CN115473652B - Identity authentication method - Google Patents

Identity authentication method Download PDF

Info

Publication number
CN115473652B
CN115473652B CN202211026010.3A CN202211026010A CN115473652B CN 115473652 B CN115473652 B CN 115473652B CN 202211026010 A CN202211026010 A CN 202211026010A CN 115473652 B CN115473652 B CN 115473652B
Authority
CN
China
Prior art keywords
parameter
verification
ccb
server
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211026010.3A
Other languages
Chinese (zh)
Other versions
CN115473652A (en
Inventor
徐省华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Polytechnic Normal University
Original Assignee
Guangdong Polytechnic Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Polytechnic Normal University filed Critical Guangdong Polytechnic Normal University
Priority to CN202211026010.3A priority Critical patent/CN115473652B/en
Publication of CN115473652A publication Critical patent/CN115473652A/en
Application granted granted Critical
Publication of CN115473652B publication Critical patent/CN115473652B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本申请属于身份认证技术领域,公开了一种身份认证方法,该方法包括:服务器获取用户Ui输入的身份标识IDi、口令PWi及生物特征信息BIOi,并获取用户Ui的智能卡中存储的原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri};其中,Ccb(X,Y)为交叉组合位算法的运算规则,交叉组合位算法为基于加密信息的汉明权重进行位运算的算法。本申请可以达到降低计算量并保证安全性的效果。

Figure 202211026010

This application belongs to the technical field of identity authentication, and discloses an identity authentication method. The method includes: the server obtains the identity ID i , password PW i , and biometric information BIO i input by the user U i , and obtains the information stored in the smart card of the user U i . The stored original parameter information set {E i , F i , G i , Ccb(X,Y), ri }; among them, Ccb(X,Y) is the operation rule of the cross-combined bit algorithm, which is based on An algorithm that performs bit operations on Hamming weights of encrypted information. This application can achieve the effects of reducing the amount of calculation and ensuring safety.

Figure 202211026010

Description

一种身份认证方法An identity authentication method

技术领域Technical Field

本申请涉及身份验证技术领域,尤其涉及一种身份认证方法。The present application relates to the technical field of identity authentication, and in particular to an identity authentication method.

背景技术Background Art

身份验证又称身份验证或鉴权,是指通过一定的手段完成对用户身份的确认。身份验证的方法有很多,基本上可分为:基于共享密钥的身份验证、基于生物学特征的身份验证和基于公开密钥加密算法的身份验证。不同的身份验证方法,安全性也各有高低,而基于生物学特征的身份验证由于生物学特征的独一无二性,正得到越来越广的应用。然而,在进行身份认证的过程中,经常面临要将用户的身份信息发送给服务器进行验证的情况,为了保证用户信息安全,就需要对传送信息进行加密,但目前的身份认证方法往往是从引入外部参数对传送信息进行加密,不仅计算量大,而且一旦引入的参数被破解,还会危及用户信息安全。可见,现有技术存在计算量大且安全性不足的问题。Identity verification, also known as identity authentication or authorization, refers to the confirmation of user identity through certain means. There are many methods of identity verification, which can basically be divided into: identity verification based on shared keys, identity verification based on biometrics, and identity verification based on public key encryption algorithms. Different identity verification methods have different levels of security, and identity verification based on biometrics is being used more and more widely due to the uniqueness of biometrics. However, in the process of identity verification, it is often necessary to send the user's identity information to the server for verification. In order to ensure the security of user information, it is necessary to encrypt the transmitted information. However, the current identity verification method often introduces external parameters to encrypt the transmitted information, which not only requires a large amount of calculation, but also endangers the security of user information once the introduced parameters are cracked. It can be seen that the existing technology has the problems of large amount of calculation and insufficient security.

发明内容Summary of the invention

本申请提供了一种身份认证方法,能够降低计算量并保证认证安全性。The present application provides an identity authentication method that can reduce the amount of calculation and ensure authentication security.

本申请实施例提供了一种身份认证方法,该方法包括:The present invention provides an identity authentication method, which includes:

服务器获取用户Ui输入的身份标识IDi、口令PWi及生物特征信息BIOi,并获取用户Ui的智能卡中存储的原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri};其中,Ei、Fi及Gi均为加密参数,ri为用户Ui写入智能卡的随机数;Ccb(X,Y)为交叉组合位算法的运算规则,交叉组合位算法为基于加密信息的汉明权重进行位运算的算法;The server obtains the identity ID i , password PW i and biometric information BIO i input by user U i , and obtains the original parameter information set {E i , F i , G i , Ccb (X, Y), r i } stored in the smart card of user U i ; wherein E i , F i and G i are encryption parameters, r i is the random number written into the smart card by user U i ; Ccb (X, Y) is the operation rule of the cross-combination bit algorithm, and the cross-combination bit algorithm is an algorithm for bit operation based on the Hamming weight of the encrypted information;

服务器根据身份标识IDi、口令PWi、生物特征信息BIOi及原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri},通过交叉组合位算法计算得到验证参数F`i,并对比验证参数F`i与加密参数Fi是否一致;在验证参数F`i与加密参数Fi一致时,判定用户Ui登录成功;The server calculates the verification parameter F`i by the cross-combination bit algorithm according to the identity ID i , password PW i , biometric information BIO i and the original parameter information set {E i , F i , G i , Ccb(X, Y), r i }, and compares whether the verification parameter F`i is consistent with the encryption parameter F i ; when the verification parameter F`i is consistent with the encryption parameter F i , it is determined that the user U i has successfully logged in;

在用户Ui登录成功时,智能卡生成随机数x,按第一预设规则通过交叉组合位算法得到加密参数I1、加密参数Hi及加密参数I2,并生成第一参数信息集合{I1,Hi,I2,Gi}发送给服务器;服务器存储有服务器身份标识IDj和服务器密钥KRC_SWhen user U i logs in successfully, the smart card generates a random number x, obtains encryption parameters I 1 , H i and I 2 through a cross-combination bit algorithm according to a first preset rule, and generates a first parameter information set {I 1 , H i , I 2 , G i } and sends it to the server; the server stores the server identity ID j and the server key K RC_S ;

服务器根据服务器密钥KRC_S和第一参数信息集合{I1,Hi,I2,Gi},通过交叉组合位算法计算得到验证参数I`2,并对比验证参数I`2与加密参数I2是否一致;在验证参数I`2与加密参数I2一致时,判定用户Ui通过第一验证;The server calculates the verification parameter I` 2 by a cross-combination bit algorithm based on the server key K RC_S and the first parameter information set {I 1 , H i , I 2 , G i }, and compares whether the verification parameter I` 2 is consistent with the encryption parameter I 2 ; when the verification parameter I` 2 is consistent with the encryption parameter I 2 , it is determined that the user U i has passed the first verification;

在用户Ui通过第一验证时,服务器生成随机数y,按第二预设规则通过交叉组合位算法得到第一交互密钥KS_U、加密参数I3及加密参数I4,并生成第二参数信息集合{IDj,I3,I4}发送给智能卡;When user U i passes the first verification, the server generates a random number y, obtains the first interactive key K S_U , encryption parameter I 3 and encryption parameter I 4 through a cross-combination bit algorithm according to a second preset rule, and generates a second parameter information set {ID j , I 3 , I 4 } and sends it to the smart card;

智能卡根据随机数x、身份标识IDi及第二参数信息集合{IDj,I3,I4},通过交叉组合位算法计算得到验证参数I`4,并对比验证参数I`4与加密参数I4是否一致;在验证参数I`4与加密参数I4一致时,判定用户Ui通过第二验证;The smart card calculates the verification parameter I` 4 according to the random number x, the identity ID i and the second parameter information set {ID j , I 3 , I 4 } through the cross-combination bit algorithm, and compares whether the verification parameter I` 4 is consistent with the encryption parameter I 4 ; when the verification parameter I` 4 is consistent with the encryption parameter I 4 , it is determined that the user U i has passed the second verification;

在用户Ui通过第二验证时,智能卡按第三预设规则通过交叉组合位算法得到加密参数N,并将加密参数N发送给服务器;When user U i passes the second verification, the smart card obtains the encryption parameter N through the cross-combination bit algorithm according to the third preset rule, and sends the encryption parameter N to the server;

服务器根据第一交互密钥KS_U和随机数y通过交叉组合位算法计算得到验证参数N`,并对比验证参数N`与加密参数N是否一致;在验证参数N`与加密参数N一致时,判定用户Ui通过身份验证。The server calculates the verification parameter N` based on the first interactive key K S_U and the random number y through the cross-combination bit algorithm, and compares whether the verification parameter N` is consistent with the encryption parameter N; when the verification parameter N` is consistent with the encryption parameter N, it is determined that the user U i has passed the identity authentication.

在其中一个实施例中,服务器根据身份标识IDi、口令PWi、生物特征信息BIOi及原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri},通过交叉组合位算法计算得到验证参数F`i,包括:In one embodiment, the server calculates the verification parameter F`i according to the identity IDi, the password PWi , the biometric information BIOi and the original parameter information set {Ei , Fi , Gi , Ccb(X, Y), r i } through a cross-combination bit algorithm, including:

服务器根据随机数ri和身份标识IDi计算得到验证参数A`i=Ccb(IDi,ri),并根据口令PWi和生物特征信息BIOi计算得到验证参数B`i=Ccb(PWi,BIOi);The server calculates the verification parameter A` i =Ccb(ID i , r i ) based on the random number r i and the identity ID i , and calculates the verification parameter B` i =Ccb(PW i , BIO i ) based on the password PW i and the biometric information BIO i ;

根据验证参数B`i和加密参数Ei计算得到验证参数

Figure BDA0003815816510000021
The verification parameter is calculated based on the verification parameter B`i and the encryption parameter Ei
Figure BDA0003815816510000021

根据验证参数A`i和验证参数D`i计算得到验证参数

Figure BDA0003815816510000022
The verification parameters are calculated based on the verification parameters A`i and D`i .
Figure BDA0003815816510000022

在其中一个实施例中,服务器根据服务器密钥KRC_S和第一参数信息集合{I1,Hi,I2,Gi},通过交叉组合位算法计算得到验证参数I`2,包括:In one embodiment, the server calculates the verification parameter I'2 according to the server key KRC_S and the first parameter information set { I1 , H1 , I2 , G1 } by a cross-combination bit algorithm, including:

服务器根据加密参数Gi和服务器密钥KRC_S计算得到验证参数

Figure BDA0003815816510000023
The server calculates the verification parameter based on the encryption parameter Gi and the server key KRC_S
Figure BDA0003815816510000023

将验证参数C`i分为左部分C`i_L和右部分C`i_R,计算得到验证参数D``i=Ccb(C`i_L,C`i_R);Divide the verification parameter C` i into a left part C` i_L and a right part C` i_R , and calculate the verification parameter D`` i =Ccb(C` i_L , C` i_R );

根据验证参数D``i和加密参数I1计算得到验证随机数

Figure BDA0003815816510000024
The verification random number is calculated based on the verification parameter D`` i and the encryption parameter I 1
Figure BDA0003815816510000024

根据验证随机数x`、验证参数D``i和加密参数Hi计算得到验证身份标识

Figure BDA0003815816510000025
Figure BDA0003815816510000026
The verification identity is calculated based on the verification random number x`, verification parameter D`` i and encryption parameter Hi
Figure BDA0003815816510000025
Figure BDA0003815816510000026

根据验证身份标识ID`i、验证随机数x`和加密参数Gi计算得到验证参数

Figure BDA0003815816510000027
Figure BDA0003815816510000028
The verification parameter is calculated based on the verification identity ID` i , the verification random number x` and the encryption parameter Gi
Figure BDA0003815816510000027
Figure BDA0003815816510000028

在其中一个实施例中,智能卡根据随机数x、身份标识IDi及第二参数信息集合{IDj,I3,I4},通过交叉组合位算法计算得到验证参数I`4,包括:In one embodiment, the smart card calculates the verification parameter I' 4 according to the random number x, the identity ID i and the second parameter information set {ID j , I 3 , I 4 } through a cross-combination bit algorithm, including:

智能卡根据随机数x、身份标识IDi及加密参数I3计算得到验证随机数

Figure BDA0003815816510000031
The smart card calculates the verification random number based on the random number x, identity ID i and encryption parameter I 3
Figure BDA0003815816510000031

根据验证随机数y`和服务器身份标识IDj计算得到验证参数I`4=Ccb(IDj,y`)。The verification parameter I' 4 =Ccb(ID j ,y') is calculated based on the verification random number y' and the server identity ID j .

在其中一个实施例中,第一预设规则包括:In one embodiment, the first preset rule includes:

Figure BDA0003815816510000032
Figure BDA0003815816510000033
Figure BDA0003815816510000032
and
Figure BDA0003815816510000033

其中,D`i_L和D`i_R分别为验证参数D`i的左部分和右部分;Where D` i_L and D` i_R are the left and right parts of the verification parameter D` i respectively;

第二预设规则包括:The second preset rule includes:

Figure BDA0003815816510000034
及I4=Ccb(IDj,y);
Figure BDA0003815816510000034
and I 4 =Ccb(ID j ,y);

第三预设规则包括:The third preset rule includes:

第二交互密钥

Figure BDA0003815816510000035
Second interactive key
Figure BDA0003815816510000035

其中,yL为随机数y的左部分,yR为随机数y的右部分。Among them, y L is the left part of the random number y, and y R is the right part of the random number y.

在其中一个实施例中,在服务器获取用户Ui输入的身份标识IDi、口令PWi及生物特征信息BIOi之前,方法还包括:In one embodiment, before the server obtains the identity ID i , password PW i and biometric information BIO i input by the user U i , the method further includes:

服务器向注册中心发送注册请求,并在注册成功时,接收注册中心发送的服务器密钥KRC_SThe server sends a registration request to the registration center, and when the registration is successful, receives the server key K RC_S sent by the registration center;

以及,用户Ui在终端输入设定的身份标识IDi、口令PWi及生物特征信息BIOi,并写入随机数ri,终端按第四预设规则通过交叉组合位算法对身份标识IDi、口令PWi、生物特征信息BIOi及随机数ri进行计算,得到加密参数Ai和加密参数Bi,并生成注册参数信息集合{IDi,Ai,Bi}发送给注册中心;And, user U i inputs the set identity ID i , password PW i and biometric information BIO i in the terminal, and writes the random number r i , the terminal calculates the identity ID i , password PW i , biometric information BIO i and random number r i by the cross combination bit algorithm according to the fourth preset rule, obtains encryption parameter A i and encryption parameter B i , and generates a registration parameter information set {ID i , A i , B i } and sends it to the registration center;

注册中心验证身份标识IDi是否具有唯一性;并在身份标识IDi具有唯一性时,判定用户Ui注册成功,按第五预设规则通过交叉组合位算法对注册中心的主密钥K、服务器密钥KRC_S、身份标识IDi、加密参数Ai及加密参数Bi进行计算,得到加密参数Ei、加密参数Fi及加密参数Gi,并将加密参数Ei、加密参数Fi、加密参数Gi及交叉组合位算法的运算规则写入智能卡中;The registration center verifies whether the identity ID i is unique; and when the identity ID i is unique, determines that the user U i is successfully registered, calculates the master key K of the registration center, the server key K RC_S , the identity ID i , the encryption parameter A i and the encryption parameter B i by the cross-combination bit algorithm according to the fifth preset rule, obtains the encryption parameter E i , the encryption parameter F i and the encryption parameter G i , and writes the encryption parameter E i , the encryption parameter F i , the encryption parameter G i and the operation rule of the cross-combination bit algorithm into the smart card;

智能卡还接收用户Ui写入的随机数ri,以使智能卡存储有原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri}。The smart card also receives the random number ri written by the user Ui , so that the smart card stores the original parameter information set {Ei , Fi , Gi , Ccb(X, Y), ri }.

在其中一个实施例中,第四预设规则包括:Ai=Ccb(IDi,ri)和Bi=Ccb(PWi,BIOi);In one embodiment, the fourth preset rule includes: A i =Ccb(ID i , r i ) and B i =Ccb(PW i , BIO i );

第五预设规则包括:Ci=Ccb(IDi,K)、Di=Ccb(Ci_L,Ci_R)、

Figure BDA0003815816510000036
Figure BDA0003815816510000037
其中,Ci和Di均为加密参数,K为注册中心的主密钥,Ci_L为加密参数Ci的左部分,Ci_R为加密参数Ci的右部分。The fifth preset rule includes: Ci = Ccb ( IDi , K), Di = Ccb ( Ci_L , Ci_R ),
Figure BDA0003815816510000036
and
Figure BDA0003815816510000037
Wherein, Ci and Di are encryption parameters, K is the master key of the registration center, Ci_L is the left part of the encryption parameter Ci , and Ci_R is the right part of the encryption parameter Ci .

在其中一个实施例中,该方法还包括:In one embodiment, the method further comprises:

服务器在验证参数F`i与加密参数Fi不一致时,判定用户Ui登录失败,通知用户Ui进行第二次登录;以及,When the verification parameter F`i is inconsistent with the encryption parameter F i , the server determines that the login of user U i has failed and notifies user U i to log in for the second time; and

在用户Ui登录失败的连续次数达到阈值时,将用户Ui的智能卡锁定,以使智能卡无法再进行登录操作。When the number of consecutive login failures of user U i reaches a threshold, the smart card of user U i is locked so that the smart card can no longer be used for login operations.

在其中一个实施例中,在用户Ui登录成功之后,该方法还包括:In one embodiment, after the user U i successfully logs in, the method further includes:

服务器接收用户Ui输入的新口令PWnew,并基于新口令PWnew更新智能卡中存储的加密参数EiThe server receives the new password PW new input by the user U i , and updates the encryption parameter E i stored in the smart card based on the new password PW new ;

其中,加密参数

Figure BDA0003815816510000041
Among them, the encryption parameters
Figure BDA0003815816510000041

在其中一个实施例中,交叉组合位算法的公式为:Z=Ccb(X,Y);In one embodiment, the formula of the cross-combination bit algorithm is: Z=Ccb(X, Y);

其中,X、Y、Z均为长度为L位的二进制串,以H(X)表示二进制串X的汉明权重,H(Y)表示二进制串Y的汉明权重;Where X, Y, and Z are all binary strings of length L bits, H(X) represents the Hamming weight of binary string X, and H(Y) represents the Hamming weight of binary string Y;

交叉组合位算法的运算规则包括:The operation rules of the cross-combination bit algorithm include:

当H(X)≥H(Y)时,取二进制串X的右边H(Y)位和二进制串Y的左边H(X)位顺序组合,得到一个二进制串;若H(X)+H(Y)≥L,则截去该二进制串的右边(H(X)+H(Y)-L)位,得到长度为L位的二进制串Z;若H(X)+H(Y)<L,则在该二进制串的左边补上(L-(H(X)+H(Y))个0,得到长度为L位的二进制串Z;When H(X)≥H(Y), take the H(Y) bits on the right side of the binary string X and the H(X) bits on the left side of the binary string Y and combine them in sequence to obtain a binary string; if H(X)+H(Y)≥L, then truncate the (H(X)+H(Y)-L) bits on the right side of the binary string to obtain a binary string Z with a length of L bits; if H(X)+H(Y)<L, then add (L-(H(X)+H(Y)) zeros to the left side of the binary string to obtain a binary string Z with a length of L bits;

当H(X)<H(Y)时,取二进制串X的左边H(Y)位和二进制串Y的右边H(X)位逆序组合,得到一个二进制串;若H(X)+H(Y)≥L,则截去该二进制串的左边(H(X)+H(Y)-L)位,得到长度为L位的二进制串Z;若H(X)+H(Y)<L,则在该二进制串的右边补上(L-(H(X)+H(Y))个0,得到长度为L位的二进制串Z。When H(X)<H(Y), take the H(Y) bits on the left side of the binary string X and the H(X) bits on the right side of the binary string Y and combine them in reverse order to obtain a binary string; if H(X)+H(Y)≥L, then truncate the left side of the binary string (H(X)+H(Y)-L) bits to obtain a binary string Z with a length of L bits; if H(X)+H(Y)<L, then add (L-(H(X)+H(Y)) zeros to the right side of the binary string to obtain a binary string Z with a length of L bits.

综上,与现有技术相比,本申请实施例提供的技术方案带来的有益效果至少包括:In summary, compared with the prior art, the technical solution provided in the embodiment of the present application has at least the following beneficial effects:

本申请提供的一种身份认证方法,即可在单服务器环境下使用,也可在多服务器环境下使用,具备更广的应用范围;上述方法使用按位运算的交叉组合位算法实现对传送信息的加密处理,可以降低计算量;且由于该交叉组合位算法为基于加密信息的汉明权重进行位运算的算法,因此在加密过程中可以利用加密信息自身具备的固有汉明权重,既能够减少参数引入的同时,又可增加第三方破解难度;上述方法能够在身份认证过程中既保证认证安全性,又降低计算量。The present application provides an identity authentication method that can be used in a single-server environment or in a multi-server environment, and has a wider range of applications. The method uses a cross-combination bit algorithm for bitwise operations to implement encryption processing of transmitted information, which can reduce the amount of calculation. And because the cross-combination bit algorithm is an algorithm for bitwise operations based on the Hamming weight of the encrypted information, the inherent Hamming weight of the encrypted information itself can be used in the encryption process, which can reduce the introduction of parameters while increasing the difficulty of cracking by a third party. The method can ensure authentication security and reduce the amount of calculation in the identity authentication process.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本申请一个示例性实施例提供的身份认证方法的流程图。FIG1 is a flow chart of an identity authentication method provided by an exemplary embodiment of the present application.

图2为本申请一个示例性实施例提供的交叉组合位算法运算的示例图。FIG. 2 is an example diagram of a cross-combination bit arithmetic operation provided by an exemplary embodiment of the present application.

图3为本申请一个示例性实施例提供的交叉组合位算法运算的另一示例图。FIG. 3 is another example diagram of a cross-combination bit arithmetic operation provided by an exemplary embodiment of the present application.

具体实施方式DETAILED DESCRIPTION

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will be combined with the drawings in the embodiments of the present application to clearly and completely describe the technical solutions in the embodiments of the present application. Obviously, the described embodiments are only part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of this application.

本申请实施例提供了一种身份认证方法,请参见图1,该方法即可在单服务器环境下应用,也可在多服务器环境下应用,具备更广的应用范围。该方法具体包括以下步骤:The embodiment of the present application provides an identity authentication method, see Figure 1, the method can be applied in a single server environment or in a multi-server environment, and has a wider application range. The method specifically includes the following steps:

步骤S1,服务器获取用户Ui输入的身份标识IDi、口令PWi及生物特征信息BIOi,并获取用户Ui的智能卡中存储的原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri}。Step S1, the server obtains the identity ID i , password PW i and biometric information BIO i input by user U i , and obtains the original parameter information set {E i , F i , G i , Ccb (X, Y), r i } stored in the smart card of user U i .

其中,用户Ui为编号为i的用户,i为一个正整数值;Ei、Fi及Gi为预先存储在智能卡中的多个加密参数,ri为用户Ui写入智能卡的随机数;Ccb(X,Y)为交叉组合位运算符,在此指交叉组合位算法的运算规则,交叉组合位算法为基于加密信息的汉明权重进行位运算的算法;生物特征信息BIOi可以为用户的视网膜、指纹、DNA等信息。Among them, user U i is the user numbered i, and i is a positive integer value; E i , F i and Gi are multiple encryption parameters pre-stored in the smart card, and r i is the random number written into the smart card by user U i ; Ccb (X, Y) is a cross-combination bit operator, which refers to the operation rules of the cross-combination bit algorithm, and the cross-combination bit algorithm is an algorithm for bit operations based on the Hamming weight of the encrypted information; the biometric information BIO i can be the user's retina, fingerprint, DNA and other information.

具体地,用户Ui将智能卡插入服务器对应的读卡器中,服务器通过读卡器获取用户Ui输入的身份标识IDi、口令PWi及生物特征信息BIOi,并通过读卡器获取用户Ui的智能卡中存储的原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri}。Specifically, user U i inserts the smart card into the card reader corresponding to the server. The server obtains the identity ID i , password PW i and biometric information BIO i input by user U i through the card reader, and obtains the original parameter information set {E i , F i , G i , Ccb(X, Y), r i } stored in the smart card of user U i through the card reader.

步骤S2,服务器根据身份标识IDi、口令PWi、生物特征信息BIOi及原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri},通过交叉组合位算法计算得到验证参数F`i,并对比验证参数F`i与加密参数Fi是否一致;在验证参数F`i与加密参数Fi一致时,判定用户Ui登录成功。Step S2, the server calculates the verification parameter F`i according to the identity ID i , password PW i , biometric information BIO i and the original parameter information set {E i , F i , G i , Ccb(X, Y), r i } through the cross-combination bit algorithm, and compares whether the verification parameter F`i is consistent with the encryption parameter F i ; when the verification parameter F`i is consistent with the encryption parameter F i , it is determined that the user U i has logged in successfully.

具体地,比较验证参数F`i与加密参数Fi的大小,若F`i=Fi,用户Ui通过登录验证,即用户Ui登录成功。Specifically, the verification parameter F` i is compared with the encryption parameter F i . If F` i = F i , the user U i passes the login verification, that is, the user U i logs in successfully.

在本实施例的一些实施方式中,服务器根据身份标识IDi、口令PWi、生物特征信息BIOi及原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri},通过交叉组合位算法计算得到验证参数F`i,具体包括以下步骤:In some implementations of this embodiment, the server calculates the verification parameter F`i according to the identity IDi, the password PWi , the biometric information BIOi and the original parameter information set {Ei , Fi , Gi , Ccb(X, Y), r i } through a cross-combination bit algorithm, specifically including the following steps:

服务器根据随机数ri和身份标识IDi计算得到验证参数A`i=Ccb(IDi,ri),并根据口令PWi和生物特征信息BIOi计算得到验证参数B`i=Ccb(PWi,BIOi);The server calculates the verification parameter A` i =Ccb(ID i , r i ) based on the random number r i and the identity ID i , and calculates the verification parameter B` i =Ccb(PW i , BIO i ) based on the password PW i and the biometric information BIO i ;

根据验证参数B`i和加密参数Ei计算得到验证参数

Figure BDA0003815816510000051
The verification parameter is calculated based on the verification parameter B`i and the encryption parameter Ei
Figure BDA0003815816510000051

根据验证参数A`i和验证参数D`i计算得到验证参数

Figure BDA0003815816510000052
The verification parameters are calculated based on the verification parameters A`i and D`i .
Figure BDA0003815816510000052

其中,

Figure BDA0003815816510000061
为异或运算符;Ccb(X,Y)为交叉组合位运算符。in,
Figure BDA0003815816510000061
is the exclusive OR operator; Ccb(X, Y) is the cross combination bit operator.

步骤S3,在用户Ui登录成功时,智能卡生成随机数x,按第一预设规则通过交叉组合位算法得到加密参数I1、加密参数Hi及加密参数I2,并生成第一参数信息集合{I1,Hi,I2,Gi}发送给服务器;服务器存储有服务器身份标识IDj和服务器密钥KRC_SStep S3, when user U i logs in successfully, the smart card generates a random number x, obtains encryption parameters I 1 , H i and I 2 through a cross-combination bit algorithm according to a first preset rule, and generates a first parameter information set {I 1 , H i , I 2 , G i } and sends it to the server; the server stores the server identity ID j and the server key K RC_S .

在本实施例的一些实施方式中,第一预设规则包括:

Figure BDA0003815816510000062
Figure BDA0003815816510000063
Figure BDA0003815816510000064
其中,D`i_L和D`i_R分别为验证参数D`i的左部分和右部分。In some implementations of this embodiment, the first preset rule includes:
Figure BDA0003815816510000062
Figure BDA0003815816510000063
and
Figure BDA0003815816510000064
Among them, D`i_L and D`i_R are the left and right parts of the verification parameter D`i respectively.

步骤S4,服务器根据服务器密钥KRC_S和第一参数信息集合{I1,Hi,I2,Gi},通过交叉组合位算法计算得到验证参数I`2,并对比验证参数I`2与加密参数I2是否一致;在验证参数I`2与加密参数I2一致时,判定用户Ui通过第一验证。Step S4: The server calculates the verification parameter I` 2 according to the server key K RC_S and the first parameter information set {I 1 , H i , I 2 , G i } through a cross-combination bit algorithm, and compares whether the verification parameter I` 2 is consistent with the encryption parameter I 2 ; when the verification parameter I` 2 is consistent with the encryption parameter I 2 , it is determined that the user U i has passed the first verification.

具体地,对比验证参数I`2与加密参数I2的大小。Specifically, the sizes of verification parameter I`2 and encryption parameter I2 are compared.

若I`2≠I2,表明用户Ui无法通过服务器的第一验证,认证过程终止。If I` 2 ≠I 2 , it indicates that user U i cannot pass the first verification of the server, and the authentication process terminates.

若I`2=I2,表明用户Ui通过服务器的第一验证,认证过程继续。If I' 2 =I 2 , it indicates that user U i passes the first verification of the server, and the authentication process continues.

在本实施例的一些实施方式中,服务器根据服务器密钥KRC_S和第一参数信息集合{I1,Hi,I2,Gi},通过交叉组合位算法计算得到验证参数I`2,包括:In some implementations of this embodiment, the server calculates the verification parameter I'2 according to the server key KRC_S and the first parameter information set { I1 , H1 , I2 , G1 } by a cross-combination bit algorithm, including:

服务器根据加密参数Gi和服务器密钥KRC_S计算得到验证参数

Figure BDA0003815816510000065
The server calculates the verification parameter based on the encryption parameter Gi and the server key KRC_S
Figure BDA0003815816510000065

将验证参数C`i分为左部分C`i_L和右部分C`i_R,计算得到验证参数D``i=Ccb(C`i_L,C`i_R);Divide the verification parameter C` i into a left part C` i_L and a right part C` i_R , and calculate the verification parameter D`` i =Ccb(C` i_L , C` i_R );

根据验证参数D``i和加密参数I1计算得到验证随机数

Figure BDA0003815816510000066
The verification random number is calculated based on the verification parameter D`` i and the encryption parameter I 1
Figure BDA0003815816510000066

根据验证随机数x`、验证参数D``i和加密参数Hi计算得到验证身份标识

Figure BDA0003815816510000067
Figure BDA0003815816510000068
The verification identity is calculated based on the verification random number x`, verification parameter D`` i and encryption parameter Hi
Figure BDA0003815816510000067
Figure BDA0003815816510000068

根据验证身份标识ID`i、验证随机数x`和加密参数Gi计算得到验证参数

Figure BDA0003815816510000069
Figure BDA00038158165100000610
The verification parameter is calculated based on the verification identity ID` i , the verification random number x` and the encryption parameter Gi
Figure BDA0003815816510000069
Figure BDA00038158165100000610

步骤S5,在用户Ui通过第一验证时,服务器生成随机数y,按第二预设规则通过交叉组合位算法得到第一交互密钥KS_U、加密参数I3及加密参数I4,并生成第二参数信息集合{IDj,I3,I4}发送给智能卡。Step S5, when user U i passes the first verification, the server generates a random number y, obtains the first interactive key K S_U , encryption parameter I 3 and encryption parameter I 4 through a cross-combination bit algorithm according to a second preset rule, and generates a second parameter information set {ID j , I 3 , I 4 } and sends it to the smart card.

在本实施例的一些实施方式中,第二预设规则包括:

Figure BDA00038158165100000611
Figure BDA00038158165100000612
及I4=Ccb(IDj,y);In some implementations of this embodiment, the second preset rule includes:
Figure BDA00038158165100000611
Figure BDA00038158165100000612
and I 4 =Ccb(ID j ,y);

步骤S6,智能卡根据随机数x、身份标识IDi及第二参数信息集合{IDj,I3,I4},通过交叉组合位算法计算得到验证参数I`4,并对比验证参数I`4与加密参数I4是否一致;在验证参数I`4与加密参数I4一致时,判定用户Ui通过第二验证。Step S6: The smart card calculates the verification parameter I` 4 based on the random number x, the identity identifier ID i and the second parameter information set {ID j , I 3 , I 4 } through a cross-combination bit algorithm, and compares whether the verification parameter I` 4 is consistent with the encryption parameter I 4 ; when the verification parameter I` 4 is consistent with the encryption parameter I 4 , it is determined that the user U i has passed the second verification.

具体地,比较验证参数I`4与加密参数I4的大小。Specifically, the sizes of verification parameter I'4 and encryption parameter I'4 are compared.

若I`4≠I4,服务器无法通过用户Ui的第二验证,认证过程终止。If I` 4 ≠I 4 , the server cannot pass the second verification of user U i and the authentication process terminates.

若I`4=I4,服务器通过用户Ui的第二验证,认证过程继续。If I' 4 =I 4 , the server passes the second verification of user U i and the authentication process continues.

在本实施例的一些实施方式中,智能卡根据随机数x、身份标识IDi及第二参数信息集合{IDj,I3,I4},通过交叉组合位算法计算得到验证参数I`4,包括:In some implementations of this embodiment, the smart card calculates the verification parameter I' 4 according to the random number x, the identity ID i and the second parameter information set {ID j , I 3 , I 4 } through a cross-combination bit algorithm, including:

智能卡根据随机数x、身份标识IDi及加密参数I3计算得到验证随机数

Figure BDA0003815816510000071
The smart card calculates the verification random number based on the random number x, identity ID i and encryption parameter I 3
Figure BDA0003815816510000071

根据验证随机数y`和服务器身份标识IDj计算得到验证参数I`4=Ccb(IDj,y`)。The verification parameter I' 4 =Ccb(ID j ,y') is calculated based on the verification random number y' and the server identity ID j .

步骤S7,在用户Ui通过第二验证时,智能卡按第三预设规则通过交叉组合位算法得到加密参数N,并将加密参数N发送给服务器。Step S7: When the user U i passes the second verification, the smart card obtains the encryption parameter N through the cross-combination bit algorithm according to the third preset rule, and sends the encryption parameter N to the server.

在本实施例的一些实施方式中,第三预设规则包括:In some implementations of this embodiment, the third preset rule includes:

第二交互密钥

Figure BDA0003815816510000072
Second interactive key
Figure BDA0003815816510000072

其中,yL为随机数y的左部分,yR为随机数y的右部分。Among them, y L is the left part of the random number y, and y R is the right part of the random number y.

步骤S8,服务器根据第一交互密钥KS_U和随机数y通过交叉组合位算法计算得到验证参数N`,并对比验证参数N`与加密参数N是否一致;在验证参数N`与加密参数N一致时,判定用户Ui通过身份验证。Step S8, the server calculates the verification parameter N` according to the first interactive key K S_U and the random number y through the cross-combination bit algorithm, and compares whether the verification parameter N` is consistent with the encryption parameter N; when the verification parameter N` is consistent with the encryption parameter N, it is determined that the user U i has passed the identity authentication.

具体地,对比验证参数N`与接收到的加密参数N的大小。Specifically, the sizes of the verification parameter N' and the received encryption parameter N are compared.

若N`≠N,用户Ui未能通过服务器Sj的验证,协议停止。If N`≠N, user U i fails to pass the verification of server S j and the protocol stops.

若N`=N,用户Ui通过服务器Sj的验证,表明用户Ui为合法用户,可自由使用服务器Sj上的资源。If N`=N, user U i passes the authentication of server S j , indicating that user U i is a legitimate user and can freely use the resources on server S j .

本实施例提供的一种身份认证方法,即可在单服务器环境下使用,也可在多服务器环境下使用,具备更广的应用范围;上述方法使用按位运算的交叉组合位算法实现对传送信息的加密处理,可以降低计算量;且由于该交叉组合位算法为基于加密信息的汉明权重进行位运算的算法,因此在加密过程中可以利用加密信息自身具备的固有汉明权重,既能够减少参数引入的同时,又可增加第三方破解难度;上述方法能够降低身份认证过程中的计算量并提高认证安全性。An identity authentication method provided in this embodiment can be used in a single-server environment or in a multi-server environment, and has a wider range of applications; the above method uses a cross-combination bit algorithm of bitwise operation to implement encryption processing of transmitted information, which can reduce the amount of calculation; and because the cross-combination bit algorithm is an algorithm that performs bit operations based on the Hamming weight of the encrypted information, the inherent Hamming weight of the encrypted information itself can be used in the encryption process, which can not only reduce the introduction of parameters, but also increase the difficulty of cracking by a third party; the above method can reduce the amount of calculation in the identity authentication process and improve the authentication security.

基于上述实施例,交叉组合位算法的公式为:Z=Ccb(X,Y);Based on the above embodiment, the formula of the cross-combination bit algorithm is: Z=Ccb(X, Y);

其中,X、Y、Z均为长度为L位的二进制串,以H(X)表示二进制串X的汉明权重,H(Y)表示二进制串Y的汉明权重;Where X, Y, and Z are all binary strings of length L bits, H(X) represents the Hamming weight of binary string X, and H(Y) represents the Hamming weight of binary string Y;

交叉组合位算法的运算规则包括:The operation rules of the cross-combination bit algorithm include:

当H(X)≥H(Y)时,取二进制串X的右边H(Y)位和二进制串Y的左边H(X)位顺序组合,得到一个二进制串;若H(X)+H(Y)≥L,则截去该二进制串的右边(H(X)+H(Y)-L)位,得到长度为L位的二进制串Z;若H(X)+H(Y)<L,则在该二进制串的左边补上(L-(H(X)+H(Y))个0,得到长度为L位的二进制串Z;When H(X)≥H(Y), take the H(Y) bits on the right side of the binary string X and the H(X) bits on the left side of the binary string Y and combine them in sequence to obtain a binary string; if H(X)+H(Y)≥L, then truncate the (H(X)+H(Y)-L) bits on the right side of the binary string to obtain a binary string Z with a length of L bits; if H(X)+H(Y)<L, then add (L-(H(X)+H(Y)) zeros to the left side of the binary string to obtain a binary string Z with a length of L bits;

当H(X)<H(Y)时,取二进制串X的左边H(Y)位和二进制串Y的右边H(X)位逆序组合,得到一个二进制串;若H(X)+H(Y)≥L,则截去该二进制串的左边(H(X)+H(Y)-L)位,得到长度为L位的二进制串Z;若H(X)+H(Y)<L,则在该二进制串的右边补上(L-(H(X)+H(Y))个0,得到长度为L位的二进制串Z。When H(X)<H(Y), take the H(Y) bits on the left side of the binary string X and the H(X) bits on the right side of the binary string Y and combine them in reverse order to obtain a binary string; if H(X)+H(Y)≥L, then truncate the left side of the binary string (H(X)+H(Y)-L) bits to obtain a binary string Z with a length of L bits; if H(X)+H(Y)<L, then add (L-(H(X)+H(Y)) zeros to the right side of the binary string to obtain a binary string Z with a length of L bits.

为了加深对交叉组合位算法的理解,请参见以下示例:To deepen your understanding of the crossover algorithm, see the following example:

如图2所示,取L=12、X=101101111101、Y=010110000110,则可以得到H(X)=9、H(Y)=5,满足H(X)≥H(Y),故可以得出Z0=11101010110000。由于H(X)+H(Y)=14大于L=12,因此满足H(X)+H(Y)≥L,根据交叉组合位算法的定义,需要截去二进制串Z0的右边2位,最终得到二进制串Z=Ccb(X,Y)=111010101100。As shown in Figure 2, if L=12, X=101101111101, and Y=010110000110, we can get H(X)=9, H(Y)=5, which satisfies H(X)≥H(Y), so we can get Z 0 =11101010110000. Since H(X)+H(Y)=14 is greater than L=12, H(X)+H(Y)≥L is satisfied. According to the definition of the cross-combination bit algorithm, the right 2 bits of the binary string Z 0 need to be truncated, and finally the binary string Z=Ccb(X,Y)=111010101100 is obtained.

如图3所示,取L=12、X=010110000110、Y=101101111100,则可以得到H(X)=5、H(Y)=8,可见满足H(X)<H(Y),故可以得出Z0=1110001011000。由于H(X)+H(Y)=13大于L=12,因此满足H(X)+H(Y)≥L,根据交叉组合位算法的定义,需要截去二进制串Z0的左边1位,最终得到二进制串Z=Ccb(X,Y)=110001011000。As shown in FIG3 , if L=12, X=010110000110, and Y=101101111100, H(X)=5 and H(Y)=8 can be obtained, and H(X)<H(Y) is satisfied, so Z 0 =1110001011000. Since H(X)+H(Y)=13 is greater than L=12, H(X)+H(Y)≥L is satisfied. According to the definition of the cross-combination bit algorithm, the left 1 bit of the binary string Z 0 needs to be truncated, and finally the binary string Z=Ccb(X,Y)=110001011000 is obtained.

上述实施例提供的一种身份认证方法,采用基于加密信息的汉明权重进行位运算的交叉组合位算法,除了具备位运算的计算量小和计算效率高的优势,还能够利用加密信息自身具备的固有汉明权重进行加密,不仅能减少参数引入,还可以增加第三方破解难度,从而达到降低计算量和提高安全性的效果。The above embodiment provides an identity authentication method, which uses a cross-combination bit algorithm for bit operations based on the Hamming weight of encrypted information. In addition to the advantages of small amount of computation and high computational efficiency of bit operations, the encrypted information itself can also be encrypted using the inherent Hamming weight, which not only reduces the introduction of parameters but also increases the difficulty of cracking by a third party, thereby achieving the effect of reducing the amount of computation and improving security.

在一些实施例中,在步骤S1之前,可以通过在进行身份认证之前分别进行服务器与用户的注册。该方法还包括:In some embodiments, before step S1, the server and the user may be registered separately before identity authentication. The method further includes:

服务器注册步骤:Server registration steps:

服务器向注册中心发送注册请求,并在注册成功时,接收注册中心发送的服务器密钥KRC_SThe server sends a registration request to the registration center, and when the registration is successful, receives the server key K RC_S sent by the registration center;

其中,服务器密钥KRC_S为注册中心与服务器之间的密钥。The server key K RC_S is the key between the registration center and the server.

具体地,服务器向注册中心发送注册请求,注册请求包括服务器输入的注册信息;Specifically, the server sends a registration request to the registration center, and the registration request includes registration information input by the server;

其中,注册信息可以包含服务器身份标识IDjThe registration information may include a server identity ID j ;

注册中心检查注册信息是否具有唯一性;The registration center checks whether the registration information is unique;

若注册信息具有唯一性,注册中心将服务器密钥KRC_S发送给服务器;If the registration information is unique, the registration center sends the server key K RC_S to the server;

若注册信息不具有唯一性,通知服务器重新输入注册信息,直至服务器输入的注册信息具有唯一性为止。If the registration information is not unique, the server is notified to re-enter the registration information until the registration information entered by the server is unique.

由于上述方法既可以在单服务器下使用,也可以在多服务器下使用,因此注册中心可以接收一个或多个服务器的注册请求,并分别为其进行注册。Since the above method can be used in a single server or in multiple servers, the registration center can receive registration requests from one or more servers and register them respectively.

以及,用户注册步骤,具体包括以下步骤:And, the user registration steps specifically include the following steps:

用户Ui在终端输入设定的身份标识IDi、口令PWi及生物特征信息BIOi,并写入随机数ri,终端按第四预设规则通过交叉组合位算法对身份标识IDi、口令PWi、生物特征信息BIOi及随机数ri进行计算,得到加密参数Ai和加密参数Bi,并生成注册参数信息集合{IDi,Ai,Bi}发送给注册中心。User U i inputs the set identity ID i , password PW i and biometric information BIO i in the terminal, and writes a random number r i . The terminal calculates the identity ID i , password PW i , biometric information BIO i and random number r i through a cross-combination bit algorithm according to a fourth preset rule, obtains encryption parameters A i and B i , and generates a registration parameter information set {ID i , A i , B i } and sends it to the registration center.

其中,随机数ri可以为用户注册过程中选定的随机数,具体实施时,随机数ri可以是用户设定的密码;第四预设规则包括:Ai=Ccb(IDi,ri)和Bi=Ccb(PWi,BIOi);The random number ri may be a random number selected during user registration. In specific implementation, the random number ri may be a password set by the user. The fourth preset rule includes: A i =Ccb(ID i , ri ) and B i =Ccb(PW i , BIO i );

注册中心验证身份标识IDi是否具有唯一性;并在身份标识IDi具有唯一性时,判定用户Ui注册成功,按第五预设规则通过交叉组合位算法对注册中心的主密钥K、服务器密钥KRC_S、身份标识IDi、加密参数Ai及加密参数Bi进行计算,得到加密参数Ei、加密参数Fi及加密参数Gi,并将加密参数Ei、加密参数Fi、加密参数Gi及交叉组合位算法的运算规则写入智能卡中。The registration center verifies whether the identity identifier ID i is unique; and when the identity identifier ID i is unique, it determines that the registration of user U i is successful, and calculates the master key K of the registration center, the server key K RC_S , the identity identifier ID i , the encryption parameter A i and the encryption parameter B i through the cross-combination bit algorithm according to the fifth preset rule to obtain the encryption parameter E i , the encryption parameter F i and the encryption parameter G i , and writes the encryption parameter E i , the encryption parameter F i , the encryption parameter G i and the operation rules of the cross-combination bit algorithm into the smart card.

在本实施例的一些实施方式中,第五预设规则包括:Ci=Ccb(IDi,K)、Di=Ccb(Ci_L,Ci_R)、

Figure BDA0003815816510000091
Figure BDA0003815816510000092
其中,Ci和Di均为加密参数,K为注册中心的主密钥,Ci_L为加密参数Ci的左部分,Ci_R为加密参数Ci的右部分。In some implementations of this embodiment, the fifth preset rule includes: Ci = Ccb ( IDi , K), Di = Ccb ( Ci_L , Ci_R ),
Figure BDA0003815816510000091
and
Figure BDA0003815816510000092
Wherein, Ci and Di are encryption parameters, K is the master key of the registration center, Ci_L is the left part of the encryption parameter Ci , and Ci_R is the right part of the encryption parameter Ci .

其中,终端一般为认证所需的终端设备,例如注册主机、银行柜机等。Among them, the terminal is generally the terminal equipment required for authentication, such as a registration host, a bank teller, etc.

智能卡还接收用户Ui写入的随机数ri,以使智能卡存储有原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri}。The smart card also receives the random number ri written by the user Ui , so that the smart card stores the original parameter information set {Ei , Fi , Gi , Ccb(X, Y), ri }.

上述实施例可以在用户注册过程中就采用交叉组合位算法对传送信息进行加密,使得处理用户身份标识外,其他用户信息在与注册中心之间交互时均为已加密信息,进一步保证了用户信息的安全性。The above embodiment can use the cross-combination bit algorithm to encrypt the transmitted information during the user registration process, so that except for processing the user identity, other user information is encrypted when interacting with the registration center, further ensuring the security of user information.

在一些实施例中,该方法还包括:In some embodiments, the method further comprises:

服务器在验证参数F`i与加密参数Fi不一致时,判定用户Ui登录失败,通知用户Ui进行第二次登录;以及,在用户Ui登录失败的连续次数达到阈值时,将用户Ui的智能卡锁定,以使智能卡无法再进行登录操作。When the verification parameter F`i is inconsistent with the encryption parameter F i , the server determines that the login of user U i has failed and notifies user U i to log in for the second time; and when the number of consecutive login failures of user U i reaches a threshold, the smart card of user U i is locked so that the smart card can no longer be used for login operations.

其中,阈值可以为3-5次,可根据实际需要预先设置;当智能卡被锁住时,用户需要持智能卡前往注册中心才能解锁。The threshold value may be 3-5 times and may be preset according to actual needs; when the smart card is locked, the user needs to go to the registration center with the smart card to unlock it.

上述实施例可以在用户登录失败时,提醒用户重新登录,并当用户连续登录失败次数超过阈值时,将智能卡锁定,使其无法再进行登录操作,以防止智能卡被盗用的情况。The above embodiment can remind the user to log in again when the user fails to log in, and lock the smart card when the number of consecutive login failures exceeds a threshold, so that the user can no longer log in, thereby preventing the smart card from being stolen.

在一些实施例中,为了修改口令,在用户Ui登录成功之后,方法还包括:In some embodiments, in order to modify the password, after the user U i successfully logs in, the method further includes:

服务器接收用户Ui输入的新口令PWnew,并基于新口令PWnew更新智能卡中存储的加密参数EiThe server receives the new password PW new input by the user U i , and updates the encryption parameter E i stored in the smart card based on the new password PW new ;

其中,加密参数Ei=Enew

Figure BDA0003815816510000101
Wherein, encryption parameter E i =E new ,
Figure BDA0003815816510000101

具体地,口令修改完成后,用户可取出智能卡。Specifically, after the password modification is completed, the user can take out the smart card.

上述实施例中,用户可以在登录后修改口令,修改后的口令立刻被加密存储,保证修改口令过程中的安全性。In the above embodiment, the user can modify the password after logging in, and the modified password is immediately encrypted and stored to ensure the security of the password modification process.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Those skilled in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be completed by instructing the relevant hardware through a computer program, and the computer program can be stored in a non-volatile computer-readable storage medium. When the computer program is executed, it can include the processes of the embodiments of the above-mentioned methods. Among them, any reference to memory, storage, database or other media used in the embodiments provided in this application can include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM) or flash memory. Volatile memory can include random access memory (RAM) or external cache memory. As an illustration and not limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).

以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments may be arbitrarily combined. To make the description concise, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.

以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above-mentioned embodiments only express several implementation methods of the present application, and the descriptions thereof are relatively specific and detailed, but they cannot be understood as limiting the scope of the invention patent. It should be pointed out that, for a person of ordinary skill in the art, several variations and improvements can be made without departing from the concept of the present application, and these all belong to the protection scope of the present application. Therefore, the protection scope of the patent of the present application shall be subject to the attached claims.

Claims (7)

1.一种身份认证方法,其特征在于,所述方法包括:1. An identity authentication method, characterized in that the method comprises: 服务器获取用户Ui输入的身份标识IDi、口令PWi及生物特征信息BIOi,并获取用户Ui的智能卡中存储的原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri};其中,Ei、Fi及Gi均为加密参数,ri为所述用户Ui写入所述智能卡的随机数;Ccb(X,Y)为交叉组合位算法的运算规则,X、Y均为长度为L位的二进制串,所述交叉组合位算法为基于加密信息的汉明权重进行位运算的算法;The server obtains the identity ID i , password PW i and biometric information BIO i input by user U i , and obtains the original parameter information set {E i , F i , G i , Ccb(X,Y), r i } stored in the smart card of user U i ; wherein E i , F i and G i are encryption parameters, r i is the random number written into the smart card by the user U i ; Ccb(X,Y) is the operation rule of the cross-combination bit algorithm, X and Y are both binary strings with a length of L bits, and the cross-combination bit algorithm is an algorithm for bit operation based on the Hamming weight of the encrypted information; 所述服务器根据所述身份标识IDi、所述口令PWi、所述生物特征信息BIOi及所述原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri},通过所述交叉组合位算法计算得到验证参数F`i,并对比所述验证参数F`i与加密参数Fi是否一致;在所述验证参数F`i与所述加密参数Fi一致时,判定所述用户Ui登录成功;The server calculates the verification parameter F`i according to the identity ID i , the password PW i , the biometric information BIO i and the original parameter information set {E i , F i , G i , Ccb(X,Y), r i } through the cross-combination bit algorithm, and compares whether the verification parameter F`i is consistent with the encryption parameter F i ; when the verification parameter F`i is consistent with the encryption parameter F i , it is determined that the user U i has successfully logged in; 所述服务器根据身份标识IDi、口令PWi、生物特征信息BIOi及原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri},通过交叉组合位算法计算得到验证参数F`i,具体包括以下步骤:The server calculates the verification parameter F`i by a cross-combination bit algorithm according to the identity IDi , the password PWi , the biometric information BIOi and the original parameter information set {Ei , Fi , Gi , Ccb(X,Y), r i }, which specifically includes the following steps: 服务器根据随机数ri和身份标识IDi计算得到验证参数A`i=Ccb(IDi,ri),并根据口令PWi和生物特征信息BIOi计算得到验证参数B`i=Ccb(PWi,BIOi);The server calculates the verification parameter A` i =Ccb(ID i , ri ) based on the random number r i and the identity ID i , and calculates the verification parameter B` i =Ccb(PW i ,BIO i ) based on the password PW i and the biometric information BIO i ; 根据验证参数B`i和加密参数Ei计算得到验证参数D`ii⊕B`iThe verification parameter D` i = i ⊕ B` i is calculated based on the verification parameter B` i and the encryption parameter E i ; 根据验证参数A`i和验证参数D`i计算得到验证参数F`i=D`i⊕A`iCalculate the verification parameter F` i = D` i ⊕ A` i based on the verification parameter A` i and the verification parameter D` i ; 在所述用户Ui登录成功时,所述智能卡生成随机数x,按第一预设规则通过所述交叉组合位算法得到加密参数I1、加密参数Hi及加密参数I2,并生成第一参数信息集合{I1,Hi,I2,Gi}发送给所述服务器;所述服务器存储有服务器身份标识IDj和服务器密钥KRC_S,所述第一预设规则包括:I1=Ccb(D`i_L,D`i_R)⊕x、Hi=Ccb(D`i,x)⊕IDi及I2=Ccb(IDi⊕x,Gi);其中,D`i_L和D`i_R分别为验证参数D`i的左部分和右部分;When the user U i logs in successfully, the smart card generates a random number x, obtains encryption parameters I 1 , H i and I 2 through the cross- combination bit algorithm according to a first preset rule, and generates a first parameter information set {I 1 , H i , I 2 , G i } and sends it to the server; the server stores a server identity ID j and a server key K RC_S , and the first preset rule includes: I 1 =Ccb(D` i_L ,D` i_R )⊕x, H i =Ccb(D` i ,x)⊕ID i and I 2 =Ccb(ID i ⊕x,G i ); wherein D` i_L and D` i_R are the left and right parts of the verification parameter D` i respectively; 所述服务器根据所述服务器密钥KRC_S和所述第一参数信息集合{I1,Hi,I2,Gi},通过所述交叉组合位算法计算得到验证参数I`2,并对比所述验证参数I`2与所述加密参数I2是否一致;在所述验证参数I`2与所述加密参数I2一致时,判定所述用户Ui通过第一验证;The server calculates the verification parameter I` 2 according to the server key K RC_S and the first parameter information set {I 1 ,H i ,I 2 ,G i } through the cross-combination bit algorithm, and compares whether the verification parameter I` 2 is consistent with the encryption parameter I 2 ; when the verification parameter I` 2 is consistent with the encryption parameter I 2 , it is determined that the user U i passes the first verification; 在所述用户Ui通过第一验证时,所述服务器生成随机数y,按第二预设规则通过所述交叉组合位算法得到第一交互密钥KS_U、加密参数I3及加密参数I4,并生成第二参数信息集合{IDj,I3,I4}发送给所述智能卡,所述第二预设规则包括:KS_U=Ccb(IDi⊕y,IDj⊕x)、I3=Ccb(IDi,x)⊕y及I4=Ccb(IDj,y);When the user U i passes the first verification, the server generates a random number y, obtains a first interactive key K S_U , encryption parameter I 3 and encryption parameter I 4 through the cross-combination bit algorithm according to a second preset rule, and generates a second parameter information set {ID j , I 3 , I 4 } and sends it to the smart card, wherein the second preset rule includes: K S_U =Ccb(ID i ⊕y, ID j ⊕x), I 3 =Ccb(ID i ,x)⊕y and I 4 =Ccb(ID j ,y); 所述智能卡根据所述随机数x、所述身份标识IDi及所述第二参数信息集合{IDj,I3,I4},通过所述交叉组合位算法计算得到验证参数I`4,并对比所述验证参数I`4与所述加密参数I4是否一致;在所述验证参数I`4与所述加密参数I4一致时,判定所述用户Ui通过第二验证;The smart card calculates the verification parameter I` 4 according to the random number x, the identity identifier ID i and the second parameter information set {ID j , I 3 , I 4 } through the cross-combination bit algorithm, and compares whether the verification parameter I` 4 is consistent with the encryption parameter I 4 ; when the verification parameter I` 4 is consistent with the encryption parameter I 4 , it is determined that the user U i has passed the second verification; 在所述用户Ui通过第二验证时,所述智能卡按第三预设规则通过所述交叉组合位算法得到加密参数N,并将所述加密参数N发送给所述服务器,所述第三预设规则包括:第二交互密钥KU_S=Ccb(IDi⊕y,IDj⊕x),N=Ccb(yL,yR)⊕KU_S,其中,yL为随机数y的左部分,yR为随机数y的右部分;When the user U i passes the second verification, the smart card obtains an encryption parameter N through the cross-combination bit algorithm according to a third preset rule, and sends the encryption parameter N to the server, wherein the third preset rule includes: a second interactive key K U_S = Ccb(ID i ⊕y, ID j ⊕x), N = Ccb(y L , y R )⊕K U_S , wherein y L is the left part of the random number y, and y R is the right part of the random number y; 所述服务器根据所述第一交互密钥KS_U和所述随机数y通过所述交叉组合位算法计算得到验证参数N`,并对比所述验证参数N`与所述加密参数N是否一致;在所述验证参数N`与所述加密参数N一致时,判定所述用户Ui通过身份验证。The server calculates the verification parameter N` according to the first interactive key K S_U and the random number y through the cross-combination bit algorithm, and compares whether the verification parameter N` is consistent with the encryption parameter N; when the verification parameter N` is consistent with the encryption parameter N, it is determined that the user U i has passed the identity authentication. 2.根据权利要求1所述的方法,其特征在于,所述服务器根据所述服务器密钥KRC_S和所述第一参数信息集合{I1,Hi,I2,Gi},通过所述交叉组合位算法计算得到验证参数I`2,包括:2. The method according to claim 1, characterized in that the server calculates the verification parameter I` 2 according to the server key K RC_S and the first parameter information set {I 1 ,H i ,I 2 ,G i } by the cross-combination bit algorithm, comprising: 所述服务器根据所述加密参数Gi和所述服务器密钥KRC_S计算得到验证参数C`i=KRC_S⊕GiThe server calculates the verification parameter C` i =K RC_S ⊕G i according to the encryption parameter G i and the server key K RC_S ; 将所述验证参数C`i分为左部分C`i_L和右部分C`i_R,计算得到验证参数D``i=Ccb(C`i_L,C`i_R);The verification parameter C` i is divided into a left part C` i_L and a right part C` i_R , and the verification parameter D`` i =Ccb(C` i_L ,C` i_R ) is calculated; 根据所述验证参数D``i和所述加密参数I1计算得到验证随机数x`=Ccb(D``i_L,D``i_R)⊕I1The verification random number x`=Ccb(D`` i_L ,D`` i_R )⊕I 1 is calculated according to the verification parameter D`` i and the encryption parameter I 1 ; 根据所述验证随机数x`、所述验证参数D``i和所述加密参数Hi计算得到验证身份标识ID`i=Ccb(D``i,`)⊕HiCalculate the verification identity ID` i =Ccb(D`` i ,`)⊕H i according to the verification random number x`, the verification parameter D`` i and the encryption parameter H i ; 根据所述验证身份标识ID`i、所述验证随机数x`和所述加密参数Gi计算得到验证参数I`2=Ccb(ID`i⊕x`,Gi)。The verification parameter I` 2 =Ccb(ID` i ⊕x`,G i ) is calculated according to the verification identity ID` i , the verification random number x` and the encryption parameter G i . 3.根据权利要求2所述的方法,其特征在于,所述智能卡根据所述随机数x、所述身份标识IDi及所述第二参数信息集合{IDj,I3,I4},通过所述交叉组合位算法计算得到验证参数I`4,包括:3. The method according to claim 2, characterized in that the smart card calculates the verification parameter I' 4 by the cross-combination bit algorithm according to the random number x , the identity identifier ID i and the second parameter information set {ID j , I 3 , I 4 }, comprising: 所述智能卡根据所述随机数x、所述身份标识IDi及所述加密参数I3计算得到验证随机数y`=Ccb(IDi,x)⊕I3The smart card calculates the verification random number y`=Ccb(ID i ,x)⊕I 3 according to the random number x, the identity ID i and the encryption parameter I 3 ; 根据所述验证随机数y`和所述服务器身份标识IDj计算得到验证参数I`4=Ccb(IDj,y`)。The verification parameter I' 4 =Ccb(ID j ,y') is calculated according to the verification random number y' and the server identity ID j . 4.根据权利要求1所述的方法,其特征在于,在所述服务器获取用户Ui输入的身份标识IDi、口令PWi及生物特征信息BIOi之前,所述方法还包括:4. The method according to claim 1, characterized in that before the server obtains the identity ID i , password PW i and biometric information BIO i input by the user U i , the method further comprises: 所述服务器向注册中心发送注册请求,并在注册成功时,接收所述注册中心发送的服务器密钥KRC_SThe server sends a registration request to the registration center, and when the registration is successful, receives the server key K RC_S sent by the registration center; 以及,所述用户Ui在终端输入设定的身份标识IDi、口令PWi及生物特征信息BIOi,并写入随机数ri,所述终端按第四预设规则通过所述交叉组合位算法对所述身份标识IDi、所述口令PEi、所述生物特征信息BIOi及所述随机数ri进行计算,得到加密参数Ai和加密参数Bi,并生成注册参数信息集合{IDi,Ai,Bi}发送给所述注册中心,所述第四预设规则包括:Ai=Ccb(IDi,ri)和Bi=Ccb(PWi,BIOi);And, the user U i inputs the set identity ID i , password PW i and biometric information BIO i in the terminal, and writes a random number r i , and the terminal calculates the identity ID i , the password PE i , the biometric information BIO i and the random number r i by the cross-combination bit algorithm according to the fourth preset rule to obtain encryption parameters A i and B i , and generates a registration parameter information set {ID i ,A i ,B i } and sends it to the registration center, and the fourth preset rule includes: A i =Ccb(ID i ,r i ) and B i =Ccb(PW i ,BIO i ); 所述注册中心验证所述身份标识IDi是否具有唯一性;并在所述身份标识IDi具有唯一性时,判定所述用户Ui注册成功,按第五预设规则通过所述交叉组合位算法对所述注册中心的主密钥K、所述服务器密钥KRC_S、所述身份标识IDi、所述加密参数Ai及所述加密参数Bi进行计算,得到加密参数Ei、加密参数Fi及加密参数Gi,并将所述加密参数Ei、所述加密参数Fi、所述加密参数Gi及所述交叉组合位算法的运算规则写入所述智能卡中,所述第五预设规则包括:Ci=Ccb(IDi,K)、Di=Ccb(Ci_L,Ci_R)、Ei=Di⊕Bi、Fi=Di⊕Ai及Gi=KRC_S⊕Ci;其中,Ci和Di均为加密参数,K为所述注册中心的主密钥,Ci_L为加密参数Ci的左部分,Ci_R为加密参数Ci的右部分;The registration center verifies whether the identity ID i is unique; and when the identity ID i is unique, determines that the user U i is successfully registered, calculates the master key K of the registration center, the server key K RC_S , the identity ID i , the encryption parameter A i and the encryption parameter B i by the cross-combination bit algorithm according to the fifth preset rule to obtain encryption parameter E i , encryption parameter F i and encryption parameter G i , and writes the encryption parameter E i , the encryption parameter F i , the encryption parameter G i and the operation rule of the cross-combination bit algorithm into the smart card, the fifth preset rule includes: C i =Ccb(ID i ,K), D i =Ccb(C i_L ,C i_R ), E i =D i ⊕B i , F i =D i ⊕A i and G i =K RC_S ⊕C i ; wherein C i and D i are both encryption parameters, K is the master key of the registration center, and C i_L is the encryption parameter C The left part of i , Ci_R is the right part of the encryption parameter Ci ; 所述智能卡还接收所述用户Ui写入的随机数ri,以使所述智能卡存储有所述原始参数信息集合{Ei,Fi,Gi,Ccb(X,Y),ri}。The smart card also receives the random number r i written by the user U i , so that the smart card stores the original parameter information set {E i , F i , G i , Ccb(X,Y), r i }. 5.根据权利要求1所述的方法,其特征在于,所述方法还包括:5. The method according to claim 1, characterized in that the method further comprises: 所述服务器在所述验证参数F`i与加密参数Fi不一致时,判定所述用户Ui登录失败,通知所述用户Ui进行第二次登录;以及,When the verification parameter F`i is inconsistent with the encryption parameter F i , the server determines that the login of the user U i has failed, and notifies the user U i to log in for the second time; and 在所述用户Ui登录失败的连续次数达到阈值时,将所述用户Ui的智能卡锁定,以使所述智能卡无法再进行登录操作。When the number of consecutive login failures of the user U i reaches a threshold, the smart card of the user U i is locked so that the smart card can no longer perform a login operation. 6.根据权利要求1所述的方法,其特征在于,在所述用户Ui登录成功之后,所述方法还包括:6. The method according to claim 1, characterized in that after the user U i successfully logs in, the method further comprises: 所述服务器接收所述用户Ui输入的新口令PWnew,并基于所述新口令PWnew更新所述智能卡中存储的加密参数EiThe server receives a new password PW new input by the user U i , and updates the encryption parameter E i stored in the smart card based on the new password PW new ; 其中,加密参数Ei=Enew,Enew=Ei⊕Ccb(PWi,BIOi)⊕Ccb(PWnew,BIOi)。Wherein, encryption parameters E i =E new , E new =E i ⊕Ccb(PW i ,BIO i )⊕Ccb(PW new ,BIO i ). 7.根据权利要求1至6任一项所述的方法,其特征在于,所述交叉组合位算法的公式为:Z=Ccb(X,Y);7. The method according to any one of claims 1 to 6, characterized in that the formula of the cross-combination bit algorithm is: Z = Ccb (X, Y); 其中,Z为长度为L位的二进制串,以H(X)表示二进制串X的汉明权重,H(Y)表示二进制串Y的汉明权重;Where Z is a binary string of length L bits, H(X) represents the Hamming weight of binary string X, and H(Y) represents the Hamming weight of binary string Y; 所述交叉组合位算法的运算规则包括:The operation rules of the cross-combination bit algorithm include: 当H(X)≥H()时,取二进制串X的右边H(Y)位和二进制串Y的左边H(X)位顺序组合,得到一个二进制串;若H(X)+H()≥L,则截去该二进制串的右边(()+H(Y)-L)位,得到长度为L位的二进制串Z;若H(X)+H()<L,则在该二进制串的左边补上(-(H(X)+H())个0,得到长度为L位的二进制串Z;When H(X)≥H(), take H(Y) bits on the right side of binary string X and H(X) bits on the left side of binary string Y and combine them in sequence to obtain a binary string; if H(X)+H()≥L, then truncate (()+H(Y)-L) bits on the right side of the binary string to obtain a binary string Z with a length of L bits; if H(X)+H()<L, then add (-(H(X)+H()) zeros to the left side of the binary string to obtain a binary string Z with a length of L bits; 当H(X)<H()时,取二进制串X的左边H(Y)位和二进制串Y的右边H(X)位逆序组合,得到一个二进制串;若H(X)+H()≥L,则截去该二进制串的左边(()+H(Y)-L)位,得到长度为L位的二进制串Z;若H(X)+H()<L,则在该二进制串的右边补上(-(H(X)+H())个0,得到长度为L位的二进制串Z。When H(X)<H(), take the H(Y) bits on the left side of the binary string X and the H(X) bits on the right side of the binary string Y and combine them in reverse order to obtain a binary string; if H(X)+H()≥L, then truncate the left side of the binary string (()+H(Y)-L) bits to obtain a binary string Z with a length of L bits; if H(X)+H()<L, then add (-(H(X)+H()) zeros to the right side of the binary string to obtain a binary string Z with a length of L bits.
CN202211026010.3A 2022-08-25 2022-08-25 Identity authentication method Active CN115473652B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211026010.3A CN115473652B (en) 2022-08-25 2022-08-25 Identity authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211026010.3A CN115473652B (en) 2022-08-25 2022-08-25 Identity authentication method

Publications (2)

Publication Number Publication Date
CN115473652A CN115473652A (en) 2022-12-13
CN115473652B true CN115473652B (en) 2023-05-16

Family

ID=84369445

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211026010.3A Active CN115473652B (en) 2022-08-25 2022-08-25 Identity authentication method

Country Status (1)

Country Link
CN (1) CN115473652B (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103346887A (en) * 2013-07-02 2013-10-09 山东科技大学 Low-complexity identity authentication method based on intelligent card and under multiserver environment
KR101809974B1 (en) * 2017-05-22 2017-12-19 주식회사 에프엔에스벨류 A system for security certification generating authentication key combinating multi-user element and a method thereof
CN109274683A (en) * 2018-10-30 2019-01-25 国网安徽省电力有限公司信息通信分公司 Cross combination authentication system and authentication method thereof

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
改进的三因素相互认证与密钥协商方案;王彩芬;乔慧;李亚红;刘超;陈丽;;计算机应用研究(第02期) *

Also Published As

Publication number Publication date
CN115473652A (en) 2022-12-13

Similar Documents

Publication Publication Date Title
CN111480315B (en) Computer-implemented systems and methods for authorizing blockchain transactions using low-entropy cryptography
CN117097466A (en) Computer-implemented system and method for providing a decentralised protocol for retrieving encrypted assets
CN108471352B (en) Processing method, system, computer equipment and storage medium based on distributed private key
KR20200012845A (en) Progressive Key Encryption Algorithm
CN108494551A (en) Processing method, system, computer equipment and storage medium based on collaboration key
CN108616504B (en) A sensor node identity authentication system and method based on the Internet of Things
US20100153731A1 (en) Lightweight Authentication Method, System, and Key Exchange Protocol For Low-Cost Electronic Devices
CN104994110A (en) Method for assigning verifier for auditing cloud storage data
CN112989309B (en) Login method, authentication method and system based on multi-party authorization and computing equipment
CN113348455A (en) Apparatus and method for providing authentication, non-repudiation, managed access, and twin discrimination of data using data control signatures
CN114049121B (en) Block chain based account resetting method and equipment
CN114065169A (en) Privacy protection biometric authentication method and device and electronic equipment
CN110336663B (en) PUFs group-to-group authentication method based on block chain technology
CN116010917A (en) Privacy-protected image processing method, identity registration method and identity authentication method
CN108388815B (en) Electronic device with self-protection and anti-copy functions and related method
CN115473652B (en) Identity authentication method
Aanjanadevi et al. Face Attribute Convolutional Neural Network System for Data Security with Improved Crypto Biometrics.
Kwon et al. Comments on “Passbio: Privacy-preserving user-centric biometric authentication”
CN114513311A (en) Method, device, equipment and medium for improving message authentication code algorithm
CN111355588B (en) A wearable device two-factor authentication method and system based on PUF and fingerprint features
KR102024379B1 (en) Data transmission apparatus capable of digital signature based on biometric information and operating method thereof
WO2006093238A1 (en) Authentication assisting device, authentication main device, integrated circuit, and authenticating method
CN115314228B (en) Unmanned aerial vehicle identity authentication method, device and system
CN107947934B (en) Fingerprint identification and authentication system and method of mobile terminal based on bank system
CN110401535B (en) Digital certificate generation, secure communication and identity authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant