LU102259B1 - Mobile storage-based authentication and key agreement method and system in medical environment - Google Patents

Mobile storage-based authentication and key agreement method and system in medical environment Download PDF

Info

Publication number
LU102259B1
LU102259B1 LU102259A LU102259A LU102259B1 LU 102259 B1 LU102259 B1 LU 102259B1 LU 102259 A LU102259 A LU 102259A LU 102259 A LU102259 A LU 102259A LU 102259 B1 LU102259 B1 LU 102259B1
Authority
LU
Luxembourg
Prior art keywords
server
calculating
user
storage device
mobile storage
Prior art date
Application number
LU102259A
Other languages
French (fr)
Inventor
Wu Ming-Tai
PAN Jeng-Shyang
Wang Tao
Chen Chien-Ming
Zheng Weimin
Wu Tsu-Yang
Original Assignee
Univ Shandong Science & Tech
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Shandong Science & Tech filed Critical Univ Shandong Science & Tech
Priority to LU102259A priority Critical patent/LU102259B1/en
Application granted granted Critical
Publication of LU102259B1 publication Critical patent/LU102259B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/88Medical equipments

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present disclosure provides communication authentication and key agreement method and system. The method includes: receiving a user name and a password entered by a user, and judging whether the user is an owner of the mobile storage device; calculating first transmission data transmitted to a server by a generation random number and a time stamp after determining that the user is the owner of the mobile storage device, and authenticating the mobile storage device by the server according to the first transmission data; receiving second transmission data from the server, and authenticating the server according to the second transmission data; and calculating a session key for communicating with the server after the server is authenticated.

Description

MOBILE STORAGE-BASED AUTHENTICATION AND KEY AGREEMENT METHOD AND SYSTEM IN MEDICAL ENVIRONMENT FIELD
[0001] The present disclosure relates the field of data security, and in particular to a mobile storage-based communication authentication and key agreement method and system in a medical environment.
BACKGROUND
[0002] Telecare Medicine Information System (TMIS) provides patients with flexible and convenient medical services. Patients at home submit their data to remote servers in a wired or wireless manner, and doctors in clinical center give corresponding clinical decisions or treatment plans after receiving the data.
[0003] It is necessary to verify and encrypt the data transmitted between patients and doctors as the data often contains user’s privacy. Therefore, a large number of authentication and key exchange schemes are designed and applied to the service systems.
[0004] However, insecure factors, such as offline password guessing attacks, user impersonation attacks, man-in-the-middle attacks, and the like, exist in the existing authentication and key exchange schemes. Therefore, how to improve the security of data transmission between two parties in the authentication and key exchange scheme has always 1 been an urgent goal in the industry. LU102259
SUMMARY
[0005] The present disclosure aims to provide highly secure and efficient communication authentication and key agreement method and system.
[0006] In one aspect, the present disclosure provides a communication authentication and key agreement method, which is applied to a mobile storage device. The method includes:
[0007] receiving a user name and a password entered by a user, and judging whether the user is an owner of the mobile storage device;
[0008] calculating first transmission data transmitted to a server by a generation random number and a time stamp after determining that the user is the owner of the mobile storage device, and authenticating the mobile storage device by the server according to the first transmission data;
[0009] receiving second transmission data from the server, and authenticating the server according to the second transmission data; and
[0010] calculating a session key for communicating with the server after the server is authenticated.
[0011] In some embodiments, before the operation “receiving a user name and a password entered by a user”, the method further includes:
[0012] calculating HPW; = h(PW; || b) by the user name ID; and the password PW; selected by the user and the generation random number b, transmitting {ID;, HPW;} as registration 2 information to the server, calculating by the server A; = h(ID; ll k,) , Bi = h(h(ID;Ub102259 HPW,) mod m) and C; = A;®HPW,®B; through one generation random number m(2* < m < 28) after receiving the registration information, and storing a parameter {Bi Cum, Ks, Es), D,C),h ()} as storage data in the mobile storage device and returning the storage data to the user, h(-) is a hash function, || is a connection operation, k, is a private key of the server, K, is a public key of the server, K, = kg P, E,() is an encryption function, D,() is a decryption function, P is a base point on an elliptic curve, and @ is an exclusive OR operation.
[0013] In some embodiments, the operation of “judging whether the user is an owner of the mobile storage device according to the user name and the password entered by the user” includes:
[0014] entering by the user the user name /D; and password PW;;
[0015] calculating HPW; = h(PW; II b) and B; = h(h(ID; | HPW;) modm) , and comparing whether B; is equal to B;;
[0016] if yes, determining that the user is the owner of the mobile storage device; and
[0017] if no, terminating a session.
[0018] In some embodiments, the operation of “calculating first transmission data transmitted to a server by a generation random number and a time stamp” includes:
[0019] generating the generation random number 7, and the time stamp 7, ;
[0020] calculating A; = C;@HPW;@B;, Re = 1.A;P, k1 = r.A,K,, and H; = Ep, (realm || ID; || A; II Ty); and
[0021] transmitting {H;, R.} as the first transmission data to the server; 3
[0022] wherein, the operation of “authenticating the mobile storage device by the servetJ102259 according to the first transmission data” includes:
[0023] after the server receiving the first transmission data {H;, Re}, calculating k2 = k,Re, and decrypting H; by a calculated result to acquire realm || ID; || A; Il T1;
[0024] verifying by the server a legitimacy of the time stamp T,;
[0025] if the time stamp T, is legal, calculating A; = h(ID; || k,) and verifying A; ? = A;; if the two values are equal, passing by the server the authentication of the mobile storage device; otherwise, terminating the session; and
[0026] generating by the server the generation random number 7, and the time stamp T5, calculating Ry =r," P, Jy =7R., SK =h(J; IT, T3) , and L; = Ex; (UD; Il Rg Il J; II T2 II realm), and transmitting {L;} as the second transmission data to the mobile storage device.
[0027] In some embodiments, the operation of “authenticating the server according to the second transmission data” includes:
[0028] after receiving the second transmission data {L;}, decrypting L; through r,A;K, to acquire ID; || Rs Il J; || T, || realm, and verifying whether the time stamp T, is legal;
[0029] if the time stamp T; is legal, calculating J; = r.A;R, and verifying J; ? = J;; and
[0030] if the two values are equal, passing by the server the authentication of the mobile storage device.
[0031] In some embodiments, the operation of “calculating a session key for communicating with the server” includes: 4
[0032] calculating the session key for communicating with the server as SK = h(J] || T,LU102259 T,).
[0033] In another aspect, the present disclosure provides a communication authentication and key agreement system, which is applied to a mobile storage device. The system includes:
[0034] a judging module, configured for receiving a user name and a password entered by a user, and judging whether the user is an owner of the mobile storage device;
[0035] a transmitting module, configured for calculating first transmission data transmitted to a server by a generation random number and a time stamp after determining that the user is the owner of the mobile storage device, and authenticating the mobile storage device by the server according to the first transmission data;
[0036] a verifying module, configured for receiving second transmission data from the server, and authenticating the server according to the second transmission data; and
[0037] a calculating module, configured for calculating a session key for communicating with the server after the server is authenticated.
[0038] In some embodiments, the system further includes:
[0039] a registering module, configured for calculating HPW; = h(PW; || b) by the user name ID; and the password PW; selected by the user and the generation random number b, transmitting {/D,, HPW;} as registration information to the server, calculating by the server A; = h(ID; ll kg), Bi = h(h(ID; | HPW,) mod m) and C; = A;@HPW;@B; through one generation random number m(2* < m < 28) after receiving the registration information, and storing a parameter {B;, C;, M, K,, EsC), D,C),h ()} as storage data in the mobile storage device andJ102259 returning the storage data to the user, h(-) is a hash function, || is a connection operation, k is a private key of the server, K, is a public key of the server, K, = k, * P, Es) is an encryption function, D,(-) is a decryption function, P is a base point on an elliptic curve, and @ is an exclusive OR operation.
[0040] In some embodiments, the judging module is specifically configured for:
[0041] entering by the user the user name /D; and password PW;;
[0042] calculating HPW; = h(PW; II b) and B; = h(h(ID; | HPW;) mod m) , and comparing whether B; is equal to B;;
[0043] if yes, determining that the user is the owner of the mobile storage device; and
[0044] if no, terminating a session.
[0045] In some embodiments, the transmitting module is specifically configured for:
[0046] generating the generation random number 7, and the time stamp 7, ;
[0047] calculating A; = C;@HPW;@B;, Re = 1.A;P, k1 = r.A,K,, and H; = Ep, (realm || ID; || A; II Ty); and
[0048] transmitting {H;, R.} as the first transmission data to the server;
[0049] wherein, the operation of “authenticating the mobile storage device by the server according to the first transmission data” includes:
[0050] after the server receiving the first transmission data {H;, Re}, calculating k2 = k,Re, and decrypting H; by a calculated result to acquire realm || ID; || A; || Ty; 6
[0051] verifying by the server a legitimacy of the time stamp T,; LU102259
[0052] if the time stamp T, is legal, calculating A; = h(ID; || k,) and verifying A; ? = A;; if the two values are equal, passing by the server the authentication of the mobile storage device; otherwise, terminating the session; and
[0053] generating by the server the generation random number 7, and the time stamp T5, calculating Ry =r," P, Jy =7R., SK =h(J; IT, T3) , and L; = Ex; (UD; Il Rg Il J; II T2 II realm), and transmitting {L;} as the second transmission data to the mobile storage device,.
[0054] In some embodiments, the verifying module is specifically configured for:
[0055] after receiving the second transmission data {L;}, decrypting L; through r,A;K, to acquire ID; || Rs Il J; || T, || realm, and verifying whether the time stamp T, is legal;
[0056] if the time stamp T; is legal, calculating J; = r.A;R, and verifying J; ? = J;; and
[0057] if the two values are equal, passing by the server the authentication of the mobile storage device.
[0058] In some embodiments, the calculating module is specifically configured for:
[0059] calculating the session key for communicating with the server as SK = h(J; MT; II T,).
[0060] In the embodiments of the present disclosure, an elliptic curve cryptosystem is adopted in the process of realizing identity verification and key agreement. Under the same security level, the elliptic curve cryptosystem requires less storage and computing resources, and can be better adapted to resource-constrained devices. The embodiments of the present 7 disclosure provide user anonymity and untraceability, and can also better resist common netwotk)102259 attacks, such as offline password guessing attacks, user impersonation attacks, man-in-the- middle attacks, and the like.
BRIEF DESCRIPTION OF THE DRAWINGS
[0061] In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the related art, the drawings to be used in the embodiments or description of the related art will be briefly described below. Obviously, the drawings in the following description are only certain embodiments of the present disclosure, and other drawings may be obtained according to the structures shown in the drawings without any creative work for a person having ordinary skill in the art.
[0062] FIG. 1 is a flowchart of a communication authentication and key agreement method according to an embodiment of the present disclosure.
[0063] FIG. 2 is a schematic structural diagram of a communication authentication and key agreement system according to an embodiment of the present disclosure.
DETAILED DESCRIPTION OF THE EMBODIMENTS
[0064] The embodiments of the present disclosure will be described in detail below. Examples of the embodiments are shown in the accompanying drawings, wherein the same or similar reference numerals indicate the same or similar components, or components with the same or similar functions. The embodiments described below with reference to the 8 accompanying drawings are exemplary, and are intended to explain the present disclosure, but102259 should not be construed as limiting the present disclosure.
[0065] Referring to FIG. 1, the method includes the following operations. Meanwhile, for ease of description, the reference numerals in the method are shown in Table 1. Table 1 Description of the reference numerals Reference numeral Description ID; User name PW; User’s password P Base point on an elliptic curve kg Public key of the server Ks Private key of the server h() Secure hash function Il Connection operation @ Exclusive OR operation Es) Encryption function Ds() Decryption function
[0066] The present disclosure is a mobile storage-based authentication and key exchange scheme designed in a telecare medicine environment, which mainly includes four stages: an initialization stage, a user registration stage, a login and authentication stage, and a password modification stage.
[0067] Initialization stage: in the stage the server is configured to initialize related 9 parameters. An elliptic curve and a base point P on the elliptic curve are chosen. A hash functidi102259 h(-)is chosen. An encryption and decryption function E,(-)/ Ds(*) is chosen. A private key kis chosen. And K, = Kk - P is calculated.
[0068] User registration stage: user must register with the server before enjoying services provided by the server.
[0069] Login and authentication stage: the registered user can send a login request to the server, and the session key for this communication is established after the two-way identity authentication between the user the server is finished.
[0070] Password modification stage: user can modify the password in this stage when user perceives that the password is at risk of leaking. No assistance from the server is required at the stage.
[0071] The communication authentication and key agreement method shown in FIG. 1 is applied to a mobile storage device and configured to implement communication authentication and key agreement with the remote server. The method includes operations S1 to S4.
[0072] In operation S1, receiving a user name and a password entered by a user, and judging whether the user is an owner of the mobile storage device.
[0073] In the present embodiment, before the operation “receiving a user name and a password entered by a user”, the method further includes the user registration stage which specifically includes:
[0074] calculating HPW; = h(PW; || b) by the user name ID; and the password PW; selected by the user and the generation random number b, transmitting {ID;, HPW,;} as registratidtJ102259 information to the server, calculating by the server A; = h(ID; ll ks) , Bi = h(h(ID; 1 HPW,) mod m) and C; = A;@HPW,®B; through one generation random number m(2* < m < 28) after receiving the registration information, and storing a parameter {Bi Cum, Ks, Es), D,C),h ()} as storage data in the mobile storage device and returning the storage data to the user, h(-) is a hash function, || is a connection operation, k, is a private key of the server, K, is a public key of the server, K, = k, P, Es) is an encryption function, D, (-) is a decryption function, P is a base point on an elliptic curve, and @ is an exclusive OR operation.
[0075] When the user receives the mobile storage device returned by the server, b is stored in the mobile storage device.
[0076] In the present embodiment, the operation of “judging whether the user is an owner of the mobile storage device according to the user name and the password entered by the user” specifically includes:
[0077] entering by the user the user name /D; and password PW;;
[0078] calculating HPW; = h(PW; II b) and B; = h(h(ID; | HPW;) modm) , and comparing whether B; is equal to B;;
[0079] if yes, determining that the user is the owner of the mobile storage device; and
[0080] if no, terminating a session.
[0081] In operation S2, calculating first transmission data transmitted to the server by a generation random number and a time stamp after determining that the user is the owner of the 11 mobile storage device, and authenticating the mobile storage device by the server according tdJ102259 the first transmission data.
[0082] In the present embodiment, the operation of “calculating first transmission data transmitted to the server by a generation random number and a time stamp” includes:
[0083] generating the generation random number 7, and the time stamp 7, ;
[0084] calculating A; = C;@HPW;@B;, Re = 1.A;P, k1 = r.A,K,, and H; = Ep, (realm || ID; || A; II Ty); and
[0085] transmitting {H;, R.} as the first transmission data to the server;
[0086] wherein, the operation of “authenticating the mobile storage device by the server according to the first transmission data” includes:
[0087] after the server receiving the first transmission data {H;, Re}, calculating k2 = k,Re, and decrypting H; by a calculated result to acquire realm || ID; || A; Il T1;
[0088] verifying by the server a legitimacy of the time stamp T,;
[0089] if the time stamp T, is legal, calculating A; = h(ID; || k,) and verifying A; ? = A;; if the two values are equal, passing by the server the authentication of the mobile storage device; otherwise, terminating the session; and
[0090] generating by the server the generation random number 7, and the time stamp T5, calculating Ry =r," P, Jy =7R., SK =h(J; IT, T3) , and L; = Ex; (UD; Il Rg Il J; II T2 II realm), and transmitting {L;} as the second transmission data to the mobile storage device.
[0091] In operation S3, receiving second transmission data from the server, and 12 authenticating the server according to the second transmission data. LU102259
[0092] In the present embodiment, the operation of “authenticating the server according to the second transmission data” includes:
[0093] after receiving the second transmission data {L;}, decrypting L; through r,A;K, to acquire ID; || Rs Il J; II T, || realm, and verifying whether the time stamp T, is legal;
[0094] if the time stamp T; is legal, calculating J; = r.A;R, and verifying J; ? = J;; and
[0095] if the two values are equal, passing by the server the authentication of the mobile storage device.
[0096] In operation S4, calculating a session key for communicating with the server after the server is authenticated.
[0097] In the present embodiment, the operation of “calculating a session key for communicating with the server” includes:
[0098] calculating the session key for communicating with the server as SK = h(J; MT; II T,).
[0099] In the present embodiment, the password modification stage includes: modifying by the user the password when the user perceives that the password is at risk of leaking. No assistance from the server is required at the stage. The main operations are as follow:
[00100] (1) entering by the user the user name ID; and the password PWj, calculating HPW; = h(PW; II b) and B{ = h(h(ID; II HPW;) mod m) by the mobile storage device, and comparing whether B; is equal to Bj; if yes, determining that the user is the owner of the mobile storage 13 device, and proceeding to the next operations; if no, terminating the password modificatidiiJ102259 requirement.
[00101] (2) entering by the user a new password PW}"°", calculating by the mobile storage device a parameter HPW;"°Y = h(PW"*¥ || b) , BY = h(h(ID; II HPW"*"¥) mod m) , and Ci" = C:@HPW, © B; ®HPW}"°"® Bf“; then replacing B{"**" and C{**" with B; and C;,
[00102] Referring to FIG. 2, which shows a schematic structural diagram of a communication authentication and key agreement system 10 according to an embodiment of the present disclosure.
[00103] In the present embodiment, the communication authentication and key agreement system 10 is applied to a mobile storage device, and configured to implement communication authentication and key agreement with the remote server. The communication authentication and key agreement system 10 includes: a registering module 11, a judging module 12, a transmitting module 13, a verifying module 14, and a calculating module 15.
[00104] The registering module 11 is configured for calculating HPW; = h(PW; || b) by the user name ID; and the password PW; selected by the user and the generation random number b, transmitting {/D,, HPW;} as registration information to the server, calculating by the server A; = h(ID; ll kg), Bi = h(h(ID; | HPW,) mod m) and C; = A;@HPW;@B; through one generation random number m(2* < m < 28) after receiving the registration information, and storing a parameter {B;, Ci, M, K,, EsC), D,C),h ()} as storage data in the mobile storage device and returning the storage data to the user, h(-) is a hash function, || is a connection operation, k is a 14 private key of the server, K, is a public key of the server, K, = k, * P, E¢(*) is an encryptidiJ102259 function, D,(-) is a decryption function, P is a base point on an elliptic curve, and @ is an exclusive OR operation.
[00105] The judging module 12 is configured for receiving a user name and a password entered by a user, and judging whether the user is an owner of the mobile storage device;
[00106] In the present embodiment, the judging module 12 is specifically configured for:
[00107] entering by the user the user name /D; and password PW;;
[00108] calculating HPW; = h(PW; Il b) and B; = h(h(ID; | HPW;) mod m) , and comparing whether B; is equal to B;;
[00109] if yes, determining that the user is the owner of the mobile storage device; and
[00110] if no, terminating a session.
[00111] The transmitting module 13 is specifically configured for calculating first transmission data transmitted to a server by a generation random number and a time stamp after determining that the user is the owner of the mobile storage device, and authenticating the mobile storage device by the server according to the first transmission data.
[00112] In the present embodiment, the transmitting module 13 is specifically configured for:
[00113] generating the generation random number 7, and the time stamp T,:
[00114] calculating A; = C:@HPW;@B;, Re = 1.A;P, k1 = r.A,K,, and H; = Ep, (realm || ID; || A; II Ty); and
[00115] transmitting {H;, Re} as the first transmission data to the server;
[00116] wherein, the operation of “authenticating the mobile storage device by the servetJ102259 according to the first transmission data” includes:
[00117] after the server receiving the first transmission data {H;, Re}, calculating k2 = k,Re.
and decrypting H; by a calculated result to acquire realm || ID; || A; || Ty;
[00118] verifying by the server a legitimacy of the time stamp T;;
[00119] if the time stamp T, is legal, calculating A; = h(ID; || k,) and verifying A; ? = Az; if the two values are equal, passing by the server the authentication of the mobile storage device; otherwise, terminating the session; and
[00120] generating by the server the generation random number r, and the time stamp T,, calculating Ry =r," P, Jy =7R., SK =h(J; IT, T3) , and L; = Ex; (UD; Il Rg Il J; II T2 II realm), and transmitting {L;} as the second transmission data to the mobile storage device.
[00121] The verifying module 14 is configured for receiving second transmission data from the server, and authenticating the server according to the second transmission data.
[00122] In the present embodiment, the verifying module 14 is specifically configured for:
[00123] after receiving the second transmission data {L;}, decrypting L; through r,A;K, to acquire ID; || Rs Il J; II T, || realm, and verifying whether the time stamp T, is legal;
[00124] if the time stamp T, is legal, calculating J; = 1.A4;R, and verifying J; ? = J;; and
[00125] if the two values are equal, passing by the server the authentication of the mobile storage device.
[00126] The calculating module 15 is configured for calculating the session key for 16 communicating with the server after the server is authenticated. LU102259
[00127] In the present embodiment, the calculating module 15 is specifically configured for:
[00128] calculating the session key for communicating with the server as SK = h(J; Il T, Il T,).
[00129] In the embodiments of the present disclosure, an elliptic curve cryptosystem is adopted in the process of realizing identity verification and key agreement. Under the same security level, the elliptic curve cryptosystem requires less storage and computing resources, and can be better adapted to resource-constrained devices. The embodiments of the present disclosure provide user anonymity and untraceability. The embodiments of the present disclosure can also better resist common network attacks, such as offline password guessing attacks, user impersonation attacks, man-in-the-middle attacks, and the like.
[00130] In the description of the specification, the description with reference to terms "one implementation", "some implementations”, "one embodiment", "some embodiments”, "example", "specific examples”, or "some examples” and the like means that the specific features, structures, materials or characteristics described in conjunction with the embodiments or examples are included in at least one embodiment or example of the present disclosure. In this specification, the schematic representations of the above terms do not necessarily refer to the same embodiment or example. Moreover, the described specific features, structures, materials or characteristics may be combined in any one or more embodiments or examples in a suitable manner.
17
[00131] The above content is a further detailed description of the present disclosure 11102259 combination with specific embodiments, and it cannot be considered that the specific implementation of the present disclosure is limited to these descriptions. For those of ordinary skill in the art to which the present disclosure belongs, a number of simple deductions or substitutions can also be made without departing from the concept of the present disclosure.
18

Claims (12)

CLAIMS What is claimed is:
1. A communication authentication and key agreement method, applied to a mobile storage device, comprising: receiving a user name and a password entered by a user, and judging whether the user is an owner of the mobile storage device; calculating first transmission data transmitted to a server by a generation random number and a time stamp after determining that the user is the owner of the mobile storage device, and authenticating the mobile storage device by the server according to the first transmission data; receiving second transmission data from the server, and authenticating the server according to the second transmission data; and calculating a session key for communicating with the server after the server is authenticated.
2. The method according to claim 1, wherein before the operation “receiving a user name and a password entered by a user”, the method further comprises: calculating HPW; = h(PW; || b) by the user name ID; and the password PW; selected by the user and the generation random number b, transmitting {/D;, HPW;} as registration information to the server, calculating by the server A; = h(ID; || ks), Bi = h(h(ID; || HPW;) mod m) and C; = A;®HPW,®B; through one generation random number m(2* < m < 28) after receiving the 19 registration information, and storing a parameter {B;, Ci, m, Ks, Es), Ds), h (*)} as storage data in the mobile storage device and returning the storage data to the user, h(-) is a hash function, || is a connection operation, k, is a private key of the server, K, is a public key of the server, K, = kj P, Es(«) is an encryption function, D,(-) is a decryption function, P is a base point on an elliptic curve, and © is an exclusive OR operation.
3. The method according to claim 2, wherein the operation of “judging whether the user is an owner of the mobile storage device according to the user name and the password entered by the user” comprises: entering by the user the user name /D; and password PW;; calculating HPW; = h(PW, || b) and B; = h(h(ID; | HPW;) mod m) , and comparing whether B; is equal to B;; if yes, determining that the user is the owner of the mobile storage device; and if no, terminating a session.
4. The method according to claim 3, wherein the operation of “calculating first transmission data transmitted to a server by a generation random number and a time stamp” comprises: generating the generation random number 7, and the time stamp 74;
calculating A; = C;OHPW;®B;, Re = 1.A;P, k1 = r,A;K,, and H; = Ey (realm || ID; | A; || Ty); and transmitting {H;, R.} as the first transmission data to the server; wherein, the operation of “authenticating the mobile storage device by the server according to the first transmission data” comprises: after the server receiving the first transmission data {H;, Re}, calculating k2 = k R., and decrypting H; by a calculated result to acquire realm || ID; || A; | T1: verifying by the server a legitimacy of the time stamp T,; if the time stamp T, is legal, calculating A; = h(ID; || k,) and verifying A; ? = A;; if the two values are equal, passing by the server the authentication of the mobile storage device; otherwise, terminating the session; and generating by the server the generation random number 7, and the time stamp T5, calculating R,= 75 P,f;=rR,, SK=h(J; IT Ty), and L; = Ex; (ID; I Rg | J; I T, ll realm), and transmitting {L;} as the second transmission data to the mobile storage device.
5. The method according to claim 4, wherein the operation of “authenticating the server according to the second transmission data” comprises: after receiving the second transmission data {L;}, decrypting L; through 7.A;K, to acquire ID; | Rs II J; I T, || realm, and verifying whether the time stamp T; is legal; if the time stamp T; is legal, calculating J; = r.A;R, and verifying J; ? = J;; and if the two values are equal, passing by the server the authentication of the mobile storage 21 device.
6. The method according to claim 5, wherein the operation of “calculating a session key for communicating with the server” comprises: calculating the session key for communicating with the server as SK = h(J; | T, || T,).
7. A communication authentication and key agreement system, applied to a mobile storage device, wherein the system comprises: a judging module, configured for receiving a user name and a password entered by a user, and judging whether the user is an owner of the mobile storage device; a transmitting module, configured for calculating first transmission data transmitted to a server by a generation random number and a time stamp after determining that the user is the owner of the mobile storage device, and authenticating the mobile storage device by the server according to the first transmission data; a verifying module, configured for receiving second transmission data from the server, and authenticating the server according to the second transmission data; and a calculating module, configured for calculating a session key for communicating with the server after the server is authenticated.
22
8. The system according to claim 7, wherein the system further comprises: a registering module, configured for calculating HPW; = h(PW; || b) by the user name ID; and the password PW; selected by the user and the generation random number b, transmitting {ID;, HPW;} as registration information to the server, calculating by the server A; = h(ID; || ky), B; = h(h(ID; | HPW;) mod m) and C; = A;®HPW,;®B; through one generation random number m(2* < m < 28) after receiving the registration information, and storing a parameter {Bi Cum, Ks, Es), D,C), h ()} as storage data in the mobile storage device and returning the storage data to the user, h(-) is a hash function, || is a connection operation, k, is a private key of the server, K, is a public key of the server, K, = k, P, Es(-) is an encryption function, D,() is a decryption function, P is a base point on an elliptic curve, and @ is an exclusive OR operation.
9. The system according to claim 8, wherein the judging module is specifically configured for: entering by the user the user name /D; and password PW;; calculating HPW; = h(PW, || b) and B; = h(h(ID; | HPW;) mod m) , and comparing whether B; is equal to B;; if yes, determining that the user is the owner of the mobile storage device; and if no, terminating a session.
23
10. The system according to claim 9, wherein the transmitting module is specifically configured for: generating the generation random number 7, and the time stamp 74; calculating A; = C;OHPW;®B;, Re = 1.A;P, k1 = r,A;K,, and H; = Ey (realm || ID; | A; || Ty); and transmitting {H;, R.} as the first transmission data to the server; wherein, the operation of “authenticating the mobile storage device by the server according to the first transmission data” comprises: after the server receiving the first transmission data {H;, Re}, calculating k2 = k R., and decrypting H; by a calculated result to acquire realm || ID; || A; II Ty; verifying by the server a legitimacy of the time stamp T,; if the time stamp T, is legal, calculating A; = h(ID; || k,) and verifying A; ? = A;; if the two values are equal, passing by the server the authentication of the mobile storage device; otherwise, terminating the session; and generating by the server the generation random number 7, and the time stamp T5, calculating R,= 75 P,f;=rR,, SK=h(J; IT Ty), and L; = Ex; (ID; I Rg | J; I T, ll realm), and transmitting {L;} as the second transmission data to the mobile storage device.
11. The system according to claim 10, wherein the verifying module is specifically configured for: after receiving the second transmission data {L;}, decrypting L; through 7.A;K, to acquire ID; | Rs II J; I T, || realm, and verifying whether the time stamp T; is legal; 24 if the time stamp T; is legal, calculating J; = r.A;R, and verifying J; ? = J;; and if the two values are equal, passing by the server the authentication of the mobile storage device.
12. The system according to claim 11, wherein the calculating module is specifically configured for: calculating the session key for communicating with the server as SK = h(J; | T, || T,).
LU102259A 2020-12-04 2020-12-04 Mobile storage-based authentication and key agreement method and system in medical environment LU102259B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
LU102259A LU102259B1 (en) 2020-12-04 2020-12-04 Mobile storage-based authentication and key agreement method and system in medical environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
LU102259A LU102259B1 (en) 2020-12-04 2020-12-04 Mobile storage-based authentication and key agreement method and system in medical environment

Publications (1)

Publication Number Publication Date
LU102259B1 true LU102259B1 (en) 2021-06-09

Family

ID=76269407

Family Applications (1)

Application Number Title Priority Date Filing Date
LU102259A LU102259B1 (en) 2020-12-04 2020-12-04 Mobile storage-based authentication and key agreement method and system in medical environment

Country Status (1)

Country Link
LU (1) LU102259B1 (en)

Similar Documents

Publication Publication Date Title
US8694782B2 (en) Wireless authentication using beacon messages
CN105554747B (en) Wireless network connecting method, apparatus and system
EP4066434B1 (en) Password-authenticated public key establishment
CN107659406B (en) A resource operation method and device
US10567165B2 (en) Secure key transmission protocol without certificates or pre-shared symmetrical keys
EP3410758A1 (en) Wireless network connecting method and apparatus, and storage medium
WO2019041802A1 (en) Discovery method and apparatus based on service-oriented architecture
US11057195B2 (en) Method and system for providing security for the first time a mobile device makes contact with a device
CN111630811A (en) System and method for generating and hosting keys for multi-point authentication
CN109391468A (en) A kind of authentication method and system
WO2014069985A1 (en) System and method for identity-based entity authentication for client-server communications
CN103118363A (en) Method, system, terminal device and platform device of secret information transmission
CN106713236A (en) End-to-end identity authentication and encryption method based on CPK identifier authentication
CN105812349A (en) Asymmetric secret key distribution and message encryption method based on identity information
CN108259486B (en) End-to-end key exchange method based on certificate
CN114362946B (en) Key agreement method and system
CN113676330B (en) Digital certificate application system and method based on secondary secret key
LU102259B1 (en) Mobile storage-based authentication and key agreement method and system in medical environment
EP4661343A1 (en) Method, apparatus and system for accessing group
JP2005086428A (en) Method for performing encrypted communication with authentication, authentication system and method
KR102003622B1 (en) Method for authenticating attributes in a non-traceable manner and without connection to a server
CN118972083A (en) A conference access method and related device
KR20240066773A (en) authentication method of user equipments IN zero-trust and electronic device supporting the same
US20240380583A1 (en) Ephemeral Keys for Key Management Systems
CN120434625B (en) Privacy protection method and system based on TEE

Legal Events

Date Code Title Description
FG Patent granted

Effective date: 20210609