction between a verifier and a verifier on the premise that the verifier and the verifier share the same encryption algorithm. The identity request information sent by the terminal to the authentication server comprises a terminal identity identification ID c And terminal digital certificate Cert c . Wherein, the terminal identity ID c Is a unique identification for representing the terminal. The authentication server receives a terminal identity ID sent by a terminal c Then, the ID can be identified to the terminal c And identifying and then adding the identification into an authentication list so as to facilitate the subsequent processing of the terminal identity. Terminal digital certificate Cert c Including the terminal public key K c . The terminal sends the terminal digital certificate Cert c Sending to the authentication server so that the authentication server can use the terminal digital certificate Cert c Terminal public key K in c Encrypt the data, then return to the terminal, which can then benefitUsing the terminal private key K c ' proceed to decryption.
After the authentication server receives the identity authentication request information sent by the terminal, the identity identification ID of the terminal can be stored c And terminal digital certificate Cert c Then returns the ID of the authentication server to the terminal s And authenticating the digital certificate Cert of the server s And authentication challenge start information. Wherein, the identity ID of the authentication server s For the purpose of representing a unique identity of the authentication server, the authentication server digital certificate Cert s Including the authentication server public key K s . Authenticating a server digital certificate Cert s Sent to the terminal so that the terminal can use the authentication server digital certificate Cert s Authentication server public key K in s Encrypt the data and return it to the authentication server, which may then use the authentication server private key K s ' proceed to decryption. In addition, the identity authentication challenge start information is used for indicating the start of the challenge, and the terminal can start the challenge after receiving the challenge start information.
In the embodiment of the disclosure, the terminal sends the terminal identity to the authentication server so that the subsequent authentication server can perform identity authentication on the terminal according to the terminal identity, and the authentication server sends the authentication server identity to the terminal so that the subsequent terminal can perform identity authentication on the authentication server according to the authentication server identity; the terminal and the authentication server obtain a public key through exchanging digital certificates of both sides, and encrypt data by the public key of the other side, so that the risk of intercepting the data is reduced; also, the authentication server sends authentication challenge start information to the terminal to inform the terminal to start a challenge.
In step S202, first authentication data is generated and transmitted to the authentication server. Wherein the first authentication data includes a challenge cryptogram and a first timestamp.
If the terminal receives the identity authentication challenge start information sent by the authentication server, the terminal can generate first authentication data and send the first authentication data to the authentication server. The first authentication data is used for authenticating the identity of the terminal by the authentication server. The first authentication data includes a challenge cryptogram and a first timestamp. Fig. 3 is a flowchart illustrating a terminal generating a challenge cryptogram according to an example embodiment. As shown in fig. 3, the process of generating the challenge cryptogram by the terminal includes the following steps.
Step S301: if identity authentication challenge starting information sent by an authentication server is received, generating a first random number;
step S302: encrypting a first random number by using an authentication server public key in an authentication server digital certificate to obtain first encrypted data;
step S303: performing hash transformation on the terminal identity and the first random number to obtain first hash data;
step S304: and generating a challenge ciphertext according to the first encrypted data and the first hash data.
After receiving identity authentication challenge start information sent by an authentication server, a terminal generates a first random number R a From the authentication server digital certificate Cert s To obtain the public key K of the authentication server s Then using the obtained authentication server public key K s Encrypting the first random number R a Obtaining first encrypted data E Ks (R a ). The terminal can also identify ID to the terminal c And a first random number R a Performing hash transformation to obtain first hash data H (ID) c ||R a ). Finally, the first encrypted data E Ks (R a ) And first hash data H (ID) c ||R a ) Splicing to obtain a challenge ciphertext m 1
In the embodiment of the disclosure, the terminal encrypts the first random number by using the public key of the authentication server to obtain the first encrypted data, performs hash transformation by using the terminal identity and the first random number to obtain the first hash data, and finally obtains the challenge ciphertext according to the first encrypted data and the first hash data and transmits the challenge ciphertext, so that the risk that the first random number is intercepted in channel transmission is reduced.
Terminal generation challenge ciphertext m 1 Thereafter, the challenge ciphertext m may be combined 1 And the first time stamp is sent to the certificateThe server, the first time stamp can send the challenge cryptogram m to the authentication server for the terminal 1 Or the terminal may generate the challenge ciphertext m 1 Time of (d). In addition, in order to avoid session collision, the terminal may also transmit a session identification ID to the authentication server. The session identifier ID is a unique identifier of a session between the terminal and the authentication server, and may be understood as a read-only value of the terminal currently accessing the authentication server.
In the embodiment of the disclosure, the terminal sends the challenge ciphertext, the first timestamp and the session identifier to the authentication server, can resist replay attack by adding the timestamp element, and can avoid session conflict by adding the session identifier.
In step S203, if the authentication server successfully authenticates the first authentication data, the authentication server receives the second authentication data transmitted by the authentication server, and authenticates the second authentication data.
After the terminal sends the first authentication data to the authentication server, if the authentication server successfully authenticates the first authentication data, the authentication server successfully authenticates the identity of the terminal, and can generate second authentication data and send the second authentication data to the terminal. After receiving the second authentication data sent by the authentication server, the terminal may authenticate the second authentication data.
The second authentication data comprise a response ciphertext of the authentication server and a second timestamp, and the response ciphertext of the authentication server comprises second encrypted data and second hash data. And the second encrypted data is obtained by the authentication server by encrypting a second random number by using the terminal public key in the terminal digital certificate, the second hash data is obtained by the authentication server by performing hash transformation on the second random number and the authentication server identity, and the second random number is generated under the condition that the authentication server successfully authenticates the first authentication data.
That is, the authentication server successfully authenticates the first authentication data and then generates the second random number R b From the terminal digital certificate Cert c Get the terminal public key K c Then using the obtained terminal public key K c Encrypting the second random number R b Obtaining second encrypted data E Kc (R b ). The terminal can also identify ID to the authentication server s And a second random number R b Performing hash transformation to obtain second hash data H (ID) s ||R b ). Finally, the second encrypted data E Kc (R b ) And second hash data H (ID) s ||R b ) Splicing to obtain the response ciphertext m of the authentication server 2 . The authentication server may generate a response ciphertext m 2 And a second time stamp is sent to the terminal, wherein the second time stamp can be used for sending a response ciphertext m to the terminal for the authentication server 2 The authentication server may generate the response ciphertext m 2 Time of (d). In addition, in order to avoid session collision, the authentication server may also transmit a session identification ID to the terminal.
The terminal receives the second authentication data sent by the authentication server, and can authenticate the second authentication data, that is, the terminal can authenticate the second timestamp in the second authentication data and the response ciphertext of the authentication server. Fig. 4 is a flow diagram illustrating authentication of second authentication data by a terminal according to an example embodiment. As shown in fig. 4, the process of authenticating the second authentication data by the terminal includes the following steps.
Step S401: verifying whether the second timestamp is valid, if so, executing step S402, otherwise, executing step S406;
step S402: decrypting second encrypted data in the response ciphertext of the authentication server by using the terminal private key to obtain a second random number;
step S403: performing hash transformation on the second random number and the authentication server identity to obtain authentication hash data;
step S404: judging whether the obtained authentication hash data is consistent with second hash data in a response ciphertext of the authentication server, if so, executing a step S405, and if not, executing a step S406;
step S405: determining that the second authentication data is successfully authenticated;
step S406: it is determined that authentication fails for the second authentication data.
Specifically, the terminal first verifies whether the second timestamp is valid. If the second timestamp is invalid, it is determined that the authentication fails for the second authentication data, and the terminal may transmit authentication failure information to the authentication server. If the second timestamp is valid, the terminal can use the terminal private key K c ' second encryption data E in response ciphertext to authentication server Kc (R b ) Decrypting to obtain a second random number R b Then using the authentication server ID s And a second random number R b Performing hash transformation to obtain authentication hash data H' (ID) s ||R b ). It should be noted that the authentication server identity used by the terminal for performing hash transformation is included in the request response information sent by the authentication server to the terminal, that is, the authentication server identity is stored by the terminal; and the second random number used by the terminal for carrying out the hash transformation is obtained by decrypting the second encrypted data in the second authentication data by the terminal. Next, the terminal determines authentication hash data H' (ID) obtained by itself s ||R b ) And second hash data H (ID) in the second authentication data transmitted from the authentication server s ||R b ) And (4) whether the two are consistent. If so, it is determined that the authentication of the second authentication data is successful. If not, the authentication of the second authentication data is determined to be failed, and then the terminal returns authentication failure information to the authentication server.
In the embodiment of the disclosure, the terminal may perform hash transformation by using the stored authentication server identity and the decrypted second random number, and then compare the obtained authentication hash data with the second hash data sent by the authentication server, thereby ensuring the authenticity of the ciphertext source. In addition, in the authentication process of the second authentication data, the terminal can verify the validity of the second time stamp, so that the time stamp is added in the authentication process to resist against replay attack.
In step S204, if the second authentication data is successfully authenticated, third authentication data is generated and transmitted to the authentication server. And the third authentication data comprises a response ciphertext of the terminal and a third time stamp.
If the terminal successfully authenticates the second authentication data sent by the authentication server, the terminal may generate third authentication data and send the third authentication data to the authentication server. The third authentication data is used for the authentication server to determine whether the bidirectional identity authentication is successful. The third authentication data includes a response ciphertext of the terminal and a third timestamp. Fig. 5 is a flowchart illustrating a terminal generating a reply ciphertext in accordance with an example embodiment. As shown in fig. 5, the process of generating the response ciphertext by the terminal includes the following steps.
Step S501: if the second authentication data is successfully authenticated, generating a third random number;
step S502: encrypting the third random number and the second random number by using an authentication server public key in the authentication server digital certificate to obtain third encrypted data;
step S503: carrying out Hash transformation on the terminal identity identification and the third random number to obtain third Hash data;
step S504: and generating a response ciphertext of the terminal according to the third encrypted data and the third hash data.
If the terminal successfully authenticates the second authentication data sent by the authentication server, the terminal generates a third random number R c From the authentication server digital certificate Cert s Get authentication server public key K s Then using the obtained authentication server public key K s Encrypting the third random number R c And a second random number R b To obtain third encrypted data E Ks (R c ||R b ). The terminal can also identify ID to the terminal c And a third random number R c Performing hash transformation to obtain third hash data H (ID) c ||R c ). Finally, the third encrypted data E Ks (R c ||R b ) And third hash data H (ID) c ||R c ) Splicing to obtain a response ciphertext m 3
In the embodiment of the disclosure, the terminal encrypts the third random number and the second random number by using the public key of the authentication server to obtain third encrypted data, performs hash transformation by using the terminal identity and the third random number to obtain third hash data, and finally obtains a challenge ciphertext according to the third encrypted data and the third hash data and transmits the challenge ciphertext, so that the risk of intercepting the third random number in channel transmission is reduced. In addition, in the embodiment of the present disclosure, the terminal encrypts the third random number generated at random and the second random number obtained by decrypting the second encrypted data sent by the authentication server, so as to further reduce the risk of intercepting the third random number in channel transmission.
Terminal generation response ciphertext m 3 The reply ciphertext m may then be transmitted 3 And sending a third time stamp to the authentication server, wherein the third time stamp can be used for sending a response ciphertext m to the authentication server by the terminal 3 The time of (3) may be a time when the terminal generates the response ciphertext m 3 Time of (d). In addition, in order to avoid session collision, the terminal may also transmit a session identification ID to the authentication server.
In the embodiment of the disclosure, the terminal sends the response ciphertext, the third timestamp and the session identifier to the authentication server, can resist replay attack by adding the timestamp element, and can avoid session conflict by adding the session identifier.
In step S205, if the authentication server successfully authenticates the third authentication data, the authentication server receives identity authentication success information sent by the authentication server.
After the terminal sends the third authentication data to the authentication server, if the authentication server successfully authenticates the third authentication data, the bidirectional identity authentication is successful, and the authentication server can send identity authentication success information to the terminal, that is, the terminal can receive the identity authentication success information sent by the authentication server.
In some embodiments of the present disclosure, after receiving the identity authentication success information sent by the authentication server, the method may further include: and generating a communication key according to the random number generated by the terminal in the identity authentication process and the random number generated by the authentication server in the identity authentication process.
If the terminal receives the identity authentication success information sent by the authentication server, the terminal can generate a communication key according to the random number obtained in the identity authentication process. Specifically, the terminal may generate the communication key based on the first random number generated by the terminal itself, the third random number, and a second random number obtained by decrypting second encrypted data in second authentication data transmitted by the authentication server.
In the embodiment of the present disclosure, after it is determined that the identity authentication is successful, the terminal may generate the communication key according to the random number generated in the authentication process, and may complete key exchange in the authentication process. And the communication key is obtained by calculating the random numbers generated by the terminal and the authentication server in the authentication process, and is not required to be transmitted on a channel, so that the safety of the communication key is improved. In addition, the terminal and the authentication server can calculate the communication key by using the random number every time of verification, so that the uniqueness of the communication key is ensured.
Based on the same inventive concept, the embodiment of the present disclosure provides an identity authentication method based on a challenge-response mechanism, which can be applied to an authentication server. Fig. 6 is a flowchart illustrating a method of identity authentication based on a challenge-response mechanism, according to yet another exemplary embodiment. The identity authentication method based on the challenge-response mechanism provided by the embodiment of fig. 6 may be executed by an authentication server. As shown in fig. 6, the identity authentication method based on the challenge-response mechanism specifically includes the following steps S601 to S605.
Step S601: receiving identity authentication request information sent by a terminal, and sending request response information to the terminal;
step S602: receiving first authentication data sent by a terminal, and authenticating the first authentication data;
step S603: if the first authentication data is successfully authenticated, generating second authentication data, and sending the second authentication data to the terminal;
step S604: if the terminal successfully authenticates the second authentication data, third authentication data sent by the terminal are received, and the third authentication data are authenticated;
step S605: and if the third authentication data is successfully authenticated, determining that the identity authentication is successful, and sending identity authentication success information to the terminal.
In steps S601 to S605, after receiving the identity authentication request message sent by the terminal, the authentication server returns a request response message to the terminal; if the terminal receives the request response information returned by the authentication server, the challenge is started, so that the terminal generates first authentication data and sends the first authentication data to the authentication server; the authentication server receives the first authentication data and authenticates the first authentication data, if the authentication server successfully authenticates the first authentication data, the authentication server successfully authenticates the identity of the terminal, and then the authentication server sends second authentication data to the terminal; the terminal receives the second authentication data and authenticates the second authentication data, if the terminal successfully authenticates the second authentication data, the terminal indicates that the terminal successfully authenticates the identity of the authentication server, and then the terminal generates third authentication data and sends the third authentication data to the authentication server; the authentication server receives the third authentication data and authenticates the third authentication data, if the authentication server successfully authenticates the third authentication data, the bidirectional identity authentication is successful, and the authentication server sends identity authentication success information to the terminal.
In some embodiments of the present disclosure, the method may further comprise: if the authentication on the first authentication data fails or the authentication on the third authentication data fails, sending authentication failure information to the terminal; and if the terminal fails to authenticate the second authentication data, receiving authentication failure information sent by the terminal. That is, if the first authentication data, the second authentication data and the third authentication data are successfully authenticated, the bidirectional identity authentication between the terminal and the authentication server is successful; otherwise, the authentication is failed.
Therefore, according to the identity authentication method based on the challenge response mechanism provided by the embodiment of the disclosure, the authentication server authenticates the identity of the terminal through the first authentication data, the terminal authenticates the identity of the authentication server through the second authentication data, and the authentication server determines the authentication result of the terminal through the third authentication data, so that bidirectional identity authentication of the terminal and the authentication server can be realized, and the risk that a phishing website and other counterfeit servers attack and steal keys and data is reduced.
The following describes a specific implementation manner of each method step of the identity authentication method based on the challenge-response mechanism executed by the authentication server in detail.
In step S601, the identity authentication request information sent by the terminal is received, and request response information is sent to the terminal.
The identity authentication request information comprises a terminal identity identifier and a terminal digital certificate. The request response information comprises an authentication server identity, an authentication server digital certificate and identity authentication challenge start information. The terminal identity identifier, the terminal digital certificate, the authentication server identity identifier, the authentication server digital certificate, and the identity authentication challenge start information have already been described in detail in step S201, and are not described herein again.
In step S602, the first authentication data transmitted by the terminal is received, and the first authentication data is authenticated.
Wherein the first authentication data comprises a challenge ciphertext and a first timestamp; the challenge cryptogram includes first encrypted data and first hash data. And the first encrypted data is obtained by encrypting a first random number by the terminal by using an authentication server public key in an authentication server digital certificate, the first hash data is obtained by carrying out hash transformation on the terminal identity identification and the first random number, and the first random number is generated by the terminal after receiving identity authentication challenge starting information sent by the authentication server.
That is, after receiving the authentication challenge start information sent by the authentication server, the terminal generates the first random number R a From the authentication server digital certificate Cert s Get authentication server public key K s Then using the obtained authentication server public key K s Encrypting the first random number R a Obtaining first encrypted data E Ks (R a ). The terminal can also identify ID to the terminal c And a first random number R a Performing hash transformation to obtain first hash data H (ID) c ||R a ). Finally, the first encrypted data E Ks (R a ) And first hash data H (ID) c ||R a ) Splicing to obtain a challenge ciphertext m 1 . Terminal generation challenge ciphertextm 1 Thereafter, the challenge ciphertext m may be combined 1 And sending a first time stamp to the authentication server, wherein the first time stamp can be used for sending a challenge ciphertext m to the authentication server for the terminal 1 Or the terminal may generate the challenge ciphertext m 1 Time of (d). In addition, in order to avoid session collision, the terminal may also transmit a session identification ID to the authentication server.
The authentication server receives the first authentication data sent by the terminal, and can authenticate the first authentication data, that is, the authentication server can authenticate the first timestamp and the challenge ciphertext in the first authentication data. Fig. 7 is a flow diagram illustrating an authentication server authenticating first authentication data according to an example embodiment. As shown in fig. 7, the flow of authenticating the first authentication data by the authentication server includes the following steps.
Step S701: verifying whether the first timestamp is valid, if so, executing a step S702, and if not, executing a step S706;
step S702: decrypting the first encrypted data in the challenge ciphertext by using a private key of the authentication server to obtain a first random number;
step S703: carrying out Hash transformation on the terminal identity identification and the first random number to obtain authentication Hash data;
step S704: judging whether the obtained authentication hash data is consistent with the first hash data in the challenge ciphertext, if so, executing a step S705, and if not, executing a step S706;
step S705: determining that the first authentication data is successfully authenticated;
step S706: it is determined that authentication fails with the first authentication data.
Specifically, the authentication server first verifies whether the first timestamp is valid. If the first timestamp is invalid, it is determined that the authentication fails for the first authentication data, and the authentication server may transmit authentication failure information to the terminal. If the first timestamp is valid, the authentication server may use the authentication server private key K s ' Pair challenge ciphertext m 1 First encryption data E in (1) Ks (R a ) Decrypting to obtain a first random number R a Then using the terminal ID c And a first random number R a Performing hash conversion to obtain authentication hash data H' (ID) c ||R a ). It should be noted that the terminal identity used by the authentication server for performing hash transformation is included in the identity authentication request information sent by the terminal to the authentication server, that is, the terminal identity is stored by the authentication server; and the first random number used for carrying out the hash transformation by the authentication server is obtained by decrypting the first encrypted data in the first authentication data by the authentication server. Then, the authentication server determines authentication hash data H' (ID) obtained by itself c ||R a ) And first hash data H (ID) in the first authentication data transmitted by the terminal c ||R a ) Whether they are consistent. If so, it is determined that the authentication of the first authentication data is successful. If not, the authentication server determines that the authentication of the first authentication data fails, and then returns authentication failure information to the terminal.
In the embodiment of the disclosure, the authentication server may perform hash transformation using the stored terminal identity and the decrypted first random number, and then compare the obtained authentication hash data with the first hash data sent by the terminal, thereby ensuring the authenticity of the ciphertext source. In addition, in the authentication process of the first authentication data, the authentication server can verify the validity of the first time stamp, so that the time stamp is added in the authentication process to resist against replay attack.
In step S603, if the first authentication data is successfully authenticated, second authentication data is generated and transmitted to the terminal. Wherein the second authentication data includes a response ciphertext of the authentication server and the second timestamp.
If the authentication server successfully authenticates the first authentication data, the authentication server may generate second authentication data and transmit the second authentication data to the terminal. The second authentication data is used for the terminal to authenticate the identity of the authentication server. The second authentication data includes a response cryptogram of the authentication server and a second time stamp. Fig. 8 is a flow diagram illustrating an authentication server generating a response ciphertext in accordance with an example embodiment. As shown in fig. 8, the flow of the authentication server generating the response ciphertext includes the following steps.
Step S801: if the first authentication data is successfully authenticated, generating a second random number;
step S802: encrypting the second random number by using a terminal public key in the terminal digital certificate to obtain second encrypted data;
step S803: performing hash transformation on the authentication server identity and the second random number to obtain second hash data;
step S804: and generating a response ciphertext of the authentication server according to the second encrypted data and the second hash data.
After the authentication server successfully authenticates the first authentication data, a second random number R is generated b From the terminal digital certificate Cert c To obtain the terminal public key K c Then using the obtained terminal public key K c Encrypting the second random number R b Obtaining second encrypted data E Kc (R b ). The terminal can also identify ID to the authentication server s And a second random number R b Performing hash transformation to obtain second hash data H (ID) s ||R b ). Finally, the second encrypted data E Kc (R b ) And second hash data H (ID) s ||R b ) Splicing to obtain the response ciphertext m of the authentication server 2 . The authentication server may generate a response ciphertext m 2 And a second time stamp is sent to the terminal, wherein the second time stamp can be used for sending a response ciphertext m to the terminal for the authentication server 2 The authentication server may generate the response ciphertext m 2 Time of (d). In addition, in order to avoid session collision, the authentication server may also transmit a session identification ID to the terminal.
In the embodiment of the disclosure, the authentication server encrypts the second random number by using the terminal public key to obtain the second encrypted data, performs hash transformation by using the authentication server identity and the second random number to obtain the second hash data, and finally obtains the response ciphertext according to the second encrypted data and the second hash data and transmits the response ciphertext, so that the risk that the second random number is intercepted in channel transmission is reduced. And the authentication server sends the response ciphertext, the second timestamp and the session identifier to the terminal, so that replay attack resistance can be resisted by adding a timestamp element, and session conflict can be avoided by adding the session identifier.
In step S604, if the terminal successfully authenticates the second authentication data, the terminal receives third authentication data transmitted from the terminal, and authenticates the third authentication data.
After the authentication server sends the second authentication data to the terminal, if the authentication of the terminal on the second authentication data is successful, the authentication of the terminal on the authentication server is successful, and third authentication data can be generated and sent to the authentication server. After receiving the third authentication data sent by the terminal, the authentication server may authenticate the third authentication data.
The third authentication data comprise a response ciphertext of the terminal and a third timestamp; the response ciphertext of the terminal comprises third encrypted data and third hash data; and the third encrypted data is obtained by the terminal encrypting a third random number and a second random number by using the public key of the authentication server in the digital certificate of the authentication server, the third hash data is obtained by the terminal performing hash transformation on the third random number and the terminal identity, the third random number is generated under the condition that the terminal successfully authenticates the second authentication data, and the second random number is obtained by the terminal decrypting the second encrypted data in the second authentication data.
That is, if the terminal successfully authenticates the second authentication data transmitted from the authentication server, the terminal generates the third random number R c From the authentication server digital certificate Cert s Get authentication server public key K s Then using the obtained authentication server public key K s Encrypting the third random number R c And a second random number R b To obtain third encrypted data E Ks (R c ||R b ). The terminal can also identify ID to the terminal c And a third random number R c Performing hash transformation to obtain third hash data H (ID) c ||R c ). Finally, the third encrypted data E Ks (R c ||R b ) And third hash data H (ID) c ||R c ) Splicing to obtain a response ciphertext m 3 . Terminal generation response ciphertext m 3 Thereafter, the response ciphertext m may be transmitted 3 And sending a third time stamp to the authentication server, wherein the third time stamp can be used for sending a response ciphertext m to the authentication server by the terminal 3 The time of (2) may be the time when the terminal generates the response ciphertext m 3 Time of (d). In addition, in order to avoid session collision, the terminal may also transmit a session identification ID to the authentication server.
The authentication server receives the third authentication data sent by the terminal, and can authenticate the third authentication data, that is, the authentication server can authenticate the third timestamp and the response ciphertext in the third authentication data. Fig. 9 is a flowchart illustrating an authentication server authenticating third authentication data according to an example embodiment. As shown in fig. 9, the flow of the authentication server authenticating the third authentication data includes the following steps.
Step S901: verifying whether the third timestamp is valid, if so, executing step S902, and if not, executing step S906;
step S902: decrypting third encrypted data in the response ciphertext of the terminal by using a private key of the authentication server to obtain a third random number and a second random number;
step S903: carrying out hash transformation on the terminal identity identification and the third random number to obtain authentication hash data;
step S904: judging whether the obtained authentication hash data is consistent with third hash data in a response ciphertext of the terminal, if so, executing step S905, and if not, executing step S906;
step S905: determining that the authentication of the third authentication data is successful;
step S906: it is determined that the authentication fails for the third authentication data.
In particular, the method comprises the following steps of, the authentication server first verifies whether the third timestamp is valid. If the third timestamp is invalid, it is determined that the authentication fails for the third authentication data, and the authentication server may transmit authentication failure information to the terminal. If the third timestamp is validThe authentication server may then use the authentication server private key K s ' reply to terminal ciphertext m 3 Third encrypted data E in (1) Ks (R c ||R b ) Decrypting to obtain a third random number R c And a second random number R b Then using the terminal ID c And a third random number R c Performing hash conversion to obtain authentication hash data H' (ID) c ||R c ). It should be noted that the terminal identity identifier used by the authentication server to perform hash transformation is included in the identity authentication request information sent by the terminal to the authentication server, that is, the terminal identity identifier is stored by the authentication server; and the third random number used by the authentication server for carrying out the hash transformation is obtained by decrypting the third encrypted data in the third authentication data by the authentication server. Then, the authentication server determines authentication hash data H' (ID) obtained by itself c ||R c ) And third hash data H (ID) in third authentication data transmitted by the terminal c ||R c ) Whether they are consistent. If so, it is determined that the authentication is successful for the third authentication data. If not, the authentication server determines that the authentication of the third authentication data fails, and then returns authentication failure information to the terminal.
In the embodiment of the present disclosure, the authentication server may perform hash transformation using the stored terminal identity and the third random number obtained by decryption, and then compare the obtained authentication hash data with the third hash data sent by the terminal, which can ensure the authenticity of the ciphertext source. In addition, in the authentication process of the third authentication data, the authentication server can verify the validity of the third timestamp, so that the timestamp is added in the authentication process to resist against replay attack.
In step S605, if the third authentication data is successfully authenticated, it is determined that the identity authentication is successful, and identity authentication success information is sent to the terminal.
If the authentication server successfully authenticates the third authentication data, the bidirectional identity authentication is successful, and the authentication server can send identity authentication success information to the terminal, namely the terminal can receive the identity authentication success information sent by the authentication server.
In some embodiments of the present disclosure, after receiving the identity authentication success information sent by the authentication server, the method may further include: and generating a communication key according to the random number generated by the terminal in the identity authentication process and the random number generated by the authentication server in the identity authentication process.
If the authentication server determines that the identity authentication is successful, the authentication server may generate a communication key according to the random number obtained in the identity authentication process. Specifically, the authentication server may generate the communication key based on the second random number generated by the authentication server itself, the first random number obtained by decrypting the first encrypted data in the first authentication data transmitted by the terminal, and the third random number obtained by decrypting the third encrypted data in the third authentication data transmitted by the terminal.
In the embodiment of the present disclosure, after it is determined that the identity authentication is successful, the authentication server may generate the communication key according to the random number generated in the authentication process, and may complete key exchange in the authentication process. And the communication key is obtained by calculating the random numbers generated by the terminal and the authentication server in the authentication process, and is not required to be transmitted on a channel, so that the safety of the communication key is improved. In addition, the terminal and the authentication server can calculate the communication key by using the random number every time of verification, so that the uniqueness of the communication key is ensured.
The following describes an identity authentication method based on a challenge-response mechanism provided in the embodiments of the present disclosure by referring to specific embodiments. Fig. 10 is a diagram illustrating data interaction between a terminal and an authentication server according to an example embodiment. As shown in fig. 10, the data interaction process between the terminal and the authentication server may include the following steps.
Step S1001: the terminal sends an identity authentication request and identifies the identity ID of the terminal c And terminal digital certificate Cert c And sending the information to an authentication server.
Step S1002: the authentication server receives the terminal identity ID c Then adding the authentication information to an authentication list;
step S1003: the authentication server returning itself to the terminalIdentity ID s Digital certificate Cert s And identity authentication challenge start information;
step S1004: after receiving the challenge start information, the terminal generates a first random number R a From the authentication server digital certificate Cert s Get authentication server public key K s To encrypt the random number R a To obtain E Ks (R a ) And identify the terminal ID c And a first random number R a Hash transform to obtain H (ID) c ||R a ) Splicing E Ks (R a ) And H (ID) c ||R a ) Generating challenge ciphertext m 1
Step S1005: terminal will m 1 The first timestamp and the session ID are sent to an authentication server;
step S1006: the authentication server verifies the first timestamp and the challenge cryptogram m 1 (ii) a Valid at first timestamp and challenge ciphertext m 1 In case of passing the check, a second random number R is generated b Using the terminal public key K c To encrypt the random number R b To obtain E Kc (R b ) And identify the authentication server ID s And a random number R b Hash transform to H (ID) s ||R b ) By E Kc (R b ) And H (ID) s ||R b ) Generating a response ciphertext m 2
Wherein the first time stamp and the challenge ciphertext m are checked 1 The specific implementation of the method is as follows: the authentication server checks whether the first timestamp is valid, and if the first timestamp is invalid, authentication failure information is returned; if valid, first use its own private key K s ' decryption yields a random number R a Reuse the random number R a And a stored terminal identity ID c Performing hash conversion, and mixing the hash conversion result with H (ID) transmitted from the terminal c ||R a ) Comparing, and if the authentication information is inconsistent, returning authentication failure information; if so, determining the challenge ciphertext m 1 The verification is passed;
step S1007: the authentication server sends m 2 The second timestamp and the session ID are sent to the terminal;
step S1008: the terminal checks the second timestamp and the reply ciphertext m 2 (ii) a Valid at the second timestamp and response ciphertext m 2 In case of passing the check, a third random number R is generated c Using authentication server public key K s To encrypt the random number R c And R b To obtain E Ks (R c ||R b ) And identify the terminal ID c And a random number R c Hash transform to obtain H (ID) c ||R c ) By E Ks (R c ||R b ) And H (ID) c ||R c ) Generating a response ciphertext m 3
Wherein the second time stamp and the response ciphertext m are checked 2 The specific implementation of the method is as follows: the terminal firstly checks whether the second timestamp is valid, and if the second timestamp is invalid, authentication failure information is returned; if valid, first use its own private key K c ' decryption yields a random number R b Reuse the random number R b And authentication server identity ID s Performing hash conversion, and transmitting the hash conversion result and H (ID) from the authentication server s ||R b ) Comparing, and if the authentication information is inconsistent, returning authentication failure information; if they are consistent, the response cipher text m is determined 2 The verification is passed;
step S1009: terminal will m 3 The third timestamp and the session ID are sent to an authentication server;
step S1010: the authentication server checks the third timestamp and the reply ciphertext m 3 (ii) a Valid at the third timestamp and answering ciphertext m 3 Under the condition that the verification is passed, the identity authentication of the terminal is determined to be successful, and the identity authentication of the terminal and the authentication server is successful;
wherein the third timestamp and the reply ciphertext m are checked 3 The specific implementation of the method is as follows: the authentication server firstly checks whether the third timestamp is valid, and if the third timestamp is invalid, authentication failure information is returned; if valid, first use its own private key K s ' decryption yields a random number R c And R b Reuse the random number R c And a terminal identity ID c Performing hash conversion, and mixing with H (ID) transmitted from terminal c ||R c ) Make a comparisonIf not, returning authentication failure information; if the identity authentication is consistent, the identity authentication of the terminal is determined to be successful;
step S1011: random number R for authentication server a 、R b And R c Generating a communication key and identifying the terminal ID c And adding the communication key to a list of legitimate devices;
step S1012: the authentication server sends information of successful authentication to the terminal;
step S1013: after the terminal equipment receives the information of successful authentication, the R is used a 、R b And R c And generating a communication key and finishing the authentication process.
According to the identity authentication method based on the selection response mechanism, the authentication server can authenticate the identity of the terminal, the terminal can authenticate the identity of the authentication server, the authentication server can determine the authentication result of the terminal through authentication, bidirectional identity authentication of the terminal and the authentication server is achieved, and the risk that a phishing website and other counterfeit servers attack and steal keys and data is reduced. In the authentication process, timestamp elements are added to information sent by the terminal and the authentication server, so that replay attack resistance can be resisted, and session conflict can be avoided by adding session identification; the terminal and the authentication server can encrypt the generated random number and transmit the encrypted random number, so that the risk of intercepting the random number in channel transmission is reduced; in the authentication process, the terminal and the authentication server can use the identity of the opposite side stored by the terminal and the random number obtained by decryption to carry out hash transformation, and then the obtained authentication hash data is compared with the hash data sent by the opposite side, so that the authenticity of a ciphertext source can be ensured; in addition, the communication key is obtained by calculating the random numbers generated by the terminal and the authentication server in the authentication process without being transmitted on a channel, so that the safety of the communication key is improved, and the terminal and the authentication server can calculate the communication key by using the random numbers during each authentication, thereby ensuring the uniqueness of the communication key.
Based on the same inventive concept, the disclosed embodiments provide a terminal, as described in the examples below. Because the principle of the terminal embodiment for solving the problem is similar to that of the method embodiment, the real-time of the terminal embodiment may refer to the implementation of the method embodiment, and repeated details are not described again.
Fig. 11 is a schematic diagram illustrating a structure of a terminal according to an exemplary embodiment. As shown in fig. 11, the terminal 1100 may include: a first information transceiving module 1101, a first authentication data generating module 1102 and a first authentication module 1103.
The first information transceiver module 1101 is configured to: the identity authentication server is used for sending identity authentication request information to the authentication server and receiving request response information sent by the authentication server; the first authentication data generation module 1102 is configured to: generating first authentication data and sending the first authentication data to an authentication server; the first authentication module 1103 is configured to: and if the authentication server successfully authenticates the first authentication data, receiving second authentication data sent by the authentication server, and authenticating the second authentication data. And, the first authentication data generation module 1102 is further configured to: if the second authentication data is successfully authenticated, generating third authentication data, and sending the third authentication data to the authentication server; the first information transceiving module 1101 is further configured to: and if the authentication server successfully authenticates the third authentication data, receiving identity authentication success information sent by the authentication server.
In some embodiments of the present disclosure, the identity authentication request information includes a terminal identity identifier and a terminal digital certificate; the request response information comprises an authentication server identity, an authentication server digital certificate and identity authentication challenge start information.
In some embodiments of the present disclosure, the first authentication data includes a challenge cryptogram and a first timestamp. Wherein the first authentication data generation module 1102 is further configured to: if identity authentication challenge starting information sent by an authentication server is received, generating a first random number; encrypting a first random number by using an authentication server public key in an authentication server digital certificate to obtain first encrypted data; carrying out Hash transformation on the terminal identity identification and the first random number to obtain first Hash data; generating a challenge ciphertext according to the first encrypted data and the first hash data; and determining a first time stamp, and sending the challenge ciphertext and the first time stamp to the authentication server.
In some embodiments of the present disclosure, the second authentication data includes a response cryptogram of the authentication server and a second timestamp; the response ciphertext of the authentication server comprises second encrypted data and second hash data; and the second encrypted data is obtained by the authentication server through encrypting a second random number by using the terminal public key in the terminal digital certificate, and the second hash data is obtained by performing hash transformation on the authentication server identity and the second random number, wherein the second random number is generated under the condition that the authentication server successfully authenticates the first authentication data.
In some embodiments of the present disclosure, the first authentication module 1103 is further configured to: receiving a response ciphertext and a second timestamp of the authentication server, which are sent by the authentication server; verifying whether the second timestamp is valid; if the second timestamp is valid, decrypting second encrypted data in a response ciphertext of the authentication server by using a terminal private key to obtain a second random number, and then performing hash transformation on the identity of the authentication server and the second random number to obtain authentication hash data; judging whether the obtained authentication hash data is consistent with second hash data in a response ciphertext of the authentication server; and if the obtained authentication hash data is consistent with the second hash data, determining that the second authentication data is successfully authenticated.
In some embodiments of the present disclosure, the third authentication data includes a response ciphertext of the terminal and a third timestamp. Wherein the first authentication data generation module 1102 is further configured to: if the second authentication data is successfully authenticated, generating a third random number; encrypting the third random number and the second random number by using an authentication server public key in the authentication server digital certificate to obtain third encrypted data; performing hash transformation on the terminal identity and the third random number to obtain third hash data; generating a response ciphertext of the terminal according to the third encrypted data and the third hash data; and determining a third time stamp, and sending the response ciphertext of the terminal and the third time stamp to the authentication server.
In some embodiments of the present disclosure, terminal 1100 further includes a first key generation module 1104. The first key generation module 1104 is configured to: and generating a communication key according to the random number generated by the terminal in the identity authentication process and the random number generated by the authentication server in the identity authentication process.
In some embodiments of the present disclosure, the first information transceiving module 1101 is further configured to: if the authentication server fails to authenticate the first authentication data, or the authentication server fails to authenticate the third authentication data, receiving authentication failure information sent by the authentication server; and if the authentication of the second authentication data fails, sending authentication failure information to the authentication server.
Based on the same inventive concept, the embodiments of the present disclosure provide an authentication server, as described in the following embodiments. Because the principle of solving the problem of the embodiment of the authentication server is similar to that of the embodiment of the method, the embodiment of the authentication server can be referred to the implementation of the embodiment of the method in real time, and repeated parts are not described again.
Fig. 12 is a schematic diagram illustrating the structure of an authentication server according to an example embodiment. As shown in fig. 12, the authentication server 1200 may include: a second information transceiving module 1201, a second authentication module 1202, and a second authentication data generation module 1203.
The second information transceiving module 1201 is configured to: receiving identity authentication request information sent by a terminal, and sending request response information to the terminal; the second authentication module 1202 is configured to: receiving first authentication data sent by a terminal, and authenticating the first authentication data; the second authentication data generation module 1203 is configured to: and if the first authentication data is successfully authenticated, generating second authentication data and sending the second authentication data to the terminal. And the second authentication module 1202 is further configured to: if the terminal successfully authenticates the second authentication data, third authentication data sent by the terminal is received, and the third authentication data is authenticated; the second information transceiving module 1201 is further configured to: and if the third authentication data is successfully authenticated, determining that the identity authentication is successful, and sending identity authentication success information to the terminal.
In some embodiments of the present disclosure, the identity authentication request information includes a terminal identity identifier and a terminal digital certificate; the request response information comprises an authentication server identity, an authentication server digital certificate and identity authentication challenge start information.
In some embodiments of the present disclosure, the first authentication data comprises a challenge cryptogram and a first timestamp; the challenge ciphertext comprises first encrypted data and first hash data; and the first encrypted data is obtained by the terminal encrypting a first random number by using the public key of the authentication server in the digital certificate of the authentication server, the first hash data is obtained by the terminal performing hash transformation on the terminal identity and the first random number, wherein the first random number is generated by the terminal after receiving the identity authentication challenge start information sent by the authentication server.
In some embodiments of the present disclosure, the second authentication module 1202 is further configured to: receiving the challenge ciphertext and the first timestamp sent by the terminal; verifying whether the first timestamp is valid; if the first timestamp is valid, decrypting the first encrypted data in the challenge ciphertext by using a private key of an authentication server to obtain the first random number, and then performing hash transformation on the terminal identity and the first random data to obtain authentication hash data; judging whether the obtained authentication hash data is consistent with the first hash data in the challenge ciphertext; and if the obtained authentication hash data is consistent with the first hash data, determining that the first authentication data is successfully authenticated.
In some embodiments of the present disclosure, the second authentication data includes a response cryptogram of the authentication server and a second time stamp. The second authentication data generation module 1203 is further configured to: if the first authentication data is successfully authenticated, generating a second random number; encrypting the second random number by using a terminal public key in the terminal digital certificate to obtain second encrypted data; performing hash transformation on the authentication server identity and the second random number to obtain second hash data; generating a response ciphertext of the authentication server according to the second encrypted data and the second hash data; and determining a second time stamp, and sending a response ciphertext of the authentication server and the second time stamp to the terminal.
In some embodiments of the present disclosure, the third authentication data includes a response ciphertext of the terminal and a third timestamp; the response ciphertext of the terminal comprises third encrypted data and third hash data; and the third encrypted data is obtained by the terminal encrypting a third random number and a second random number by using the public key of the authentication server in the digital certificate of the authentication server, and the third hash data is obtained by the terminal performing hash transformation on the terminal identity and the third random number, wherein the third random number is generated under the condition that the terminal successfully authenticates the second authentication data, and the second random number is obtained by the terminal decrypting the second encrypted data in the second authentication data.
In some embodiments of the present disclosure, the second authentication module 1202 is further configured to: receiving a response ciphertext and a third timestamp of the terminal, which are sent by the terminal; verifying whether the third timestamp is valid; if the third timestamp is valid, decrypting third encrypted data in a response ciphertext of the terminal by using a private key of the authentication server to obtain a third random number and a second random number, and then performing hash transformation on the terminal identity and the third random number to obtain authentication hash data; judging whether the obtained authentication hash data is consistent with third hash data in a response ciphertext of the terminal; and if the obtained authentication hash data is consistent with the third hash data, determining that the third authentication data is successfully authenticated.
In some embodiments of the present disclosure, the authentication server 1200 further comprises a second key generation module 1204. The second key generation module 1204 is configured to: and generating a communication key according to the random number generated by the terminal in the identity authentication process and the random number generated by the authentication server in the identity authentication process.
In some embodiments of the present disclosure, the second information transceiving module 1201 is further configured to: if the authentication on the first authentication data fails or the authentication on the third authentication data fails, sending authentication failure information to the terminal; and if the terminal fails to authenticate the second authentication data, receiving authentication failure information sent by the terminal.
Fig. 13 is a block diagram illustrating the structure of an electronic device according to an example embodiment. An electronic device 1300 according to this embodiment of the invention is described below with reference to fig. 13. The electronic device 1300 shown in fig. 13 is only an example and should not bring any limitation to the function and the scope of use of the embodiments of the present invention.
As shown in fig. 13, electronic device 1300 takes the form of a general-purpose computing device. The components of the electronic device 1300 may include, but are not limited to: the at least one processing unit 1310, the at least one memory unit 1320, the bus 1330 connecting the various system components (including the memory unit 1320 and the processing unit 1310), the display unit 1340.
Wherein the memory unit stores program code that is executable by the processing unit 1310 to cause the processing unit 1310 to perform steps according to various exemplary embodiments of the present invention as described in the "exemplary methods" section above in this specification. Specifically, when the electronic device 1310 provided in the embodiment of the present disclosure is a terminal, the following steps in the above embodiment may be performed: step S201, sending identity authentication request information to an authentication server, and receiving request response information sent by the authentication server; step S202, generating first authentication data, and sending the first authentication data to an authentication server; step S203, if the authentication server successfully authenticates the first authentication data, receiving second authentication data sent by the authentication server, and authenticating the second authentication data; step S204, if the second authentication data is successfully authenticated, third authentication data is generated and sent to the authentication server; in step S205, if the authentication server successfully authenticates the third authentication data, the authentication server receives the identity authentication success information sent by the authentication server. When the electronic device 1310 provided in the embodiment of the present disclosure is an authentication server, the following steps in the above embodiment may be performed: step S601, receiving the identity authentication request information sent by the terminal, sending request response information to the terminal; step S602, receiving first authentication data sent by a terminal, and authenticating the first authentication data; step S603, if the first authentication data is successfully authenticated, generating second authentication data, and sending the second authentication data to the terminal; step S604, if the terminal successfully authenticates the second authentication data, the third authentication data sent by the terminal is received, and the third authentication data is authenticated; step S605, if the third authentication data is successfully authenticated, it is determined that the identity authentication is successful, and identity authentication success information is sent to the terminal.
The memory unit 1320 may include readable media in the form of volatile memory units such as a random access memory unit (RAM) 13201 and/or a cache memory unit 13202, and may further include a read-only memory unit (ROM) 13203.
Storage unit 1320 may also include a program/utility 13204 having a set (at least one) of program modules 13205, such program modules 13205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 1330 may be any bus representing one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 1300 may also communicate with one or more external devices 1370 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 1300, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 1300 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 1350. Also, the electronic device 1300 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) through the network adapter 1360. As shown, the network adapter 1360 communicates with the other modules of the electronic device 1300 via the bus 1330. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 1300, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, to name a few.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
According to the program product for implementing the method, the portable compact disc read only memory (CD-ROM) can be adopted, the program code is included, and the program product can be operated on terminal equipment, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, and may also be implemented by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements that have been described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (21)

1. An identity authentication method based on a challenge-response mechanism, wherein the method is executed by a terminal and comprises the following steps:
sending identity authentication request information to an authentication server, and receiving request response information sent by the authentication server;
generating first authentication data and sending the first authentication data to the authentication server;
if the authentication server successfully authenticates the first authentication data, receiving second authentication data sent by the authentication server, and authenticating the second authentication data;
if the second authentication data is successfully authenticated, generating third authentication data, and sending the third authentication data to the authentication server;
and if the authentication server successfully authenticates the third authentication data, receiving identity authentication success information sent by the authentication server.
2. The method according to claim 1, wherein the identity authentication request information comprises a terminal identity and a terminal digital certificate; the request response information comprises an authentication server identity mark, an authentication server digital certificate and identity authentication challenge starting information.
3. The method of claim 2, wherein the first authentication data comprises a challenge cryptogram and a first timestamp;
wherein generating first authentication data and sending the first authentication data to the authentication server comprises:
if receiving identity authentication challenge starting information sent by the authentication server, generating a first random number;
encrypting the first random number by using an authentication server public key in the authentication server digital certificate to obtain first encrypted data;
performing hash transformation on the terminal identity and the first random number to obtain first hash data;
generating the challenge ciphertext according to the first encrypted data and the first hash data;
and determining the first time stamp, and sending the challenge ciphertext and the first time stamp to the authentication server.
4. The method of claim 2, wherein the second authentication data comprises a response cryptogram of the authentication server and a second time stamp; the response ciphertext of the authentication server comprises second encrypted data and second hash data; and the number of the first and second groups,
the second encrypted data is obtained by the authentication server encrypting a second random number by using a terminal public key in the terminal digital certificate, and the second hash data is obtained by the authentication server performing hash transformation on the authentication server identity and the second random number, wherein the second random number is generated under the condition that the authentication server successfully authenticates the first authentication data.
5. The method according to claim 4, wherein the receiving second authentication data sent by the authentication server, and authenticating the second authentication data comprises:
receiving a response ciphertext of the authentication server and the second timestamp sent by the authentication server;
verifying whether the second timestamp is valid;
if the second timestamp is valid, decrypting the second encrypted data in the response ciphertext of the authentication server by using a terminal private key to obtain a second random number, and then performing hash transformation on the identity of the authentication server and the second random number to obtain authentication hash data;
judging whether the obtained authentication hash data is consistent with the second hash data in the response ciphertext of the authentication server;
and if the obtained authentication hash data is consistent with the second hash data, determining that the second authentication data is successfully authenticated.
6. The method according to claim 5, wherein the third authentication data includes a response ciphertext of the terminal and a third timestamp;
wherein, if the authentication of the second authentication data is successful, generating third authentication data, and sending the third authentication data to the authentication server, includes:
if the second authentication data is successfully authenticated, generating a third random number;
encrypting the third random number and the second random number by using an authentication server public key in the authentication server digital certificate to obtain third encrypted data;
performing hash transformation on the terminal identity and the third random number to obtain third hash data;
generating a response ciphertext of the terminal according to the third encrypted data and the third hash data;
and determining the third timestamp, and sending a response ciphertext of the terminal and the third timestamp to the authentication server.
7. The method according to claim 1, wherein after receiving the identity authentication success information sent by the authentication server, the method further comprises:
and generating a communication key according to the random number generated by the terminal in the identity authentication process and the random number generated by the authentication server in the identity authentication process.
8. The method of any of claims 1 to 7, further comprising:
if the authentication server fails to authenticate the first authentication data, or the authentication server fails to authenticate the third authentication data, receiving authentication failure information sent by the authentication server; and the number of the first and second groups,
and if the second authentication data fails to be authenticated, sending authentication failure information to the authentication server.
9. An identity authentication method based on a challenge-response mechanism, wherein the method is executed by an authentication server and comprises the following steps:
receiving identity authentication request information sent by a terminal, and sending request response information to the terminal;
receiving first authentication data sent by the terminal, and authenticating the first authentication data;
if the first authentication data is successfully authenticated, generating second authentication data, and sending the second authentication data to the terminal;
if the terminal successfully authenticates the second authentication data, receiving third authentication data sent by the terminal, and authenticating the third authentication data;
and if the third authentication data is successfully authenticated, determining that the identity authentication is successful, and sending identity authentication success information to the terminal.
10. The method according to claim 9, wherein the identity authentication request information includes a terminal identity and a terminal digital certificate; the request response information comprises an authentication server identity mark, an authentication server digital certificate and identity authentication challenge starting information.
11. The method of claim 10, wherein the first authentication data comprises a challenge cryptogram and a first timestamp; the challenge ciphertext comprises first encrypted data and first hash data; and (c) a second step of,
the first encrypted data is obtained by the terminal encrypting a first random number by using an authentication server public key in the authentication server digital certificate, and the first hash data is obtained by the terminal performing hash transformation on the terminal identity and the first random number, wherein the first random number is generated by the terminal after receiving identity authentication challenge start information sent by the authentication server.
12. The method according to claim 11, wherein the receiving the first authentication data sent by the terminal, and authenticating the first authentication data comprises:
receiving the challenge ciphertext and the first timestamp sent by the terminal;
verifying whether the first timestamp is valid;
if the first timestamp is valid, decrypting the first encrypted data in the challenge ciphertext by using a private key of an authentication server to obtain the first random number, and then performing hash transformation on the terminal identity and the first random data to obtain authentication hash data;
judging whether the obtained authentication hash data is consistent with the first hash data in the challenge ciphertext or not;
and if the obtained authentication hash data is consistent with the first hash data, determining that the first authentication data is successfully authenticated.
13. The method of claim 10, wherein the second authentication data comprises a response cryptogram of the authentication server and a second time stamp;
if the authentication on the first authentication data is successful, generating second authentication data, and sending the second authentication data to the terminal, including:
if the first authentication data is successfully authenticated, generating a second random number;
encrypting the second random number by using a terminal public key in the terminal digital certificate to obtain second encrypted data;
performing hash transformation on the authentication server identity and the second random number to obtain second hash data;
generating a response ciphertext of the authentication server according to the second encrypted data and the second hash data;
and determining the second time stamp, and sending a response ciphertext of the authentication server and the second time stamp to the terminal.
14. The method according to claim 13, wherein the third authentication data includes a response ciphertext of the terminal and a third timestamp; the response ciphertext of the terminal comprises third encrypted data and third hash data; and (c) a second step of,
the third encrypted data is obtained by the terminal encrypting a third random number and a second random number by using an authentication server public key in the authentication server digital certificate, and the third hash data is obtained by the terminal performing hash transformation on the terminal identity and the third random number, wherein the third random number is generated under the condition that the terminal successfully authenticates the second authentication data, and the second random number is obtained by the terminal decrypting the second encrypted data in the second authentication data.
15. The method according to claim 14, wherein the receiving third authentication data sent by the terminal, and authenticating the third authentication data comprises:
receiving a response ciphertext and the third timestamp of the terminal, which are sent by the terminal;
verifying whether the third timestamp is valid;
if the third timestamp is valid, decrypting the third encrypted data in the response ciphertext of the terminal by using a private key of an authentication server to obtain a third random number and a second random number, and then performing hash transformation on the terminal identity and the third random number to obtain authentication hash data;
judging whether the obtained authentication hash data is consistent with the third hash data in the response ciphertext of the terminal;
and if the obtained authentication hash data is consistent with the third hash data, determining that the third authentication data is successfully authenticated.
16. The method of claim 9, wherein after determining that the identity authentication is successful, the method further comprises:
and generating a communication key according to the random number generated by the terminal in the identity authentication process and the random number generated by the authentication server in the identity authentication process.
17. The method of any of claims 9 to 16, further comprising:
if the authentication on the first authentication data fails or the authentication on the third authentication data fails, sending authentication failure information to the terminal; and the number of the first and second groups,
and if the terminal fails to authenticate the second authentication data, receiving authentication failure information sent by the terminal.
18. A terminal, comprising:
the first information transceiver module is used for sending identity authentication request information to an authentication server and receiving request response information sent by the authentication server;
the first authentication data generation module is used for generating first authentication data and sending the first authentication data to the authentication server;
the first authentication module is used for receiving second authentication data sent by the authentication server and authenticating the second authentication data if the authentication server successfully authenticates the first authentication data;
the first authentication data generation module is further configured to generate third authentication data if the second authentication data is successfully authenticated, and send the third authentication data to the authentication server;
the first information transceiver module is further configured to receive identity authentication success information sent by the authentication server if the authentication server successfully authenticates the third authentication data.
19. An authentication server, comprising:
the second information transceiver module is used for receiving identity authentication request information sent by a terminal and sending request response information to the terminal;
the second authentication module is used for receiving first authentication data sent by the terminal and authenticating the first authentication data;
the second authentication data generation module is used for generating second authentication data and sending the second authentication data to the terminal if the first authentication data is successfully authenticated;
the second authentication module is further configured to receive third authentication data sent by the terminal if the terminal successfully authenticates the second authentication data, and authenticate the third authentication data;
and the second information transceiver module is further configured to determine that the identity authentication is successful if the third authentication data is successfully authenticated, and send identity authentication success information to the terminal.
20. An electronic device, comprising:
one or more processors;
a storage device configured to store one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-17.
21. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 17.
CN202210772874.3A 2022-06-30 2022-06-30 Identity authentication method based on challenge response mechanism and related equipment Pending CN115150098A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210772874.3A CN115150098A (en) 2022-06-30 2022-06-30 Identity authentication method based on challenge response mechanism and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210772874.3A CN115150098A (en) 2022-06-30 2022-06-30 Identity authentication method based on challenge response mechanism and related equipment

Publications (1)

Publication Number Publication Date
CN115150098A true CN115150098A (en) 2022-10-04

Family

ID=83409590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210772874.3A Pending CN115150098A (en) 2022-06-30 2022-06-30 Identity authentication method based on challenge response mechanism and related equipment

Country Status (1)

Country Link
CN (1) CN115150098A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115632863A (en) * 2022-10-24 2023-01-20 贵州省通信产业服务有限公司 Data transmission method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115632863A (en) * 2022-10-24 2023-01-20 贵州省通信产业服务有限公司 Data transmission method and system

Similar Documents

Publication Publication Date Title
US11665006B2 (en) User authentication with self-signed certificate and identity verification
US10797879B2 (en) Methods and systems to facilitate authentication of a user
KR100962399B1 (en) Method for providing anonymous public key infrastructure and method for providing service using the same
CN101212293B (en) Identity authentication method and system
CN114584307B (en) Trusted key management method and device, electronic equipment and storage medium
US11909889B2 (en) Secure digital signing
CN108599926A (en) A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys
CN115150098A (en) Identity authentication method based on challenge response mechanism and related equipment
CN111767531B (en) Authentication system and method based on biological characteristics
CN115473655B (en) Terminal authentication method, device and storage medium for access network
US9038143B2 (en) Method and system for network access control
CN113545004A (en) Authentication system with reduced attack surface
CN114124513B (en) Identity authentication method, system, device, electronic equipment and readable medium
CN115242471A (en) Information transmission method and device, electronic equipment and computer readable storage medium
CN115348015A (en) Secure access method and device, computer readable storage medium and electronic equipment
JP5393594B2 (en) Efficient mutual authentication method, program, and apparatus
KR20170111809A (en) Bidirectional authentication method using security token based on symmetric key
CN114726558A (en) Authentication method, authentication device, electronic equipment and storage medium
CN114697046B (en) Security authentication method and system based on SM9 secret
KR20200067987A (en) Method of login control
CN113676468B (en) Three-party enhanced authentication system design method based on message verification technology
WO2022135384A1 (en) Identity authentication method and apparatus
Guo et al. 2FA Communication Protocol to Secure Metro Control Devices
CN114003892A (en) Credible authentication method, safety authentication equipment and user terminal
Culnane et al. Formalising Application-Driven Authentication & Access-Control based on Users’ Companion Devices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination