CN116386183A - Anonymous authentication method under public place spreading code scene - Google Patents
Anonymous authentication method under public place spreading code scene Download PDFInfo
- Publication number
- CN116386183A CN116386183A CN202211375719.4A CN202211375719A CN116386183A CN 116386183 A CN116386183 A CN 116386183A CN 202211375719 A CN202211375719 A CN 202211375719A CN 116386183 A CN116386183 A CN 116386183A
- Authority
- CN
- China
- Prior art keywords
- user
- algorithm
- certificate
- verification
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 230000007480 spreading Effects 0.000 title claims abstract description 18
- 238000003892 spreading Methods 0.000 title claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 54
- 230000002159 abnormal effect Effects 0.000 claims abstract description 7
- 230000008569 process Effects 0.000 claims description 7
- 230000002776 aggregation Effects 0.000 claims description 5
- 238000004220 aggregation Methods 0.000 claims description 5
- 239000011159 matrix material Substances 0.000 claims description 3
- 230000004931 aggregating effect Effects 0.000 claims description 2
- 230000007774 longterm Effects 0.000 claims description 2
- 238000012423 maintenance Methods 0.000 claims description 2
- 230000007246 mechanism Effects 0.000 claims description 2
- 238000010200 validation analysis Methods 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 description 3
- 230000002265 prevention Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/27—Individual registration on entry or exit involving the use of a pass with central registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention belongs to the technical field of network information security, and particularly relates to an anonymous authentication method in a public place spreading code scene. The method can improve the code spreading verification efficiency in the actual application scene, and ensure that the verification party can verify the validity of the certificate on the premise of not invading the privacy of the user. Comprising the following steps: step 1, parameter generation: step 2, issuing a certificate: when a user enters and exits various public places, the user needs to present a certificate to a service provider, so that the user needs to interact with an issuer to acquire a valid certificate related to the user before presenting the certificate; step 3, presenting the certificate: after the user acquires and verifies the validity of the certificate in the certificate acquisition stage, the user aggregates a plurality of different certificates together, and presents the certificate owned by the user to the service provider for verification by the service provider when entering and exiting a public place; step 4, tracking and canceling: under the code spreading scene, tracking is performed for the user with abnormal credentials.
Description
Technical Field
The invention belongs to the technical field of network information security, and particularly relates to an anonymous authentication method in a public place spreading code scene.
Background
Important credentials are needed when going into and out of public places. The user can register through the payment bank or the WeChat to obtain the certificate, the passing certificate binds and displays privacy data such as the name, the ID card number, the mobile phone number and the like of the user with the user, and then the privacy data is converted into a two-dimensional code with color according to the space-time data and the related evidence of the user.
However, this solution has some problems in terms of security, where the credentials use only cryptographic hash functions to prevent replay attacks, but there is no guarantee that the credentials are forged. In addition, because the two-dimensional code contains unique ID for representing the identity of the user, name and ID card number information, the privacy guarantee is weaker; users may need to display multiple credentials or scan corresponding location codes in different places, and thus, the traffic efficiency may be reduced when the number of users is excessive.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention provides an anonymous authentication method under a public place spreading code scene. The method can improve the code spreading verification efficiency in the actual application scene, ensure that a verifier can verify the validity of the certificate on the premise of not invading the privacy of the user, bind the user identity with the certificate by adopting a biological characteristic technology, and input biological characteristic decoding calculation is needed when the private key is used each time, so that the one-time secret key can not only well ensure the safety of the private key of the user, but also effectively prevent other users from forging the certificate.
In order to achieve the above purpose, the invention adopts the following technical scheme, which comprises the following steps.
And step 1, generating parameters.
Basic parameters used in the system are generated, and public and private keys of the registry, issuer, and user, and related data are then generated using the public parameters.
And 2, issuing the certificate.
Users need to present credentials to service providers while entering and exiting various public venues, so users need to interact with the issuer to obtain a valid credential associated with the user before presenting the credentials.
And step 3, presenting the certificate.
After the user acquires and verifies the validity of the certificate in the certificate acquisition stage, the user aggregates different certificates together, and presents the certificate owned by the user to the service provider for verification by the service provider when entering and exiting the public place.
And 4, tracking and canceling.
Under the code spreading scene, tracking is performed for the user with abnormal credentials. For example, if the credentials of the user are abnormal after entering and exiting the public place, the identity of the abnormal user needs to be quickly confirmed and corresponding measures are taken.
Revocation is directed to some illegal users in the current scene that need to be revoked by the system, thereby ensuring that valid certification information cannot be generated.
Further, the step 1 includes:
step 1.1, initializing: the initialization algorithm is defined as: initial (1) κ )→(param);
For generating global system parameters in the scheme; the registry inputs a security parameter kappa and then outputs a global parameter param;
step 1.2, generating a registration center key: for taking as input the global parameter param and outputting a key pair (rsk, rpk, rtsk, rtpk) registering the trusted center; the generated registry key algorithm is defined as: RKeyGen (param) → (rsk, rpk, rtsk, rtpk); wherein, (rsk, rpk) are respectively a signature private key and a verification public key for generating a valid user token, and (rtsk, rtpk) are respectively used as a tracking private key and a tracking public key of a registry, so that a message sent by a user in a verification stage can be tracked;
generating an issuer key: taking the global parameter param as input and outputting a key pair (isk, ivk) of the credential issuer; the algorithm is defined as follows: IKeyGen (param) → (isk, ivk); wherein isk is the private signature key of the credential issuer and ivk is the public verification key of the credential issuer;
generating a user key: the global parameter param, the biological characteristics u of the user and the identity information identity of the user are used as input registries to interact, and the public key of the user and related parameters (uvk, M, e=mx+u) are output; the generation user key algorithm is defined as: UKeyGen (param, u, identity) → (uvk, M, e);
wherein,,
is a random vector, ">
Is a random matrix, where q is a prime number, F q Is a finite field, uuk is the user's authentication public key, and the user can calculate x' =decode τ (M, e-u '), u ' is the biometric of the user, whereby the private key usk=h (x ') of the user is obtained.
Further, the step 2 includes issuing an attribute certificate, and the user runs a certificate acquisition algorithm credObtain to interact with a certificate issuer running a certificate issuing algorithm credIssu to request an attribute certificate based on a user signature private key usk;
wherein the CredObtain algorithm uses parameters param, user's signature key usk, credential issuer's verification key ivk and a set of attributes
Inputting; whereas the CredIssue algorithm uses the parameters param, the signature private key isk of the credential issuer, the user's authentication public key uvk, a set of attributes +.>
Set L t Inputting; at the end of the credential issuance protocol, the credObtain algorithm returns an issuer-to-user attribute +.>
A credential cred of the name; this formalization of the protocol is defined as:
the validity of the single credential is verified by a credential verification algorithm (CredVerify), which is defined as:
by entering the parameter param, the user's signature private key usk, the credential issuer's authentication public key ivk, attributes
A credential cred; if the verification is passed, outputting 1 by the certificate verification algorithm; otherwise, the verification fails, i.e., output 0.
Further, in step 3, the presenting of the certificate includes the steps of:
step 3.1, aggregating a plurality of certificates held by the same user into an effective certificate through a certificate aggregation algorithm (CredAgg), wherein the certificate aggregation algorithm (CredAgg) is as follows:
CredAgg(param,usk,{(ivk j ,a j,i ,cred j,i )} j,i )→credagg;
i.e. with the parameter param, the user signature private key usk=h (Decode τ (M, e-u')), a plurality of different credentials generated by signing different attributes and a credential issuer public key { (ivk) j ,a j,i ,cred j,i )} j,i For input, outputting an aggregate certificate with the same size as the single certificate;
step 3.2, a credential presentation process:
in the credential presentation stage, the user needs to prove that the user has access to the service provider, namely, the user presents the corresponding attribute credential to carry out authority verification according to the service access strategy issued by the service provider; meanwhile, the user also needs to prove that the identity of the user is legal and is not in the revocation state to the service provider;
the presentation protocol includes two algorithms, show and Verify, run by the user and the service provider, respectively; the protocol is defined as follows:
the Show algorithm inputs the parameter param, the user signature private key usk=h (Decode) τ (M, e-u ')), the trusted center's verification public key and tracking public key (rvk, rtpk), the aggregated attribute credential credagg, a set of attributes and corresponding credential issuer public key { (ivk) j ,cred j,i )} j,i And a token tohen;
the Verify algorithm inputs the parameters param, a set of attributes and corresponding credential issuer public key { (ivk) j ,cred j,i )} j,i Proving pi and randomized credential credagg'; when the presentation protocol is finished, if the verification algorithm outputs 1, the verification is passed; otherwise, output 0, verify failure.
Further, in step 4, tracking and revocation includes:
step 4.1, token generation; the token generation protocol is a two-party protocol which is interactively operated by the user and the trusted center, and a leaf node on a complete binary tree is distributed for the newly registered user and a corresponding credential token is generated; while the user holding the token can prove the legitimacy of the identity of the user when communicating with other entities; the protocol is defined as:
the user runs the TokenObtain algorithm by inputting parameters param, the biological characteristics u of the user, identity information Identity of the user and a verification public key rvk of the registry; after receiving the request of user, the registry runs the token issuing algorithm, which inputs parameter param, user's authentication public key uvk, user's proof pi u A signature private key rsk of a registry and an epoch t; at the end of the token generation protocol, tokenObtain algorithmReturning an effective token and a path p of the user on the complete binary tree;
step 4.2, tracking token verification (TTokenVerify): for verifying whether the tracking token issued by the registry is valid; the tracking token validation algorithm is defined as: TTokenVerify (param, rvk, usk, tToken) →1/0; the parameters param, the verification public key rvk of the trusted center, the signature private key usk of the user and the long-term tracking token tToken are used as algorithm inputs; outputting 1 if the algorithm verification is passed; otherwise, the verification fails and 0 is output;
revoke token verification (RTokenVerify): the definition is as follows: RTokenVerify (param, rvk, rToken, t) →1/0; for verifying whether a short-term revocation token issued by a trusted center is valid; the parameters param, the verification public key rvk of the trusted center, the revocation token and the revocation time epoch t are taken as algorithm inputs; if the verification of the revoked token is passed, the algorithm outputs 1; otherwise, the verification fails and 0 is output;
tracking: defined according to the tracking algorithm (Trace) as: trace (param, rtsk, pi) →tToken; the trusted center tracks the tracking token held by the user according to the tracking key; the trusted center runs a tracking algorithm, the algorithm inputs a parameter param, a tracking private key rtsk of the trusted center and a proof pi sent by a user in a credential presentation stage, and outputs a tracking token tToken of the user;
revocation: the revocation algorithm (revocation) is defined as: revoke (param, tsk, t) → (RLt, lt); run by the registry, a revocation mechanism for maintenance schemes; based on the complete subtree method, the registry firstly updates the root node set SR of the undegraded complete subtree in the system, then generates an effective revocation token for each node in the set under epoch t, and finally generates a new revocation list RLt and a set L of revoked users t ;
The Update algorithm (Update) is defined as: update (RL) t ,t,L t )→rToken u,t The method comprises the steps of carrying out a first treatment on the surface of the Because the registry divides the system time into several revocation time epochs, for a new epoch, the user needs to update the revocation token he holds; the update algorithm inputs a revocation listRL t New epoch t and set L t And outputs a valid short-term revocation token rToken u,t 。
Compared with the prior art, the invention has the beneficial effects.
1. The invention can verify the validity of the credentials while ensuring the privacy of the user, and the function of credential aggregation is that a plurality of credentials can aggregate the verification, so that the verification efficiency can be improved and the user credential switching can be reduced.
2. The invention uses the biological characteristic key to ensure that the user does not store the user private key locally but calculates the user private key through the biological characteristic, thereby improving the safety of the user private key and simultaneously ensuring that malicious users can impersonate in the display stage.
Drawings
The invention is further described below with reference to the drawings and the detailed description. The scope of the present invention is not limited to the following description.
FIG. 1 is a diagram of a specific system architecture of the present invention.
Fig. 2 is a symbol definition table of the present invention.
Detailed Description
As shown in fig. 1-2, the specific content of the spreading code anonymous authentication system comprises five stages of initialization, registration, authentication, presentation, tracking and revocation.
1. And (3) initializing.
In the initialization stage, the registry generates a system parameter param and a required public and private key according to the security parameter k, and the specific operation is as follows:
(1) The registry selects an asymmetric bilinear pairing group e: g 1 ×G 2 →G T Wherein
And g 2 G respectively 1 Group G 2 Generating elements of the group.
(2) Registration center selection key
Then calculate and issue a verification public key
And tracking public key rtpk=g 1 r . At the same time, the signature private key rsk= (rsk) is saved 1 ,rsk 2 ,rsk 3 ,rsk 4 )=(ξ 1 ,ξ 2 ,ξ 3 ,ξ 4 ) And tracking private key rtsk=r.
(3) The registry generates a complete binary tree CBTree and a revocation list RL t . Specifically, the registry first divides the system time into a number of time epochs, adjusts the set SR of valid complete subtree root nodes on the complete binary tree in each epoch, and then generates a revocation token for each node in the set and stores it in the revocation list. In the system initial state, the SR contains only the root node of the CBTree.
(4) Registry publishing system parameters
Wherein H is G 1 Hash functions over a group.
2. Registration stage.
The entity in the epidemic prevention spreading code system needs to register with a registration center before using the service of the system, and the registration process of each party is as follows:
(1) Issuer selection signature private key
Then calculate and disclose the verification public key +.>
Subsequently, the issuer sends a registration request to the registry. While the registry selects a unique identity ID for the issuer iss And generates a public key certificate corresponding thereto. Finally, the issuer stores the ID returned by the registry iss And a public key certificate.
(2) The service provider sends a registration request to the registry. The registry, upon receiving the request, generates a public-private key pair (psk, pvk) and public key certificate for it, which is then returned to the service provider. The service provider stores its own public and private keys and public key certificates.
(3) The user sends (u, identity) to the authority center for Identity binding, and the authority center generates a public key and related parameters for generating a private key for the authority center after receiving the binding request
And store the user's public key and the user's identity in the system. Wherein->
Is the biometric vector of the user,/>
Is a random vector of values which is a random vector,
is a random matrix, where q is a prime number, F q Is a finite field. Every time a user needs to acquire a private key, the user inputs own biological characteristics and can use a decoding τ Algorithm to calculate x' =decode τ (M, e-u ') to obtain the user private key usk=h (x'). The user then interacts with the registry as follows.
1) User random selection
And calculate a=g 1 θ ,c=H(rvk 1 Uvk, A) and then set s θ =θ+c·usk, and finally uvk, c, s θ ) And sending the data to a registration center.
2) Registry computing
c′=H(rvk 1 Uvk, a ') and comparing c and c' to each other. If equal, the registry assigns a leaf node h on the complete binary tree to the user l Node path
At the same time, leaf node h l As the id of the user.
3) The registration center is used for controlling the node path
Generating tracking tokens, i.e. select->
Calculation of
The registry then puts the user's path +.>
The verification public key uvk and the tracking token tToken are placed in a database tranv table. At the same time, the registry also selects a short-term revocation token for the user.
4) User authentication and storage of tracking tokens sent by a registry
User's path->
And a short-term revocation token. Wherein, by verifying equation->
To determine the validity of the token.
3. And (3) an authentication stage.
Before the user wants to pass the authentication of the service provider, the access credential needs to be obtained from the issuer, so that the user without permission or identity information can be prevented from illegally obtaining the service. Further, the access ticket is a signature of the issuer against the attribute. Where n is the maximum number of attributes per service. Because each issuer issues different types of service access credentials, a user may apply for access credentials to multiple issuers to obtain multiple credentials. In the join phase, x' =decode is first calculated using the biometric feature r (M, e-u ') to obtain the private key usk=v (x') of the user, and then the user interacts with the issuer as follows.
(1) User random selection
And calculate +.>
Then set up
Finally will->
To issuer j.
(2) Issuer j first checks if the user's public key is contained in collection L t Is a kind of medium. If L t If the public key of the user exists, the public key is refused not to issue the certificate, otherwise, the issuer continues the issuing process.
(3) Issuer j calculation
And compare->
And->
Whether equal. If equal, issuer j generates a message for the user about the attribute +.>
Is->
When about attribute value->
When the access credentials of (a) are updated, the issuer j recalculates the generated credentials and sends them to the user, thereby updating the user credentials.
(4) When the user receives the seed j After that, by verification:
4. And (3) a presentation stage.
Before accessing the service, the user aggregates the access credentials issued by different issuers into a valid access credential according to the access authentication policy issued by the service provider. Then, the service provider can perform authentication to obtain the service at the same time. Meanwhile, in the authentication process, a legal user needs to be ensured to be capable of safely displaying the anonymous two-dimensional code by using the code display system platform, so that an illegal attacker is prevented from acquiring the privacy of the user. In the authentication process, the user generates a request containing anonymous access credentials and credentials, as follows.
(1) User computing
Wherein m is E [1, m]。
Then according to
And selecting the tracking token corresponding to the node k.
(2) User selection
And the following steps:
credagg′=credagg sw ,
β=sw·f。
(3) User selection
And calculates equations (5.1) to (5.5).
(4) The user calculates x' =decode by biometric feature τ (M, e-u ') with usk=h (x'), user settings:
(5) The user sends an authentication request req= (credagg', pi, { (a) to the service provider j,i )} j,i Mes). After receiving the authentication request req of the user, the service provider performs the following authentication operation.
1) The service provider first calculates equations (5.6) to (5.10)
Is a value of (2).
2) Then, the service provider judges
Whether or not it is. If so, it indicates that the user requesting the service is a legitimate user that has not been revoked, and the user also proves ownership of the presented anonymous credential and attribute. Thus, the service provider may provide services to authenticated users. Otherwise, the authentication fails, and the supervisor refuses the service request of the user.
5. Tracking and revocation phase.
When an abnormal or illegal authentication request occurs in the epidemic prevention spreading code system, the service provider forwards the authentication request to the registry, and the registry can execute tracking and revocation operations, which comprises the following specific procedures:
(1) First, registry computing
Capable of decrypting tToken k Then searching the id of the corresponding user in the database tranv table to acquire the public key information of the user and then checking the user identity bound by the public key, so that the tracking of the abnormal user can be realized.
(2) Then, the path of the user is withdrawn for the illegal user registration center, and the root node set of the complete subtree is adjusted
At the same time, the registry is based on short-term tokens at a new epoch t>
Wherein (1)>
(3) Finally, the registry adjusts the revocation list RL t = { rToken, t, SR }, and will contain a set L of revoked user authentication public keys t To the issuer.
Legal users need to update their revocation tokens to the registry in a new era, and the interaction process is as follows:
(1) The user sends a request to the registry to update the revocation token.
(2) After receiving the request, the registry first checks the set L t Whether the user public key of the current application update token is contained. If not, the registry searches the path of the user in the tranv table
Then determine the path +.>
Intersection node u with SR and find the corresponding revocation token rToken at RLt u,t 。
(3) The registry returns a new revocation token rToken u,t And SR to the user.
(4) After the user receives the updated token, the user cancels the equation of the token by verifying
Whether or not it is true determines the validity of the token.
It should be understood that the foregoing detailed description of the present invention is provided for illustration only and is not limited to the technical solutions described in the embodiments of the present invention, and those skilled in the art should understand that the present invention may be modified or substituted for the same technical effects; as long as the use requirement is met, the invention is within the protection scope of the invention.
Claims (5)
1. The anonymous authentication method under public place spreading code scene is characterized in that: the method comprises the following steps:
step 1, parameter generation:
step 2, issuing a certificate:
when a user enters and exits various public places, the user needs to present a certificate to a service provider, so that the user needs to interact with an issuer to acquire a valid certificate related to the user before presenting the certificate;
step 3, presenting the certificate:
after the user acquires and verifies the validity of the certificate in the certificate acquisition stage, the user aggregates a plurality of different certificates together, and presents the certificate owned by the user to the service provider for verification by the service provider when entering and exiting a public place;
step 4, tracking and canceling:
tracking, namely tracking a user with abnormal credentials in a spreading code scene;
revocation is directed to some illegal users in the current scene that need to be revoked by the system, thereby ensuring that valid certification information cannot be generated.
2. The anonymous authentication method in a public place spreading scenario according to claim 1, wherein: the step 1 comprises the following steps:
step 1.1, initializing: the initialization algorithm is defined as: initial (1) κ )→(param);
For generating global system parameters in the scheme; the registry inputs a security parameter k and then outputs a global parameter param;
step 1.2, generating a registration center key: for taking as input the global parameter param and outputting a key pair (rsk, rpk, rtsk, rtpk) registering the trusted center; the generated registry key algorithm is defined as: RKeyGen (param) → (rsk, rpk, rtsk, rtpk); wherein, (rsk, rpk) are respectively a signature private key and a verification public key for generating a valid user token, and (rtsk, rtpk) are respectively used as a tracking private key and a tracking public key of a registry, so that a message sent by a user in a verification stage can be tracked;
generating an issuer key: taking the global parameter param as input and outputting a key pair (isk, ivk) of the credential issuer; the algorithm is defined as follows: IKeyGen (param) → (isk, ivk); wherein isk is the private signature key of the credential issuer and ivk is the public verification key of the credential issuer;
generating a user key: the global parameter param, the biological characteristics u of the user and the identity information identity of the user are used as input registries to interact, and the public key of the user and related parameters (uvk, M, e=mx+u) are output; the generation user key algorithm is defined as: UKeyGen (param, u, identity) → (uvk, M, e);
wherein,,
is a random vector, ">
Is a random matrix, where q is a prime number, F q Is a finite field, uvk is the user's authentication public key, and the user can calculate x' =decode τ (M, e-u '), u ' is the biometric of the user, whereby the private key usk=h (x ') of the user is obtained.
3. The anonymous authentication method in a public place spreading scenario according to claim 1, wherein: step 2 comprises issuing an attribute certificate, wherein a user runs a certificate acquisition algorithm CredObtain to interact with a certificate issuer running a certificate issuing algorithm CredIssu to request an attribute certificate based on a user signature private key usk;
wherein the CredObtain algorithm uses parameters param, user's signature key usk, credential issuer's verification key ivk and a set of attributes
Inputting; whereas the CredIssue algorithm uses the parameters param, the signature private key isk of the credential issuer, the user's authentication public key uvk, a set of attributes +.>
Set L t Inputting; at the end of the credential issuance protocol, the credObtain algorithm returns an issuer-to-user attribute +.>
A credential cred of the name; this formalization of the protocol is defined as:
verifying the validity of the single credential by a credential verification algorithm, the credential verification algorithm being defined as:
by entering the parameter param, the user's signature private key usk, the credential issuer's authentication public key ivk, attributes
A credential cred; if the verification is passed, outputting 1 by the certificate verification algorithm; otherwise, the verification fails, i.e., output 0.
4. The anonymous authentication method in a public place spreading scenario according to claim 1, wherein: in step 3, the presenting of the voucher includes the steps of:
step 3.1, aggregating a plurality of certificates held by the same user into an effective certificate through a certificate aggregation algorithm, wherein the certificate aggregation algorithm is as follows:
CredAgg(param,usk,{(ivk j ,a j,i ,cred j,i )} j,i )→credagg;
i.e. with the parameter param, the user signature private key usk=h (Decode τ (M, e-u')), a plurality of different credentials generated by signing different attributes and a credential issuer public key { (ivk) j ,a j,i ,cred j,i )} j,i For input, outputting an aggregate certificate with the same size as the single certificate;
step 3.2, a credential presentation process:
in the credential presentation stage, the user needs to prove that the user has access to the service provider, namely, the user presents the corresponding attribute credential to carry out authority verification according to the service access strategy issued by the service provider; meanwhile, the user also needs to prove that the identity of the user is legal and is not in the revocation state to the service provider;
the presentation protocol includes two algorithms, show and Verify, run by the user and the service provider, respectively; the protocol is defined as follows:
the Show algorithm inputs the parameter param, the user signature private key usk=h (Decode) τ (M, e-u ')), the trusted center's verification public key and tracking public key (rvk, rtpk), the aggregated attribute credential credagg, a set of attributes and corresponding credential issuer public key { (ivk) j ,cred j,i )} j,i And a token;
the Verify algorithm inputs the parameters param, a set of attributes and corresponding credential issuer public key { (ivk) j ,cred j,i )} j,i Proving pi and randomized credential credagg'; when the presentation protocol is finished, if the verification algorithm outputs 1, the verification is passed; otherwise, output 0, verify failure.
5. The anonymous authentication method in a public place spreading scenario according to claim 1, wherein: in step 4, tracking and revocation includes:
step 4.1, token generation; the token generation protocol is a two-party protocol which is interactively operated by the user and the trusted center, and a leaf node on a complete binary tree is distributed for the newly registered user and a corresponding credential token is generated; while the user holding the token can prove the legitimacy of the identity of the user when communicating with other entities; the protocol is defined as:
the user runs the TokenObtain algorithm by inputting parameters param, the biological characteristics u of the user, identity information Identity of the user and a verification public key rvk of the registry; after receiving the request of user, the registry runs the token issuing algorithm, which inputs parameter param, user's authentication public key uvk, user's proof pi u A signature private key rsk of a registry and an epoch t; when the token generation protocol is finished, the token obtain algorithm returns an effective token and a path p of the user on the complete binary tree;
step 4.2, tracking token verification: for verifying whether the tracking token issued by the registry is valid; the tracking token validation algorithm is defined as: TTokenVerify (param, rvk, usk, tToken) →1/0; the parameters param, the verification public key rvk of the trusted center, the signature private key usk of the user and the long-term tracking token tToken are used as algorithm inputs; outputting 1 if the algorithm verification is passed; otherwise, the verification fails and 0 is output;
revocation token authentication: the definition is as follows: RTokenVerify (param, rvk, rToken, c) →1/0; for verifying whether a short-term revocation token issued by a trusted center is valid; the parameters param, the verification public key rvk of the trusted center, the revocation token and the revocation time epoch t are taken as algorithm inputs; if the verification of the revoked token is passed, the algorithm outputs 1; otherwise, the verification fails and 0 is output;
tracking: defined according to the tracking algorithm as: trace (param, rtsk, pi) →tToken; the trusted center tracks the tracking token held by the user according to the tracking key; the trusted center runs a tracking algorithm, the algorithm inputs a parameter param, a tracking private key rtsk of the trusted center and a proof pi sent by a user in a credential presentation stage, and outputs a tracking token tToken of the user;
revocation: the revocation algorithm is defined as: revoke (param, tsk, t) → (RL) t ,L t ) The method comprises the steps of carrying out a first treatment on the surface of the Run by the registry, a revocation mechanism for maintenance schemes; based on the complete subtree method, the registry first updates the set of root nodes SR of the undegraded complete subtree in the system, and then for each of the setsThe node generates a valid revocation token rToken at epoch t, and finally generates a new revocation list RL t And revoke set L of users t ;
The update algorithm is defined as: update (RL) t ,t,L r )→rToken u,t The method comprises the steps of carrying out a first treatment on the surface of the Because the registry divides the system time into several revocation time epochs, for a new epoch, the user needs to update the revocation token he holds; the update algorithm inputs a revocation list RL t New epoch t and set L t And outputs a valid short-term revocation token rToken u,t 。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211375719.4A CN116386183A (en) | 2022-11-04 | 2022-11-04 | Anonymous authentication method under public place spreading code scene |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211375719.4A CN116386183A (en) | 2022-11-04 | 2022-11-04 | Anonymous authentication method under public place spreading code scene |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116386183A true CN116386183A (en) | 2023-07-04 |
Family
ID=86973651
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211375719.4A Pending CN116386183A (en) | 2022-11-04 | 2022-11-04 | Anonymous authentication method under public place spreading code scene |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116386183A (en) |
-
2022
- 2022-11-04 CN CN202211375719.4A patent/CN116386183A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11496310B2 (en) | Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication | |
| CA2573101C (en) | System and method for implementing digital signature using one time private keys | |
| CN109963282B (en) | Privacy protection access control method in IP-supported wireless sensor network | |
| CN111814191B (en) | Block chain private data protection method, device and system | |
| CN106341232B (en) | A kind of anonymous entity discrimination method based on password | |
| US20070081667A1 (en) | User authentication based on asymmetric cryptography utilizing RSA with personalized secret | |
| Ghaffar et al. | An improved authentication scheme for remote data access and sharing over cloud storage in cyber-physical-social-systems | |
| Nimmy et al. | Novel mutual authentication protocol for cloud computing using secret sharing and steganography | |
| WO2019174402A1 (en) | Group membership issuing method and device for digital group signature | |
| Win et al. | Privacy enabled digital rights management without trusted third party assumption | |
| CN115694838A (en) | Anonymous trusted access control method based on verifiable certificate and zero-knowledge proof | |
| US7073062B2 (en) | Method and apparatus to mutually authentication software modules | |
| Zhang et al. | El passo: privacy-preserving, asynchronous single sign-on | |
| CN112733179B (en) | Lightweight non-interactive privacy protection data aggregation method | |
| Addobea et al. | Secure multi-factor access control mechanism for pairing blockchains | |
| CN112968779B (en) | Security authentication and authorization control method, control system and program storage medium | |
| CN114531243A (en) | Alliance chain transaction privacy protection method based on label encryption and zero knowledge certification | |
| KR101371054B1 (en) | Method for digital signature and authenticating the same based on asymmetric-key generated by one-time_password and signature password | |
| Wu et al. | A Reputation‐Based Identity Management Model for Cloud Computing | |
| CN116386183A (en) | Anonymous authentication method under public place spreading code scene | |
| Lyu et al. | AATM: An Anonymous Authentication Protocol for Time Span of Membership with Self-blindness and Accountability | |
| Lang | Blockchains in public administration: a RADIUS on blockchain framework for public administration | |
| CN116582275A (en) | Traceable anonymous authentication method and system | |
| Mishra et al. | Privacy preserving content distribution framework for multidistributor DRM systems | |
| CN116188007A (en) | Identity verification method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |