KR20170073001A - Server, method and system for authentication and key agreement - Google Patents

Server, method and system for authentication and key agreement Download PDF

Info

Publication number
KR20170073001A
KR20170073001A KR1020150181126A KR20150181126A KR20170073001A KR 20170073001 A KR20170073001 A KR 20170073001A KR 1020150181126 A KR1020150181126 A KR 1020150181126A KR 20150181126 A KR20150181126 A KR 20150181126A KR 20170073001 A KR20170073001 A KR 20170073001A
Authority
KR
South Korea
Prior art keywords
authentication
terminal
equation
server
remind
Prior art date
Application number
KR1020150181126A
Other languages
Korean (ko)
Other versions
KR101782792B1 (en
Inventor
정익래
김동민
백목련
정원석
Original Assignee
고려대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 고려대학교 산학협력단 filed Critical 고려대학교 산학협력단
Priority to KR1020150181126A priority Critical patent/KR101782792B1/en
Publication of KR20170073001A publication Critical patent/KR20170073001A/en
Application granted granted Critical
Publication of KR101782792B1 publication Critical patent/KR101782792B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An authentication and key sharing method is disclosed. The authentication and key sharing method is performed in a server and includes receiving a registration request message from a terminal, registering a user of the terminal, receiving an authentication request message from the terminal, authenticating the user, And transmitting a response value to the terminal.

Description

Technical Field [0001] The present invention relates to an authentication and key sharing server, a method and a system,

The present invention relates to an authentication and key sharing server, a method and a system, and more particularly to a system and method for registering a user using a randomized ID and a password, And an authentication and key sharing server, method, and system capable of sharing a session key at the same time.

Recently, researches on user authentication and key sharing in various environments such as cloud system, control system, Internet of Things (IoT), and smart card have been actively conducted. However, in most studies, there is a vulnerability in that the user's ID is revealed in the user authentication process, or the user's ID or password can be guessed through the communication value or the value stored in the server. There is also an unsafe protocol considering forward secrecy. The present invention proposes a protocol that is safe for ID guessing, password guessing attack, omnidirectional security, and the user's ID is not revealed in the authentication process.

The background of the present invention is as follows.

Cryptographic hash function

Hash function

Figure pat00001
Is a function that converts data of an arbitrary length into data of a fixed length. It has the same output value for the same input value, especially for the cryptographic hash function
Figure pat00002
Satisfy the following three properties.

① pre-image resistance: given

Figure pat00003
about,
Figure pat00004
Satisfy
Figure pat00005
.

② 2nd preimage resistance: given

Figure pat00006
about,
Figure pat00007
Satisfy
Figure pat00008
.

③ Collision resistance:

Figure pat00009
Satisfy
Figure pat00010
Wow
Figure pat00011
.

Elliptic curve cryptography

Elliptic curve cryptography is one of the public key cryptosystems based on the elliptic curve theory, which has the advantage of providing similar level of security while using shorter keys than RSA (Rivest Shamir Adleman) or Elgamal. Based on these advantages, it is mainly used in the environment where the transmission amount and the calculation amount are restricted like the wireless environment. In elliptic curve cryptosystems, we mainly design cryptosystems based on the elliptic curve discrete logarithm problem.

Elliptic Curve Discrete Algebra Problems: Minority

Figure pat00012
about
Figure pat00013
To
Figure pat00014
The term finite field with a number of elements means that the point on the elliptic curve
Figure pat00015
Order (order)
Figure pat00016
The
Figure pat00017
Lt; / RTI >
Figure pat00018
An elliptic curve defined on the elliptic curve, a point defined on the elliptic curve
Figure pat00019
, And an arbitrary point
Figure pat00020
When given,
Figure pat00021
An integer that satisfies
Figure pat00022
Is an elliptic curve discrete algebra problem, which is perceived as a more difficult problem than factorization problem or discrete algebra problem.

Biohash function (Biohash)

Biohash function

Figure pat00023
Is a function that takes an input of biometric information such as a fingerprint and outputs an arbitrary length, and has safety similar to a cryptographic hash function. Although biometrics is the same person, biometrics values are slightly different for each input, so you can not use ordinary hash functions or cryptographic hash functions that require exact values. The biohash function is a function for solving the similarity (fuzzyness) of biometric information and has the property of outputting the same value with high probability for similar input.

A.T.B. Jin, D.N.C. Ling, and A. Goh, Biohashing: Two factor authentication featuring fingerprint data and tokenized random number, Pattern recognition, 2004. R. Amin and G.P. Biswas, A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS with User Anonymity, J. Med. Syst., June 2015. R. Amin and G.P. Biswas, An Improved RSA Based Authentication and Session Key Agreement Protocol Usable in TMIS, J. Med. Syst., June 2015. S.A. Chaudhry, H. Naqvi, T. Shon, M. Sher, and M.S. Farash, Cryptanalysis and Improvement of an Improved Two Factor Authentication Protocol for Telecare Medical Information Systems, J. Med. Syst., April 2015. H. Arshad, V. Teymoori, M. Nikooghadam, and H. Abbassi, On the Security of a Two-Factor Authentication and Key Agreement Scheme for Telecare Medicine Information Systems, J. Med. Syst., June 2015.

SUMMARY OF THE INVENTION The present invention has been made in view of the above problems, and it is an object of the present invention to provide a method and apparatus for registering a user using a randomized ID and a password, Server, method, and system.

An authentication and key sharing method according to an embodiment of the present invention is performed in a server, and includes receiving a registration request message from a terminal, registering a user of the terminal, receiving an authentication request message from the terminal, Authenticating the user and generating a session key, and transmitting the response value to the terminal.

Also, an authentication and key sharing server according to an embodiment of the present invention includes a registration unit for receiving a registration request message from a terminal and registering a user of the terminal, and a registration unit for receiving an authentication request message from the terminal, And an authentication unit for generating a key and transmitting a response value to the terminal.

Also, an authentication and key sharing system according to an embodiment of the present invention includes the authentication and key sharing server and the terminal.

According to the authentication and key sharing server, method, and system according to the embodiment of the present invention, it is possible to design a multiple authentication and key sharing protocol that is safe for ID and password guessing attack and satisfies all-directional security, The privacy of the user can be protected by preventing the user's ID from being exposed.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In order to more fully understand the drawings recited in the detailed description of the present invention, a detailed description of each drawing is provided.
1 illustrates an authentication and key sharing system according to an embodiment of the present invention.
2 is a functional block diagram of the terminal shown in FIG.
3 is a functional block diagram of the server shown in FIG.
4 is a flowchart illustrating an authentication and key sharing method performed in the authentication and key sharing system shown in FIG.

It is to be understood that the specific structural or functional description of embodiments of the present invention disclosed herein is for illustrative purposes only and is not intended to limit the scope of the inventive concept But may be embodied in many different forms and is not limited to the embodiments set forth herein.

The embodiments according to the concept of the present invention can make various changes and can take various forms, so that the embodiments are illustrated in the drawings and described in detail herein. It should be understood, however, that it is not intended to limit the embodiments according to the concepts of the present invention to the particular forms disclosed, but includes all modifications, equivalents, or alternatives falling within the spirit and scope of the invention.

The terms first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The terms may be named for the purpose of distinguishing one element from another, for example, without departing from the scope of the right according to the concept of the present invention, the first element may be referred to as a second element, The component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, the terms "comprises" or "having" and the like are used to specify that there are features, numbers, steps, operations, elements, parts or combinations thereof described herein, But do not preclude the presence or addition of one or more other features, integers, steps, operations, components, parts, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the meaning of the context in the relevant art and, unless explicitly defined herein, are to be interpreted as ideal or overly formal Do not.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings attached hereto. First, the present invention assumes two parties including a user and a server. Transmitting a randomized ID and a password to register the user in the server, registering the user and transmitting the registered value, inputting a user ID, password, biometric information, The server authenticates the user and generates the session key, and the user authenticates the server and authenticates the session key. The first two steps are the steps of registering users to the server and assume a communication using a secure channel.

In addition,

Figure pat00024
Cryptographic hash function,
Figure pat00025
Let's call it a biohash function. here
Figure pat00026
Is the length of the hash function output value,
Figure pat00027
Means the length of a random token used in the biohash function. And
Figure pat00028
Means an exclusive OR (XOR) for each bit.
Figure pat00029
A point on the elliptic curve used in the elliptic curve cryptosystem,
Figure pat00030
The secret value of the server, and
Figure pat00031
Is the public value of the server.

1 illustrates an authentication and key sharing system according to an embodiment of the present invention.

The authentication and key sharing system 10, which may be referred to as an authentication system, multiple authentication and key sharing systems, etc., includes at least one terminal 100 and a server 300.

The terminal 100 transmits a registration request message to the server 300 and the server 300 registers the user of the terminal 100 in response to the registration request message.

The server 300 authenticates the terminal 100 or the user in response to the authentication request of the terminal 100 and transmits the response value to the terminal 100. The terminal 100 uses the response value By authenticating the server 300, mutual authentication can be completed and the session key can be securely shared.

The terminal 100 may be a personal computer, a tablet PC, a notebook, a net-book, an e-reader, a personal digital assistant (PDA) , An MP3 player, or an MP4 player, or may be implemented as a handheld device such as a mobile phone, a smart phone, and the like.

The specific configuration and operation of the server 300 and the terminal 100 will be described in detail with reference to FIG. 2 and FIG.

2 is a functional block diagram of the terminal shown in FIG. The terminal 100 shown in FIG. 2 includes a plurality of terminals (not shown)

Figure pat00032
Th user (
Figure pat00033
) ≪ / RTI >

Referring to FIGS. 1 and 2, the terminal 100 includes a registration request unit 110, an authentication request unit 130, and an authentication unit 150.

The registration request unit 110 transmits a registration request message for user registration to the server 300. The registration request message includes a randomized ID

Figure pat00034
) And randomized password (
Figure pat00035
). I have a signed ID (
Figure pat00036
) And randomized password (
Figure pat00037
The registration request unit 110 performs the following process.

First, the registration request unit 110 receives random numbers (

Figure pat00038
,
Figure pat00039
) Is selected (or generated).

Thereafter, the registration request unit 110 receives arbitrary random numbers (

Figure pat00040
,
Figure pat00041
), ID(
Figure pat00042
), And a password (
Figure pat00043
) Is input as a cryptographic hash function.
Figure pat00044
) And randomized password (
Figure pat00045
Can be generated.

Figure pat00046

As described above, the ID (

Figure pat00047
) And password (
Figure pat00048
), The risk of personal information leakage that may occur can be eliminated. The selected arbitrary random numbers (
Figure pat00049
,
Figure pat00050
) Is a randomized ID
Figure pat00051
) And randomized password (
Figure pat00052
May be generated and then deleted in the terminal 100.

Also, the registration request unit 110 receives the registration value (

Figure pat00053
,
Figure pat00054
) And an open parameter (
Figure pat00055
,
Figure pat00056
) And receives the registration value (
Figure pat00057
,
Figure pat00058
), An open parameter (
Figure pat00059
,
Figure pat00060
), And user (
Figure pat00061
) Biometric information
Figure pat00062
) To calculate the value (
Figure pat00063
,
Figure pat00064
Can be generated. Biometric Information
Figure pat00065
For example, fingerprint information, iris information, and the like.

Figure pat00066

Figure pat00067

The registration value received from the server 300

Figure pat00068
,
Figure pat00069
), An open parameter (
Figure pat00070
,
Figure pat00071
), The calculated value (
Figure pat00072
,
Figure pat00073
), Cryptographic hash function (
Figure pat00074
), And biohash function (
Figure pat00075
May be stored in a predetermined storage means that can be included in the terminal 100 by the registration requesting unit 110. [

When the authentication request unit 130 of the terminal 100 requires authentication for communication with the server 300,

Figure pat00076
), password(
Figure pat00077
), Biometric information
Figure pat00078
), And a value stored in the terminal 100
Figure pat00079
,
Figure pat00080
,
Figure pat00081
,
Figure pat00082
,
Figure pat00083
,
Figure pat00084
, And
Figure pat00085
), The following operation is performed.

First, the authentication request unit 130 uses the following equation to calculate the random number (

Figure pat00086
,
Figure pat00087
).

Figure pat00088

Figure pat00089

In addition, the authentication request unit 130 uses the following mathematical formula to calculate the randomized ID

Figure pat00090
) And randomized password (
Figure pat00091
).

Figure pat00092

Figure pat00093

Further, the authentication request unit 130 may use the following equation

Figure pat00094
.

Figure pat00095

Further, the authentication request unit 130 may use the following equation

Figure pat00096
And calculates
Figure pat00097
Which is stored in the terminal 100,
Figure pat00098
The protocol is interrupted.

Figure pat00099

Further, the authentication request unit 130 may use the following equation

Figure pat00100
.

Figure pat00101

here,

Figure pat00102
May be an arbitrary random number selected by the authentication requesting unit 130 of the terminal 100.

Also, the authentication request unit 130 may generate a random number ("

Figure pat00103
) And an open parameter (
Figure pat00104
)
Figure pat00105
.

Figure pat00106

Further, the authentication request unit 130 may use the following equation

Figure pat00107
.

Figure pat00108

here,

Figure pat00109
May be the current timestamp.

The authentication request unit 130 receives the value (e.g.,

Figure pat00110
,
Figure pat00111
,
Figure pat00112
,
Figure pat00113
To the server 300. The authentication request message may include an authentication request message, The generated value (
Figure pat00114
,
Figure pat00115
,
Figure pat00116
,
Figure pat00117
) Can be named the query value.

The authentication unit 150 of the terminal 100 receives the response value (

Figure pat00118
,
Figure pat00119
,
Figure pat00120
), And receives the received response value (
Figure pat00121
,
Figure pat00122
,
Figure pat00123
) And the values stored in the terminal 100,
Figure pat00124
.

Figure pat00125

Figure pat00126

Figure pat00127

The authentication unit 150 receives authentication information

Figure pat00128
And generated
Figure pat00129
If it is different, to stop the protocol, authenticate the server 300 if it is the same,
Figure pat00130
As the session key.

3 is a functional block diagram of the server shown in FIG.

1 to 3, a server 300, which may be referred to as an authentication server, a key sharing server, or an authentication and key sharing server, includes a registration unit 310 and an authentication unit 330.

The registration unit 310 may receive a registration request message from the registration request unit 110 of the terminal 100 and perform user registration.

Specifically, the registering unit 310 registers the randomized ID received from the terminal 100

Figure pat00131
), Randomized password (
Figure pat00132
), And the secret value of the preset server 300 (
Figure pat00133
) To calculate the registration value (
Figure pat00134
,
Figure pat00135
).

Figure pat00136

Figure pat00137

Also, the registration unit 310 registers the generated registration value (

Figure pat00138
,
Figure pat00139
) And an open parameter (
Figure pat00140
,
Figure pat00141
To the terminal 100. Here, the public parameter (
Figure pat00142
,
Figure pat00143
) May be a public parameter used in an elliptic curve cipher.

The authentication unit 330 receives the authentication request message or the query value received from the terminal 100

Figure pat00144
,
Figure pat00145
,
Figure pat00146
,
Figure pat00147
) And its secret value (
Figure pat00148
) Is calculated as follows.

Figure pat00149

Figure pat00150

Figure pat00151

The authentication unit 330 receives the generated

Figure pat00152
And the terminal 100
Figure pat00153
The user authentication is performed. That is, the authentication unit 330
Figure pat00154
Wow
Figure pat00155
If they are different, the protocol is aborted and in the same case authenticates that it is a legitimate user. When the user authentication is completed, the authentication unit 330 reads the response value (
Figure pat00156
,
Figure pat00157
,
Figure pat00158
) To the terminal 100 after calculating (or generating) as shown below.

Figure pat00159

Figure pat00160

Figure pat00161

Figure pat00162

In the above equation

Figure pat00163
May be any random number selected by the server 300 or the authentication unit 330,
Figure pat00164
May be the current timestamp. Also,
Figure pat00165
May refer to a session key used for communication between the server 300 and the terminal 100.

Each of the configurations of the terminal 100 and the server 300 shown in FIG. 2 and FIG. 3 may be functionally and logically separated, and each configuration may be divided into a separate physical device or a separate code It will be readily apparent to one of ordinary skill in the art to which the present invention pertains.

Also, in this specification, "part" may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, the module may mean a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and does not necessarily mean a physically connected code or a kind of hardware.

4 is a flowchart illustrating an authentication and key sharing method performed in the authentication and key sharing system shown in FIG. In the description of the authentication and key sharing method, a detailed description of the contents overlapping with the above-described contents will be omitted.

1 to 4, the registration request unit 110 of the terminal 100 registers a randomized ID

Figure pat00166
) And randomized password (
Figure pat00167
) (S100), and generates a randomized ID
Figure pat00168
) And randomized password (
Figure pat00169
To the server 300 (S200).

I have a signed ID (

Figure pat00170
) And randomized password (
Figure pat00171
The registration unit 310 of the server 300 receives the registration value
Figure pat00172
,
Figure pat00173
(S300), and generates the generated registration value (
Figure pat00174
,
Figure pat00175
) And an open parameter (
Figure pat00176
,
Figure pat00177
) To the terminal 100 (S400). At this time, the created registration value (
Figure pat00178
,
Figure pat00179
) Registration unit 310 in a predetermined storage space in the server 300.

From the server 300,

Figure pat00180
,
Figure pat00181
) And an open parameter (
Figure pat00182
,
Figure pat00183
The registration request unit 110 receives the calculated value (
Figure pat00184
,
Figure pat00185
), And generates a registration value (
Figure pat00186
,
Figure pat00187
), The calculated value (
Figure pat00188
,
Figure pat00189
), An open parameter (
Figure pat00190
,
Figure pat00191
), Cryptographic hash function (
Figure pat00192
), And biohash function (
Figure pat00193
May be stored in the storage space of the terminal 100 (S500).

When authentication is required for communication with the server 300, the authentication request unit 130 of the terminal 100 transmits a query value

Figure pat00194
,
Figure pat00195
,
Figure pat00196
,
Figure pat00197
) And generates the generated query value (
Figure pat00198
,
Figure pat00199
,
Figure pat00200
,
Figure pat00201
To the server 300 (S600).

The authentication unit 330 of the server 300 receives the received query value (

Figure pat00202
,
Figure pat00203
,
Figure pat00204
,
Figure pat00205
The user of the terminal 100 is authenticated (S700), and the query value
Figure pat00206
,
Figure pat00207
,
Figure pat00208
,
Figure pat00209
) Corresponding to the response value
Figure pat00210
,
Figure pat00211
,
Figure pat00212
And transmits it to the terminal 100 (S800).

The authentication unit 150 of the terminal 100 receives the response value (

Figure pat00213
,
Figure pat00214
,
Figure pat00215
, The server 300 can be authenticated (S900).

Through the above-described process, the server 300 and the terminal 100 send the same session key (

Figure pat00216
And the present invention is applicable to various environments such as a cloud system, a control system, and a smart card.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is evident that many alternatives, modifications and variations will be apparent to those skilled in the art. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

10: Authentication and Key Sharing System
100: terminal
110: registration request unit
130:
150:
300: server
310: Register
330:

Claims (8)

In an authentication and key sharing method performed by a server,
Receiving a registration request message from a terminal;
Registering a user of the terminal;
Receiving an authentication request message from the terminal;
Authenticating the user and generating a session key; And
And transmitting a response value to the terminal.
Authentication and key sharing methods.
The method according to claim 1,
The registration request message includes a randomized ID
Figure pat00217
) And randomized password (
Figure pat00218
),
Wherein registering the user comprises:
The randomized ID (
Figure pat00219
), The randomized password (
Figure pat00220
), The secret value of the server (
Figure pat00221
) To calculate the registration value (
Figure pat00222
,
Figure pat00223
); And
The registration value (
Figure pat00224
,
Figure pat00225
) And an open parameter (
Figure pat00226
,
Figure pat00227
To the terminal,
Authentication and key sharing methods.
3. The method of claim 2,
The authentication request message includes a query value
Figure pat00228
,
Figure pat00229
,
Figure pat00230
,
Figure pat00231
),
remind
Figure pat00232
Is defined by Equation (1)
Equation (1)
Figure pat00233
ego,
remind
Figure pat00234
Is an arbitrary random number selected by the terminal,
remind
Figure pat00235
Is defined by equation (2)
Equation (2)
Figure pat00236
ego,
remind
Figure pat00237
Is defined by Equation (3)
Equation (3)
Figure pat00238
ego,
remind
Figure pat00239
Is a time stamp,
Authentication and key sharing methods.
The method of claim 3,
Wherein authenticating the user and generating a session key comprises:
Using Equation 4,
Figure pat00240
≪ / RTI >
remind
Figure pat00241
And a controller
Figure pat00242
And authenticating the user; And
Using equation (5), the session key
Figure pat00243
), ≪ / RTI >
Equation (4)
Figure pat00244
ego,
Equation (5)
Figure pat00245
ego,
remind
Figure pat00246
Is defined by Equation (6)
Equation (6)
Figure pat00247
ego,
remind
Figure pat00248
Is an arbitrary random number selected by the server,
remind
Figure pat00249
Is defined by Equation (7)
Equation (7)
Figure pat00250
sign,
Authentication and key sharing methods.
5. The method of claim 4,
Wherein the step of transmitting a response value to the terminal comprises:
Figure pat00251
,
Figure pat00252
,
Figure pat00253
), ≪ / RTI >
remind
Figure pat00254
Is defined by < RTI ID = 0.0 > (8)
Equation (8)
Figure pat00255
ego,
remind
Figure pat00256
Is a time stamp,
Authentication and key sharing methods.
3. The method of claim 2,
remind
Figure pat00257
Is defined by < RTI ID = 0.0 > (9)
Equation (9)
Figure pat00258
ego,
remind
Figure pat00259
Is defined by < RTI ID = 0.0 > (10)
Equation (10)
Figure pat00260
sign,
Authentication and key exchange methods.
A registration unit for receiving a registration request message from a terminal and registering a user of the terminal; And
And an authentication unit for receiving an authentication request message from the terminal, authenticating the user, generating a session key, and transmitting a response value to the terminal.
Authentication and key sharing servers.
An authentication and key sharing server according to claim 7; And
Comprising:
Authentication and key sharing system.
KR1020150181126A 2015-12-17 2015-12-17 Server, method and system for authentication and key agreement KR101782792B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150181126A KR101782792B1 (en) 2015-12-17 2015-12-17 Server, method and system for authentication and key agreement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150181126A KR101782792B1 (en) 2015-12-17 2015-12-17 Server, method and system for authentication and key agreement

Publications (2)

Publication Number Publication Date
KR20170073001A true KR20170073001A (en) 2017-06-28
KR101782792B1 KR101782792B1 (en) 2017-10-24

Family

ID=59280489

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150181126A KR101782792B1 (en) 2015-12-17 2015-12-17 Server, method and system for authentication and key agreement

Country Status (1)

Country Link
KR (1) KR101782792B1 (en)

Also Published As

Publication number Publication date
KR101782792B1 (en) 2017-10-24

Similar Documents

Publication Publication Date Title
He et al. Cryptanalysis and improvement of an extended chaotic maps-based key agreement protocol
Jiang et al. A privacy preserving three-factor authentication protocol for e-health clouds
KR102549272B1 (en) Method and Apparatus for Authenticated Key Exchange Using Password and Identity-based Signature
Zhao et al. A secure and effective anonymous authentication scheme for roaming service in global mobility networks
Tan An efficient biometrics-based authentication scheme for telecare medicine information systems
Das et al. A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
Gong et al. A secure chaotic maps-based key agreement protocol without using smart cards
Wu et al. A secure authentication scheme for telecare medicine information systems
Lee et al. Three‐factor control protocol based on elliptic curve cryptosystem for universal serial bus mass storage devices
Mir et al. A secure user anonymity and authentication scheme using AVISPA for telecare medical information systems
Phan et al. Analyzing the secure simple pairing in Bluetooth v4. 0
CN109309566B (en) Authentication method, device, system, equipment and storage medium
Qi et al. An efficient two‐party authentication key exchange protocol for mobile environment
CN112912878B (en) Secure crypto processor
Shukla et al. A novel ECC-based provably secure and privacy-preserving multi-factor authentication protocol for cloud computing
CN105162585B (en) A kind of session cipher negotiating method of secret protection
Amintoosi et al. TAMA: three-factor authentication for multi-server architecture
Kumar et al. A conditional privacy-preserving and desynchronization-resistant authentication protocol for vehicular ad hoc network
Chatterjee et al. An improved authentication and key management scheme in context of IoT-based wireless sensor network using ECC
WO2016030132A1 (en) A method for signing data, corresponding first device and system
Meshram et al. An efficient remote user authentication with key agreement procedure based on convolution-Chebyshev chaotic maps using biometric
JP2022533979A (en) User authentication and signature device using user biometrics, and method thereof
CN107223322B (en) Signature verification method, device and system
WO2019075447A1 (en) System and method for detecting the user using a single one-time password

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E90F Notification of reason for final refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant