CN115473652B - Identity authentication method - Google Patents

Identity authentication method Download PDF

Info

Publication number
CN115473652B
CN115473652B CN202211026010.3A CN202211026010A CN115473652B CN 115473652 B CN115473652 B CN 115473652B CN 202211026010 A CN202211026010 A CN 202211026010A CN 115473652 B CN115473652 B CN 115473652B
Authority
CN
China
Prior art keywords
parameter
verification
user
ccb
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211026010.3A
Other languages
Chinese (zh)
Other versions
CN115473652A (en
Inventor
徐省华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Polytechnic Normal University
Original Assignee
Guangdong Polytechnic Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Polytechnic Normal University filed Critical Guangdong Polytechnic Normal University
Priority to CN202211026010.3A priority Critical patent/CN115473652B/en
Publication of CN115473652A publication Critical patent/CN115473652A/en
Application granted granted Critical
Publication of CN115473652B publication Critical patent/CN115473652B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application belongs to the technical field of identity authentication, and discloses an identity authentication method, which comprises the following steps: the server obtains the user U i Input identity ID i Password PW i Biological characteristic information BIO i And obtain user U i Original parameter information set { E ] stored in a smart card of (E) i ,F i ,G i ,Ccb(X,Y),r i -a }; wherein Ccb (X, Y) is an operation rule of a cross-combination bit algorithm, which is an algorithm for performing bit operation based on hamming weight of encryption information. The method and the device can achieve the effects of reducing the calculated amount and guaranteeing the safety.

Description

Identity authentication method
Technical Field
The present application relates to the field of identity verification technologies, and in particular, to an identity authentication method.
Background
Identity verification is also called identity verification or authentication, which means that the identity of a user is confirmed by a certain means. There are many methods of authentication, which can be basically divided into: authentication based on a shared key, authentication based on biological characteristics, and authentication based on a public key encryption algorithm. The security of different identity verification methods is high or low, and the identity verification based on biological characteristics is increasingly widely applied due to the uniqueness of the biological characteristics. However, in the process of identity authentication, the condition that the identity information of the user is sent to the server to be verified is often faced, and in order to ensure the safety of the user information, the transmitted information needs to be encrypted, but in the current identity authentication method, the transmitted information is often encrypted by introducing external parameters, so that the calculated amount is large, and once the introduced parameters are cracked, the safety of the user information is endangered. Therefore, the prior art has the problems of large calculation amount and insufficient safety.
Disclosure of Invention
The application provides an identity authentication method which can reduce the calculated amount and ensure the authentication security.
The embodiment of the application provides an identity authentication method, which comprises the following steps:
the server obtains the user U i Input identity ID i Password PW i Biological characteristic information BIO i And obtain user U i Original parameter information set { E ] stored in a smart card of (E) i ,F i ,G i ,Ccb(X,Y),r i -a }; wherein E is i 、F i G (G) i Are encryption parameters, r i For user U i Writing a random number of the smart card; ccb (X, Y) is an operation rule of a cross-combination bit algorithm, wherein the cross-combination bit algorithm is an algorithm for carrying out bit operation based on hamming weight of encryption information;
the server is based on the identity ID i Password PW i Biological characteristic information BIO i Original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i The verification parameter F' is obtained through the calculation of a cross combination bit algorithm i And compare the verification parameters F i And encryption parameter F i Whether or not the two are consistent; in the verification parameter F i And encryption parameter F i If they match, determining user U i The login is successful;
at user U i When login is successful, the smart card generates a random number x, and the encryption parameter I is obtained through a cross combination bit algorithm according to a first preset rule 1 Encryption parameter H i Encryption parameter I 2 And generates a first parameter information set { I } 1 ,H i ,I 2 ,G i Transmitting to the server; the server stores the server identity ID j And server key K RC_S
The server generates a server key K according to the server key RC_S And a first parameter information set { I } 1 ,H i ,I 2 ,G i The verification parameter I' is obtained through the calculation of a cross combination bit algorithm 2 And compare the verification parameters I 2 And encryption parameter I 2 Whether or not the two are consistent; in the verification parameter I 2 And encryption parameter I 2 If they match, determining user U i Passing a first verification;
at user U i When the first verification is passed, the server generates a random number y, and a first interactive key K is obtained through a cross combination bit algorithm according to a second preset rule S_U Encryption parameter I 3 Encryption parameter I 4 And generates a second parameter information set { ID } j ,I 3 ,I 4 -sending to the smart card;
the intelligent card is based on the random number x and the identity ID i Second parameter information set { ID } j ,I 3 ,I 4 The verification parameter I' is obtained through the calculation of a cross combination bit algorithm 4 And compare the verification parameters I 4 And encryption parameter I 4 Whether or not the two are consistent; in the verification parameter I 4 And encryption parameter I 4 If they match, determining user U i Passing the second verification;
at user U i When the second verification is passed, the intelligent card obtains an encryption parameter N according to a third preset rule through a cross combination bit algorithm, and the encryption parameter N is sent to a server;
the server generates a first interactive key K according to the first interactive key S_U The random number y is calculated to obtain a verification parameter N 'through a cross combination bit algorithm, and whether the verification parameter N' is consistent with the encryption parameter N or not is compared; when the verification parameter N' is consistent with the encryption parameter N, the user U is judged i Through authentication.
In one embodiment, the server is configured to determine the identity of the user based on the identity ID i Password PW i Biological characteristic information BIO i Original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i The verification parameter F' is obtained through the calculation of a cross combination bit algorithm i Comprising:
the server is based on the random number r i And identity ID i Calculating to obtain verification parameter A i =Ccb(ID i ,r i ) And according to the password PW i And biometric information BIO i Calculating to obtain verification parameter B i =Ccb(PW i ,BIO i );
According to the verification parameter B i And encryption parameter E i Calculating to obtain verification parameters
Figure BDA0003815816510000021
According to the verification parameter A i And verification parameter D i Calculating to obtain verification parameters
Figure BDA0003815816510000022
In one embodiment, a serverAccording to the server key K RC_S And a first parameter information set { I } 1 ,H i ,I 2 ,G i The verification parameter I' is obtained through the calculation of a cross combination bit algorithm 2 Comprising:
the server generates the encryption parameter G according to the encryption parameter G i And server key K RC_S Calculating to obtain verification parameters
Figure BDA0003815816510000023
Will verify parameter C i Divided into left part C i_L And right part C i_R Calculating to obtain verification parameter D i =Ccb(C` i_L ,C` i_R );
According to the verification parameter D' i And encryption parameter I 1 Calculating to obtain verification random number
Figure BDA0003815816510000024
According to the verification random number x 'and the verification parameter D' i And encryption parameter H i Calculating to obtain verification identity
Figure BDA0003815816510000025
Figure BDA0003815816510000026
According to the verification identity ID i Verification random number x' and encryption parameter G i Calculating to obtain verification parameters
Figure BDA0003815816510000027
Figure BDA0003815816510000028
In one embodiment, the smart card is based on a random number x, an identification ID i Second parameter information set { ID } j ,I 3 ,I 4 The verification parameter I' is obtained through the calculation of a cross combination bit algorithm 4 Comprising:
the intelligent card is based on the random number x and the identity ID i Encryption parameter I 3 Calculating to obtain verification random number
Figure BDA0003815816510000031
According to the verification random number y' and the server identity ID j Calculating to obtain verification parameter I 4 =Ccb(ID j ,y`)。
In one embodiment, the first preset rule includes:
Figure BDA0003815816510000032
is->
Figure BDA0003815816510000033
Wherein D i_L And D i_R Respectively is verification parameter D i Left and right portions of (a);
the second preset rule includes:
Figure BDA0003815816510000034
i 4 =Ccb(ID j ,y);
The third preset rule includes:
second interaction key
Figure BDA0003815816510000035
Wherein y is L Is the left part of the random number y, y R Is the right part of the random number y.
In one embodiment, the user U is obtained at the server i Input identity ID i Password PW i Biological characteristic information BIO i Previously, the method further comprises:
the server sends a registration request to the registration center, and receives a server key K sent by the registration center when the registration is successful RC_S
User U i Inputting set ID at terminal i Password PW i Biological characteristic information BIO i And writing a random number r i The terminal uses the cross combination bit algorithm to identify the ID according to the fourth preset rule i Password PW i Biological characteristic information BIO i Random number r i Calculating to obtain encryption parameter A i And encryption parameter B i And generates a registration parameter information set { ID } i ,A i ,B i Transmitting to the registry;
registration center verifies identity ID i Whether or not to have uniqueness; and in the identity ID i When the user U has uniqueness, the user U is judged i The registration is successful, and the master key K and the server key K of the registration center are subjected to cross combination bit algorithm according to a fifth preset rule RC_S Identity ID i Encryption parameter A i Encryption parameter B i Calculating to obtain encryption parameter E i Encryption parameter F i Encryption parameter G i And will encrypt the parameter E i Encryption parameter F i Encryption parameter G i The operation rule of the cross combination bit algorithm is written into the intelligent card;
the smart card also receives the user U i Written random number r i So that the smart card stores the original parameter information set { E } i ,F i ,G i ,Ccb(X,Y),r i }。
In one embodiment, the fourth preset rule includes: a is that i =Ccb(ID i ,r i ) And B i =Ccb(PW i ,BIO i );
The fifth preset rule includes: c (C) i =Ccb(ID i ,K)、D i =Ccb(C i_L ,C i_R )、
Figure BDA0003815816510000036
Is->
Figure BDA0003815816510000037
Wherein C is i And D i Are all encryption parameters, K is a main key of a registry, C i_L For encryption parameter C i C in the left part of (2) i_R For encryption parameter C i Is included in the right part of the (c).
In one embodiment, the method further comprises:
the server verifies the parameter F i And encryption parameter F i When the user U is inconsistent, the user U is judged i Failure of login, notify user U i Performing a second login; the method comprises the steps of,
at user U i When the continuous times of login failure reach a threshold value, the user U is provided with a user interface i The smart card is locked so that the smart card can no longer perform login operations.
In one embodiment, in user U i After successful login, the method further comprises the following steps:
the server receives the user U i New password PW entered new And based on the new password PW new Updating encryption parameters E stored in a smart card i
Wherein the encryption parameters
Figure BDA0003815816510000041
In one embodiment, the formula for the cross-over bit algorithm is: z=ccb (X, Y);
wherein X, Y, Z is a binary string with a length of L bits, H (X) represents the Hamming weight of the binary string X, and H (Y) represents the Hamming weight of the binary string Y;
the operation rule of the cross-combination bit algorithm comprises:
when H (X) is more than or equal to H (Y), sequentially combining the right H (Y) bit of the binary string X and the left H (X) bit of the binary string Y to obtain a binary string; if H (X) +H (Y) is not less than L, cutting off the right (H (X) +H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bits; if H (X) +H (Y) < L, adding (L- (H (X) +H (Y)) 0 s on the left side of the binary string to obtain a binary string Z with the length of L bits;
when H (X) < H (Y), taking the left H (Y) bit of the binary string X and the right H (X) bit of the binary string Y for reverse sequence combination to obtain a binary string; if H (X) +H (Y) is not less than L, cutting off the left (H (X) +H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bits; if H (X) +H (Y) < L, (L- (H (X) +H (Y)) 0 s are added to the right of the binary string, and a binary string Z with a length of L bits is obtained.
In summary, compared with the prior art, the technical scheme provided by the embodiment of the application has the beneficial effects that at least:
the identity authentication method provided by the application can be used in a single-server environment or a multi-server environment, and has a wider application range; the method uses the bitwise operation cross combination bit algorithm to realize the encryption processing of the transmitted information, thereby reducing the calculated amount; the cross combination bit algorithm is an algorithm for carrying out bit operation based on the hamming weight of the encryption information, so that the inherent hamming weight of the encryption information can be utilized in the encryption process, the parameter introduction can be reduced, and the cracking difficulty of a third party can be increased; the method can ensure the authentication security and reduce the calculated amount in the identity authentication process.
Drawings
Fig. 1 is a flowchart of an identity authentication method according to an exemplary embodiment of the present application.
FIG. 2 is an exemplary diagram of a cross-packed bit algorithm operation provided in one exemplary embodiment of the present application.
FIG. 3 is another exemplary diagram of a cross-packed bit algorithm operation provided in one exemplary embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The embodiment of the application provides an identity authentication method, referring to fig. 1, which can be applied in a single-server environment or a multi-server environment and has a wider application range. The method specifically comprises the following steps:
step S1, a server acquires a user U i Input identity ID i Password PW i Biological characteristic information BIO i And obtain user U i Original parameter information set { E ] stored in a smart card of (E) i ,F i ,G i ,Ccb(X,Y),r i }。
Wherein, user U i For a user numbered i, i is a positive integer value; e (E) i 、F i G (G) i R for a plurality of encryption parameters pre-stored in a smart card i For user U i Writing a random number of the smart card; ccb (X, Y) is an operator of the cross combination bit, which refers to the operation rule of the cross combination bit algorithm, and the cross combination bit algorithm is an algorithm for performing bit operation based on the Hamming weight of the encryption information; biological characteristic information BIO i Information such as retina, fingerprint, DNA of the user.
Specifically, user U i Inserting the smart card into a card reader corresponding to a server, and acquiring a user U by the server through the card reader i Input identity ID i Password PW i Biological characteristic information BIO i And obtain user U through card reader i Original parameter information set { E ] stored in a smart card of (E) i ,F i ,G i ,Ccb(X,Y),r i }。
Step S2, the server is used for obtaining the identity identification ID i Password PW i Biological characteristic information BIO i Original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i The verification parameter F' is obtained through the calculation of a cross combination bit algorithm i And compare the verification parameters F i And encryption parameter F i Whether or not the two are consistent; in the verification parameter F i And encryption parameter F i If they match, determining user U i The login is successful.
Specifically, the verification parameter F' is compared i And encryption parameter F i If F' i =F i User U i By login verification, i.e. user U i The login is successful.
In some implementations of this embodiment, the server is configured to determine the identity ID based on the identity ID i Password PW i Biological characteristic information BIO i Original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i The verification parameter F' is obtained through the calculation of a cross combination bit algorithm i The method specifically comprises the following steps:
the server is based on the random number r i And identity ID i Calculating to obtain verification parameter A i =Ccb(ID i ,r i ) And according to the password PW i And biometric information BIO i Calculating to obtain verification parameter B i =Ccb(PW i ,BIO i );
According to the verification parameter B i And encryption parameter E i Calculating to obtain verification parameters
Figure BDA0003815816510000051
According to the verification parameter A i And verification parameter D i Calculating to obtain verification parameters
Figure BDA0003815816510000052
Wherein,,
Figure BDA0003815816510000061
is an exclusive or operator; ccb (X, Y) is a cross-combine bit operator.
Step S3, in user U i When login is successful, the smart card generates a random number x, and the encryption parameter I is obtained through a cross combination bit algorithm according to a first preset rule 1 Encryption parameter H i Encryption parameter I 2 And generates a first parameter information set { I } 1 ,H i ,I 2 ,G i Send to serverThe method comprises the steps of carrying out a first treatment on the surface of the The server stores the server identity ID j And server key K RC_S
In some implementations of this embodiment, the first preset rule includes:
Figure BDA0003815816510000062
Figure BDA0003815816510000063
is->
Figure BDA0003815816510000064
Wherein D i_L And D i_R Respectively is verification parameter D i Left and right portions of (a) are provided.
Step S4, the server is based on the server key K RC_S And a first parameter information set { I } 1 ,H i ,I 2 ,G i The verification parameter I' is obtained through the calculation of a cross combination bit algorithm 2 And compare the verification parameters I 2 And encryption parameter I 2 Whether or not the two are consistent; in the verification parameter I 2 And encryption parameter I 2 If they match, determining user U i Pass the first verification.
Specifically, the verification parameter I' is compared 2 And encryption parameter I 2 Is of a size of (a) and (b).
If I 2 ≠I 2 Indicating user U i The authentication process is terminated without passing the first verification of the server.
If I 2 =I 2 Indicating user U i The authentication process continues through the first verification of the server.
In some implementations of the present embodiment, the server is based on a server key K RC_S And a first parameter information set { I } 1 ,H i ,I 2 ,G i The verification parameter I' is obtained through the calculation of a cross combination bit algorithm 2 Comprising:
the server generates the encryption parameter G according to the encryption parameter G i And server key K RC_S Calculating to obtain verification parameters
Figure BDA0003815816510000065
Will verify parameter C i Divided into left part C i_L And right part C i_R Calculating to obtain verification parameter D i =Ccb(C` i_L ,C` i_R );
According to the verification parameter D' i And encryption parameter I 1 Calculating to obtain verification random number
Figure BDA0003815816510000066
According to the verification random number x 'and the verification parameter D' i And encryption parameter H i Calculating to obtain verification identity
Figure BDA0003815816510000067
Figure BDA0003815816510000068
According to the verification identity ID i Verification random number x' and encryption parameter G i Calculating to obtain verification parameters
Figure BDA0003815816510000069
Figure BDA00038158165100000610
Step S5, in user U i When the first verification is passed, the server generates a random number y, and a first interactive key K is obtained through a cross combination bit algorithm according to a second preset rule S_U Encryption parameter I 3 Encryption parameter I 4 And generates a second parameter information set { ID } j ,I 3 ,I 4 And transmitted to the smart card.
In some implementations of this embodiment, the second preset rule includes:
Figure BDA00038158165100000611
Figure BDA00038158165100000612
i 4 =Ccb(ID j ,y);
Step S6, the intelligent card is used for identifying the ID according to the random number x and the identity i Second parameter information set { ID } j ,I 3 ,I 4 The verification parameter I' is obtained through the calculation of a cross combination bit algorithm 4 And compare the verification parameters I 4 And encryption parameter I 4 Whether or not the two are consistent; in the verification parameter I 4 And encryption parameter I 4 If they match, determining user U i And passing the second verification.
Specifically, the verification parameter I' is compared 4 And encryption parameter I 4 Is of a size of (a) and (b).
If I 4 ≠I 4 The server cannot pass through the user U i The authentication process is terminated.
If I 4 =I 4 The server passes through the user U i The authentication process continues.
In some implementations of the present embodiment, the smart card is based on a random number x, an identification ID i Second parameter information set { ID } j ,I 3 ,I 4 The verification parameter I' is obtained through the calculation of a cross combination bit algorithm 4 Comprising:
the intelligent card is based on the random number x and the identity ID i Encryption parameter I 3 Calculating to obtain verification random number
Figure BDA0003815816510000071
According to the verification random number y' and the server identity ID j Calculating to obtain verification parameter I 4 =Ccb(ID j ,y`)。
Step S7, at user U i And when the second verification is passed, the intelligent card obtains an encryption parameter N according to a third preset rule through a cross combination bit algorithm, and the encryption parameter N is sent to the server.
In some implementations of this embodiment, the third preset rule includes:
second interaction key
Figure BDA0003815816510000072
Wherein y is L Is the left part of the random number y, y R Is the right part of the random number y.
Step S8, the server receives the first interactive key K S_U The random number y is calculated to obtain a verification parameter N 'through a cross combination bit algorithm, and whether the verification parameter N' is consistent with the encryption parameter N or not is compared; when the verification parameter N' is consistent with the encryption parameter N, the user U is judged i Through authentication.
Specifically, the verification parameter N' is compared with the received encryption parameter N.
If N' is not equal to N, user U i Failure to pass through the server S j Is verified, and the protocol is stopped.
If N' =n, user U i Through the server S j Is shown to user U i For legal user, the server S can be freely used j Resources on the same.
The identity authentication method provided by the embodiment can be used in a single-server environment or a multi-server environment, and has a wider application range; the method uses the bitwise operation cross combination bit algorithm to realize the encryption processing of the transmitted information, thereby reducing the calculated amount; the cross combination bit algorithm is an algorithm for carrying out bit operation based on the hamming weight of the encryption information, so that the inherent hamming weight of the encryption information can be utilized in the encryption process, the parameter introduction can be reduced, and the cracking difficulty of a third party can be increased; the method can reduce the calculated amount in the identity authentication process and improve the authentication security.
Based on the above embodiment, the formula of the cross-combination bit algorithm is: z=ccb (X, Y);
wherein X, Y, Z is a binary string with a length of L bits, H (X) represents the Hamming weight of the binary string X, and H (Y) represents the Hamming weight of the binary string Y;
the operation rule of the cross-combination bit algorithm comprises:
when H (X) is more than or equal to H (Y), sequentially combining the right H (Y) bit of the binary string X and the left H (X) bit of the binary string Y to obtain a binary string; if H (X) +H (Y) is not less than L, cutting off the right (H (X) +H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bits; if H (X) +H (Y) < L, adding (L- (H (X) +H (Y)) 0 s on the left side of the binary string to obtain a binary string Z with the length of L bits;
when H (X) < H (Y), taking the left H (Y) bit of the binary string X and the right H (X) bit of the binary string Y for reverse sequence combination to obtain a binary string; if H (X) +H (Y) is not less than L, cutting off the left (H (X) +H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bits; if H (X) +H (Y) < L, (L- (H (X) +H (Y)) 0 s are added to the right of the binary string, and a binary string Z with a length of L bits is obtained.
For an enhanced understanding of the cross-combining bit algorithm, please refer to the following examples:
as shown in fig. 2, taking l=12, x= 101101111101, y= 010110000110, H (X) =9, H (Y) =5 can be obtained, and H (X) Σ.h (Y) is satisfied, so Z can be obtained 0 = 11101010110000. Since H (X) +h (Y) =14 is greater than l=12, H (X) +h (Y) > L is satisfied, and the binary string Z needs to be truncated according to the definition of the cross-combination bit algorithm 0 To the right of (a) and finally results in a binary string z=ccb (X, Y) = 111010101100.
As shown in fig. 3, taking l=12, x= 010110000110, y= 101101111100, H (X) =5, H (Y) =8 can be obtained, and it can be seen that H (X) < H (Y) is satisfied, so Z can be obtained 0 = 1110001011000. Since H (X) +h (Y) =13 is greater than l=12, H (X) +h (Y) Σlis satisfied, and the binary string Z needs to be truncated according to the definition of the cross-combination bit algorithm 0 The left 1 bit of (a) to the end result is a binary string z=ccb (X, Y) = 110001011000.
According to the identity authentication method provided by the embodiment, the cross combination bit algorithm for carrying out bit operation based on the Hamming weight of the encryption information is adopted, so that the advantages of small calculated amount and high calculation efficiency of bit operation are achieved, the inherent Hamming weight of the encryption information can be utilized for encryption, the parameter introduction can be reduced, the cracking difficulty of a third party can be increased, and the effects of reducing calculated amount and improving safety are achieved.
In some embodiments, before step S1, the registration of the server and the user may be performed separately before the identity authentication is performed. The method further comprises the steps of:
a server registration step:
the server sends a registration request to the registration center, and receives a server key K sent by the registration center when the registration is successful RC_S
Wherein the server key K RC_S Is the key between the registry and the server.
Specifically, the server sends a registration request to a registration center, wherein the registration request comprises registration information input by the server;
wherein the registration information may include a server identification ID j
The registration center checks whether the registration information has uniqueness;
if the registration information has uniqueness, the registration center will be a server key K RC_S Sending the data to a server;
if the registration information does not have uniqueness, notifying the server to re-input the registration information until the registration information input by the server has uniqueness.
Because the above method can be used under either a single server or multiple servers, the registry can receive and register for one or more servers separately.
And a user registration step, specifically comprising the steps of:
user U i Inputting set ID at terminal i Password PW i Biological characteristic information BIO i And writing a random number r i The terminal uses the cross combination bit algorithm to identify the ID according to the fourth preset rule i Password PW i Biological characteristic information BIO i Random number r i Calculating to obtain encryption parameter A i And encryption parameter B i And generates a registration parameter information set { ID } i ,A i ,B i And transmitted to the registry.
Wherein the random number r i Can be selected random number in the user registration process, and when in specific implementation, the random number r i May be a user-set password; the fourth preset rule includes: a is that i =Ccb(ID i ,r i ) And B i =Ccb(PW i ,BIO i );
Registration center verifies identity ID i Whether or not to have uniqueness; and in the identity ID i When the user U has uniqueness, the user U is judged i The registration is successful, and the master key K and the server key K of the registration center are subjected to cross combination bit algorithm according to a fifth preset rule RC_S Identity ID i Encryption parameter A i Encryption parameter B i Calculating to obtain encryption parameter E i Encryption parameter F i Encryption parameter G i And will encrypt the parameter E i Encryption parameter F i Encryption parameter G i And the operation rule of the cross combination bit algorithm is written into the intelligent card.
In some implementations of this embodiment, the fifth preset rule includes: c (C) i =Ccb(ID i ,K)、D i =Ccb(C i_L ,C i_R )、
Figure BDA0003815816510000091
Is->
Figure BDA0003815816510000092
Wherein C is i And D i Are all encryption parameters, K is a main key of a registry, C i_L For encryption parameter C i C in the left part of (2) i_R For encryption parameter C i Is included in the right part of the (c).
The terminal is generally a terminal device required for authentication, such as a registration host, a bank cabinet, and the like.
The smart card also receives the user U i Written random number r i So that the smart card stores the original parameter informationInformation set { E i ,F i ,G i ,Ccb(X,Y),r i }。
The embodiment can encrypt the transmission information by adopting the cross combination bit algorithm in the user registration process, so that other user information is encrypted information when interacting with the registration center besides the user identity, and the safety of the user information is further ensured.
In some embodiments, the method further comprises:
the server verifies the parameter F i And encryption parameter F i When the user U is inconsistent, the user U is judged i Failure of login, notify user U i Performing a second login; and, at user U i When the continuous times of login failure reach a threshold value, the user U is provided with a user interface i The smart card is locked so that the smart card can no longer perform login operations.
The threshold value can be 3-5 times and can be preset according to actual requirements; when the smart card is locked, the user needs to hold the smart card to go to the registry to unlock.
According to the embodiment, when the user fails to log in, the user can be reminded of logging in again, and when the number of times of continuous login failure of the user exceeds the threshold value, the intelligent card is locked, so that the intelligent card cannot log in any more, and the condition that the intelligent card is stolen is prevented.
In some embodiments, to modify the password, at user U i After successful login, the method further comprises the following steps:
the server receives the user U i New password PW entered new And based on the new password PW new Updating encryption parameters E stored in a smart card i
Wherein the encryption parameter E i =E new
Figure BDA0003815816510000101
Specifically, after the password modification is completed, the user may take out the smart card.
In the embodiment, the user can modify the password after logging in, and the modified password is encrypted and stored immediately, so that the security in the password modification process is ensured.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.

Claims (7)

1. An identity authentication method, the method comprising:
the server obtains the user U i Input identity ID i Password PW i Biological characteristic information BIO i And obtain user U i Original parameter information set { E ] stored in a smart card of (E) i ,F i ,G i ,Ccb(X,Y),r i -a }; wherein E is i 、F i G (G) i Are encryption parameters, r i For the user U i Writing a random number of the smart card; ccb (X, Y) is an operation rule of a cross combination bit algorithm, X, Y is a binary string with a length of L bits, and the cross combination bit algorithm is an algorithm for performing bit operation based on hamming weight of encryption information;
the server performs the identification according to the identification ID i Said password PW i Said biometric information BIO i The original parameter information set { E } i ,F i ,G i ,Ccb(X,Y),r i And calculating to obtain a verification parameter F' through the cross combination bit algorithm i And compares the verification parameters F i And encryption parameter F i Whether or not the two are consistent; at the verification parameter F i And the encryption parameter F i When the user U is consistent, the user U is judged i The login is successful;
the server is used for identifying the ID according to the identity i Password PW i Biological characteristic information BIO i Original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i The verification parameter F' is obtained through the calculation of a cross combination bit algorithm i The method specifically comprises the following steps:
the server is based on the random number r i And identity ID i Calculating to obtain verification parameter A i =Ccb(ID i ,r i ) And according to the password PW i And biometric information BIO i Calculating to obtain verification parameter B i =Ccb(PW i ,BIO i );
According to the verification parameter B i And encryption parameter E i Calculating to obtain verification parameter D ii ⊕B` i
According to the verification parameter A i And verification parameter D i Calculating to obtain verification parameter F i =D` i ⊕A` i
At the user U i When login is successful, the smart card generates a random number x, and the encryption parameter I is obtained through the cross combination bit algorithm according to a first preset rule 1 Encryption parameter H i Encryption parameter I 2 And generates a first parameter information set { I } 1 ,H i ,I 2 ,G i -sending to the server; the server stores a server identity ID j And server key K RC_S The first preset rule includes: i 1 =Ccb(D` i_L ,D` i_R )⊕x、H i =Ccb(D` i ,x)⊕ID i I 2 =Ccb(ID i ⊕x,G i ) The method comprises the steps of carrying out a first treatment on the surface of the Wherein D i_L And D i_R Respectively is verification parameter D i Left and right portions of (a);
the server generates a server key K according to the server key RC_S And the first parameter information set { I } 1 ,H i ,I 2 ,G i The verification parameter I' is obtained through calculation of the cross combination bit algorithm 2 And comparing the verification parameters I 2 And the encryption parameter I 2 Whether or not the two are consistent; at the verification parameter I 2 And the encryption parameter I 2 When the user U is consistent, the user U is judged i Passing a first verification;
at the user U i When the first verification is passed, the server generates a random number y, and a first interactive key K is obtained through the cross combination bit algorithm according to a second preset rule S_U Encryption parameter I 3 Encryption parameter I 4 And generates a second parameter information set { ID } j ,I 3 ,I 4 -sending to the smart card, the second preset rule comprising: k (K) S_U =Ccb(ID i ⊕y,ID j ⊕x)、I 3 =Ccb(ID i X) +.y and I 4 =Ccb(ID j ,y);
The intelligent card is used for identifying the ID according to the random number x i The second parameter information set { ID } j ,I 3 ,I 4 The verification parameter I' is obtained through calculation of the cross combination bit algorithm 4 And comparing the verification parameters I 4 And the encryption parameter I 4 Whether or not the two are consistent; at the verification parameter I 4 And the encryption parameter I 4 When the user U is consistent, the user U is judged i Passing the second verification;
at the user U i And when the second verification is passed, the smart card obtains an encryption parameter N through the cross combination bit algorithm according to a third preset rule, and sends the encryption parameter N to the server, wherein the third preset rule comprises: second interaction key K U_S =Ccb(ID i ⊕y,ID j ⊕x),N=Ccb(y L ,y R )⊕K U_S Wherein y is L Is the left part of the random number y, y R Is the right part of the random number y;
the server receives the first interactive key K S_U The random number y is calculated to obtain a verification parameter N 'through the cross combination bit algorithm, and whether the verification parameter N' is consistent with the encryption parameter N or not is compared; when the verification parameter N' is consistent with the encryption parameter N, the user U is judged i Through authentication.
2. The method according to claim 1, wherein the server is based on the server key K RC_S And the first parameter information set { I } 1 ,H i ,I 2 ,G i The verification parameter I' is obtained through calculation of the cross combination bit algorithm 2 Comprising:
the server generates the encryption parameter G according to the encryption parameter G i And the server key K RC_S Calculating to obtain verification parameter C i =K RC_S ⊕G i
The verification parameter C' is set i Divided into left part C i_L And right part C i_R Calculating to obtain verification parameter D i =Ccb(C` i_L ,C` i_R );
According to the verification parameter D' i And the encryption parameter I 1 The verification random number x' =ccb (d″) is calculated i_L ,D`` i_R )⊕I 1
According to the verification random number x 'and the verification parameter D' i And the encryption parameter H i Calculating to obtain verification identity ID i =Ccb(D`` i ,`)⊕H i
According to the verification identity ID i The verification random number x' and the encryption parameter G i Calculating to obtain verification parameter I 2 =Ccb(ID` i ⊕x`,G i )。
3. The method according to claim 2, wherein said smart card is based on said random number x, said identification ID i The second parameter information set { ID } j ,I 3 ,I 4 The verification parameter I' is obtained through calculation of the cross combination bit algorithm 4 Comprising:
the intelligent card is used for identifying the ID according to the random number x i Said encryption parameter I 3 The verification random number y' =ccb (ID) i ,x)⊕I 3
According to the verification random number y' and the server identity ID j Calculating to obtain verification parameter I 4 =Ccb(ID j ,y`)。
4. The method according to claim 1, characterized in that the user U is obtained at the server i Input identity ID i Password PW i Biological characteristic information BIO i Previously, the method further comprises:
the server sends a registration request to a registration center, and receives a server key K sent by the registration center when registration is successful RC_S
And, the user U i Identity mark set by terminal inputID of ID i Password PW i Biological characteristic information BIO i And writing a random number r i The terminal uses the cross combination bit algorithm to carry out identification ID according to a fourth preset rule i The password PE i Said biometric information BIO i The random number r i Calculating to obtain encryption parameter A i And encryption parameter B i And generates a registration parameter information set { ID } i ,A i ,B i -sending to the registry, the fourth preset rule comprising: a is that i =Ccb(ID i ,r i ) And B i =Ccb(PW i ,BIO i );
The registration center verifies the identity ID i Whether or not to have uniqueness; and at the identity ID i When the user U has uniqueness, the user U is judged i The registration is successful, and the master key K and the server key K of the registration center are subjected to the cross combination bit algorithm according to a fifth preset rule RC_S Said identification ID i Said encryption parameter A i Said encryption parameter B i Calculating to obtain encryption parameter E i Encryption parameter F i Encryption parameter G i And the encryption parameter E i Said encryption parameter F i Said encryption parameter G i And writing the operation rule of the cross combination bit algorithm into the smart card, wherein the fifth preset rule comprises: c (C) i =Ccb(ID i ,K)、D i =Ccb(C i_L ,C i_R )、E i =D i ⊕B i 、F i =D i ⊕A i G (G) i =K RC_S ⊕C i The method comprises the steps of carrying out a first treatment on the surface of the Wherein C is i And D i Are encryption parameters, K is the main key of the registry, C i_L For encryption parameter C i C in the left part of (2) i_R For encryption parameter C i Is the right part of (2);
the smart card also receives the user U i Written random number r i So that the smart card stores the original parameter information set { E } i ,F i ,G i ,Ccb(X,Y),r i }。
5. The method according to claim 1, wherein the method further comprises:
the server verifies the parameter F i And encryption parameter F i When the user U is inconsistent, the user U is judged i Failure of login, notifying the user U i Performing a second login; the method comprises the steps of,
at the user U i When the continuous times of login failure reach a threshold value, the user U is provided with a user interface i So that the smart card can no longer perform login operations.
6. The method of claim 1, wherein, at the user U i After successful login, the method further comprises the following steps:
the server receives the user U i New password PW entered new And based on the new password PW new Updating the encryption parameter E stored in the smart card i
Wherein the encryption parameter E i =E new ,E new =E i ⊕Ccb(PW i ,BIO i )⊕Ccb(PW new ,BIO i )。
7. The method according to any one of claims 1 to 6, wherein the formula of the cross-combining bit algorithm is: z=ccb (X, Y);
wherein Z is a binary string with a length of L bits, H (X) is used for representing the hamming weight of the binary string X, and H (Y) is used for representing the hamming weight of the binary string Y;
the operation rule of the cross combination bit algorithm comprises:
when H (X) is not less than H (), the right H (Y) bit of the binary string X and the left H (X) bit of the binary string Y are sequentially combined to obtain a binary string; if H (X) +H () > L is not less than L, cutting the right (() +H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bits; if H (X) +H () < L, adding 0 s (H (X) +H ()) to the left of the binary string to obtain a binary string Z with the length of L bits;
when H (X) < H (), taking the left H (Y) bit of the binary string X and the right H (X) bit of the binary string Y to combine in reverse order to obtain a binary string; if H (X) +H () > L is not less than L, cutting the left (() +H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bits; if H (X) +h () < L, 0 s are complemented on the right side of the binary string, (- (H (X) +h ()) to obtain a binary string Z of L bits in length.
CN202211026010.3A 2022-08-25 2022-08-25 Identity authentication method Active CN115473652B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211026010.3A CN115473652B (en) 2022-08-25 2022-08-25 Identity authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211026010.3A CN115473652B (en) 2022-08-25 2022-08-25 Identity authentication method

Publications (2)

Publication Number Publication Date
CN115473652A CN115473652A (en) 2022-12-13
CN115473652B true CN115473652B (en) 2023-05-16

Family

ID=84369445

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211026010.3A Active CN115473652B (en) 2022-08-25 2022-08-25 Identity authentication method

Country Status (1)

Country Link
CN (1) CN115473652B (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103346887A (en) * 2013-07-02 2013-10-09 山东科技大学 Low-complexity identity authentication method based on intelligent card and under multiserver environment
KR101809974B1 (en) * 2017-05-22 2017-12-19 주식회사 에프엔에스벨류 A system for security certification generating authentication key combinating multi-user element and a method thereof
CN109274683A (en) * 2018-10-30 2019-01-25 国网安徽省电力有限公司信息通信分公司 A kind of combined crosswise Verification System and its authentication method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
改进的三因素相互认证与密钥协商方案;王彩芬;乔慧;李亚红;刘超;陈丽;;计算机应用研究(第02期) *

Also Published As

Publication number Publication date
CN115473652A (en) 2022-12-13

Similar Documents

Publication Publication Date Title
US8590024B2 (en) Method for generating digital fingerprint using pseudo random number code
CN108616504B (en) Sensor node identity authentication system and method based on Internet of things
US20170142087A1 (en) Device authentication agent
CN107426235B (en) Authority authentication method, device and system based on equipment fingerprint
US9461995B2 (en) Terminal, network locking and network unlocking method for same, and storage medium
CN107925581A (en) 1:N organism authentications, encryption, signature system
US20070132548A1 (en) Method and apparatus for programming electronic security token
US11301586B1 (en) Systems and processes for lossy biometric representations
CN116941220A (en) In-memory signing of messages with personal identifiers
JP2009151528A (en) Ic card storing biological information and access control method thereof
CN113348455A (en) Apparatus and method for providing authentication, non-repudiation, managed access, and twin discrimination of data using data control signatures
CN112149068A (en) Access-based authorization verification method, information generation method and device, and server
CN116580489B (en) Access control equipment, access control card and card sender control method, equipment and medium
US11120120B2 (en) Method and system for secure password storage
CN115514492A (en) BIOS firmware verification method, device, server, storage medium and program product
CN115473652B (en) Identity authentication method
WO2006093238A1 (en) Authentication assisting device, authentication main device, integrated circuit, and authenticating method
US20180145992A1 (en) Data verification method
CN113987446A (en) Authentication method and device
CN113347183A (en) Block chain financial big data processing method
CN116545628B (en) Identity authentication method and device applied to safe, safe and storage medium
CN116756718B (en) U-Sketch-based biological feature data error correction method, system and tool
WO2024185059A1 (en) Authentication server, authentication system, authentication method, and program
CN113923203B (en) Network request verification method, device, equipment and storage medium
CN113141347B (en) Social work information protection method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant