WO2021143457A1 - 基于sm9算法的身份认证方法、装置和计算机设备 - Google Patents
基于sm9算法的身份认证方法、装置和计算机设备 Download PDFInfo
- Publication number
- WO2021143457A1 WO2021143457A1 PCT/CN2020/137631 CN2020137631W WO2021143457A1 WO 2021143457 A1 WO2021143457 A1 WO 2021143457A1 CN 2020137631 W CN2020137631 W CN 2020137631W WO 2021143457 A1 WO2021143457 A1 WO 2021143457A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- claimant
- variable element
- verifier
- time
- token
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 82
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 53
- 230000001960 triggered effect Effects 0.000 claims abstract description 42
- 238000012795 verification Methods 0.000 claims abstract description 32
- 125000004122 cyclic group Chemical group 0.000 claims description 58
- 239000000654 additive Substances 0.000 claims description 55
- 230000000996 additive effect Effects 0.000 claims description 55
- 238000004364 calculation method Methods 0.000 claims description 39
- 230000006870 function Effects 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 22
- 230000001568 sexual effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 7
- 238000012546 transfer Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1014—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
Definitions
- This application relates to the field of information security technology, and in particular to an identity authentication method, device, computer equipment and storage medium based on the SM9 algorithm.
- the server will authenticate the user's identity information before providing various services. When the authentication is passed, it will provide the user with the requested service, otherwise it will refuse to provide the service.
- An identity authentication method based on SM9 algorithm includes:
- the first variable element is the element of the first additive cyclic group
- the second variable element is determined; the token of the claimant is sent to the password before the identity authentication request is triggered.
- the key generation center sends the claimant ID and the password request; the second variable element is the element of the second additive cyclic group;
- the claimant identifier, the time-varying parameter, the first variable element, and the second variable element are sent to the verifier; the verifier verifies the validity of the time-varying parameter, and when the time When the verification result of the variable parameter is valid, based on the bilinear pairing operation, according to the token of the verifier, the time-varying parameter, the first variable element, and the second variable element, the bilinear pairing operation is obtained According to the calculation result, it is determined whether the preset condition is satisfied according to the calculation result, and when the preset condition is satisfied, the authentication passed message is returned to the claimant.
- An identity authentication method based on SM9 algorithm includes:
- the claimant is generated, wherein the first variable element is the element of the first additive cyclic group, and the second variable element is the element of the second additive cyclic group;
- the verification result of the time-varying parameter is valid, based on the bilinear pairing operation, according to the token of the verifier, the time-varying parameter, the first variable element, and the second variable element, a double line is obtained.
- the operation result of the sexual pairing operation the token of the verifier is obtained by the key generation center according to the claimant ID and password sent by the claimant before the identity authentication request is triggered, and the token is sent to the verifier;
- An identity authentication method based on SM9 algorithm includes:
- the identity authentication request When the identity authentication request is triggered, the first random number is generated;
- the first variable element is the element of the first additive cyclic group
- the second random number is generated by the verifier after receiving the claimant identifier and the first variable element sent by the claimant;
- the second variable element is determined; the token of the claimant is determined before the identity authentication request is triggered , Sending the claimant ID and the password request to the key generation center; the second variable element is the element of the second additive cyclic group;
- the second variable element is sent to the verifier; the verifier is based on a bilinear pairing operation based on the verifier’s token, the second random number, the first variable element, and the first variable element.
- a binary variable element is used to obtain the operation result of the bilinear pairing operation. According to the operation result, it is determined whether the preset condition is satisfied. When the preset condition is satisfied, the authentication pass message is returned to the claimant.
- An identity authentication method based on SM9 algorithm includes:
- the claimant receives the claimant ID and the first variable element sent by the claimant; the first variable element is the element of the first additive cyclic group.
- the claimant When the identity authentication request is triggered, the claimant generates a first random number based on the cryptographic function , After obtaining the element identified by the claimant according to the claimant identification, it is obtained according to the first random number and the element identified by the claimant;
- the second variable element is the element of the second additive cyclic group
- the operation result of the bilinear pairing operation is obtained according to the token of the verifier, the second random number, the first variable element, and the second variable element;
- the key generation center obtains it according to the claimant ID and password sent by the claimant, and sends it to the verifier;
- An identity authentication device based on SM9 algorithm includes:
- Time-varying parameter generation module used to generate random numbers and time-varying parameters when the identity authentication request is triggered
- the first variable element determination module is used to obtain the element of the claimant identification based on the cryptographic function and the element of the claimant identification; determine the first variable element according to the random number and the element of the claimant identification; the first variable Yuan is the element of the first additive cyclic group;
- the second variable element determination module is used to determine the second variable element according to the random number, the time-varying parameter, the element identified by the claimant, the token of the claimant, and the password; the token of the claimant It is obtained by sending the claimant ID and the password request to the key generation center before triggering the identity authentication request; the second variable element is the element of the second additive cyclic group;
- the variable element sending module is used to send the claimant identifier, the time-varying parameter, the first variable element and the second variable element to the verifier; the verifier verifies the time-varying parameter Validity, when the verification result of the time-varying parameter is valid, based on the bilinear pairing operation, according to the token of the verifier, the time-varying parameter, the first variable element, and the second variable element, Obtain the operation result of the bilinear pairing operation, determine whether the preset condition is satisfied according to the operation result, and when the preset condition is satisfied, return an authentication pass message to the claimant.
- An identity authentication device based on SM9 algorithm includes:
- the variable element receiving module is used to receive the claimant identifier, time-varying parameter, first variable element and second variable element sent by the claimant; the time-varying parameter, the first variable element and the second variable element are determined by When the identity authentication request is triggered, the claimant generates it, wherein the first variable element is the element of the first additive cyclic group, and the second variable element is the element of the second additive cyclic group;
- a time-varying parameter verification module for verifying the validity of the time-varying parameter
- the pairing operation module is used for when the verification result of the time-varying parameter is valid, based on the bilinear pairing operation, according to the token of the verifier, the time-varying parameter, the first variable element and the second Variable element to obtain the result of the bilinear pairing operation; the token of the verifier is obtained by the key generation center according to the claimant ID and password sent by the claimant before the identity authentication request is triggered, and sent to the Verifier
- the authentication judgment module is used for judging whether a preset condition is satisfied according to the calculation result, and when the preset condition is satisfied, returning an authentication pass message to the claimant.
- a computer device includes a memory and a processor, the memory stores a computer program, and the processor implements the above method steps when the computer program is executed.
- a computer-readable storage medium has a computer program stored thereon, and the computer program implements the above method steps when executed by a processor.
- the claimant calculates the first variable element sum by the random number generated when the identity authentication request is triggered, the time-varying parameter, the claimant ID, the claimant token, and the password.
- the second variable element, and the time-varying parameter, the claimant ID, the first variable element and the second variable element are sent to the verifier, and the verifier verifies the validity of the time-varying parameter, which improves the timeliness of the identity authentication process, and
- the identity of the claimant is authenticated based on the result of the bilinear pairing operation.
- the method does not need to perform identity authentication directly through a user name plus a password, solves the problem that user information is easy to leak in the prior art, and improves the security of identity authentication.
- Figure 1 is an application environment diagram of an identity authentication system based on SM9 algorithm in an embodiment
- FIG. 2 is a sequence diagram of an identity authentication method based on the SM9 algorithm in an embodiment
- FIG. 3 is a schematic flowchart of an identity authentication method based on SM9 algorithm applied to a claimant in an embodiment
- FIG. 4 is a schematic flowchart of an identity authentication method based on SM9 algorithm applied to a verifier in an embodiment
- FIG. 5 is a sequence diagram of an identity authentication method based on the SM9 algorithm in another embodiment
- FIG. 6 is a schematic flowchart of an identity authentication method based on the SM9 algorithm applied to the claimant in another embodiment
- FIG. 7 is a schematic flowchart of an identity authentication method based on SM9 algorithm applied to a verifier in another embodiment
- FIG. 8 is a sequence diagram of the steps of acquiring a token before triggering identity authentication in an embodiment
- Figure 9 is a structural block diagram of an identity authentication device based on SM9 algorithm in an embodiment
- Figure 10 is a structural block diagram of an identity authentication device based on SM9 algorithm in a preferred embodiment
- FIG. 11 is a structural block diagram of an identity authentication device based on SM9 algorithm in another embodiment
- Figure 12 is an internal structure diagram of a computer device in an embodiment
- Fig. 13 is a diagram of the internal structure of a computer device in another embodiment.
- an identity authentication system based on the SM9 algorithm is provided, including a claimant 102 and a verifier 104.
- the claimant 102 can be a terminal
- the verifier 104 can be a server
- the claimant 102 Communicate with the verifier 104 through the network.
- the identity authentication request is triggered
- the claimant 102 generates a random number and time-varying parameters, and based on the cryptographic function, the element of the claimant identity is obtained according to the identity of the claimant, and the first element is determined according to the random number and the element of the claimant identity.
- Variable element Determine the second variable element according to the random number, time-varying parameter, the element of the claimant ID, the token and password of the claimant, and send the claimant ID, time-varying parameter, the first variable element and the second variable element
- the verifier 104 receives the claimant ID, the time-varying parameter, the first variable element, and the second variable element sent by the claimant 102, and verifies the validity of the time-varying parameter.
- the verification result of the time-varying parameter is valid
- the operation result of the bilinear pairing operation is obtained according to the token, the time-varying parameter, the first variable element and the second variable element of the verifier. According to the operation result, it is judged whether the preset condition is satisfied.
- the authentication passed message is returned to the claimant 102.
- the claimant 102 can be, but is not limited to, various personal computers, notebook computers, smart phones, tablets, and portable wearable devices, and the verifier 104 can be implemented by an independent server or a server cluster composed of multiple servers.
- the claimant 102 can be used to implement an identity authentication method based on the SM9 algorithm, and the server 104 can also be used to implement an identity authentication method based on the SM9 algorithm.
- an identity authentication method based on the SM9 algorithm is provided, and the method is applied to the identity authentication system based on the SM9 algorithm in FIG. 1 as an example for description.
- step S201 when the identity authentication request is triggered, the claimant generates a random number and a time-varying parameter.
- the identity authentication request is an identity information authentication request sent by the claimant to the verifier, which is generated by the user corresponding to the claimant triggering the client interface.
- the random number r 1 is a random number between 1 and N-1
- N is the order N of the first additive cyclic group G 1 or the second additive cyclic group G 2
- r 1 can be generated by a random number generator.
- the time-varying parameter r 2 is the parameter used by the claimant related to the time when the request is sent when the user triggers the identity authentication request. It can be a serial number or a timestamp, and the timestamp needs to be converted to a number between 1 and N-1.
- N is the order N of the first additive cyclic group G 1 or the second additive cyclic group G 2 .
- the verifier needs to detect the timestamp after receiving the message from the claimant.
- the time stamp information in the message is consistent with that of the verifier.
- the absolute value of the difference between the time points when the timestamp is received does not exceed the tolerable time window; if it is a sequence number, it is necessary to ensure in advance that the message verifier with a specific sequence number can only receive it once or the verifier can only receive it once within the specified time.
- the claimant maintains a serial number that has been used previously or will be valid in the future.
- the serial number can be generated by the serial number counter, and a special program can be used to reset or restart the serial number generator to update the serial number.
- the claimant when the user triggers an identity authentication request on the client interface, the claimant generates a random number r 1 and a time-varying parameter r 2 .
- step S202 the claimant obtains the meta of the claimant identity based on the cryptographic function and according to the claimant identity.
- the cryptographic function H(U) is a cryptographic function based on the SM9 algorithm
- the input is bit string information U
- the output is an integer h, that is, an element P U in the first additive cyclic group G 1
- H(U) [H 1 (U)]P or [H 2 (U)]P
- P is the generator of the first additive cyclic group G 1
- H 1 (U) is the output value of the cryptographic function H 1 when U is input
- H 2 (U) is the output value when the cryptographic function H 2 is input to U
- H(U) is H 1 (U) times or H 2 (U) times the element P.
- the claimant ID A is the identity information of the claimant, such as name, email address, telephone number, etc.
- Step S203 The claimant determines the first variable element according to the random number and the element identified by the claimant.
- the first variable element X is the element of the first additive cyclic group G 1 , and the claimant determines the first variable element X according to the random number r 1 and the element P A identified by the claimant as follows:
- X is a first variable element r 1 identifies the party claiming multiple value P A of the element.
- Step S204 the claimant determines the second variable element according to the random number, the time-varying parameter, the element identified by the claimant, the token of the claimant, and the password.
- the second variable element Y is the element of the second additive cyclic group G 2.
- the claimant sends the claimant ID A and password pwd to the Key Generation Center (KGC).
- KGC Key Generation Center
- the application is received.
- the password pwd is the password owned by the claimant.
- step S205 the claimant sends the claimant identifier, the time-varying parameter, the first variable element and the second variable element to the verifier.
- the claimant sends the claimant identification ID A , the time-varying parameter r 2 , the first variable element X and the second variable element Y to the verifier, and the verifier verifies the identity of the claimant.
- Step S206 The verifier receives the claimant identifier, the time-varying parameter, the first variable element and the second variable element sent by the claimant.
- the verifier receives the claimant identification ID A , the time-varying parameter r 2 , the first variable element X and the second variable element Y sent by the claimant.
- Step S207 The verifier verifies the validity of the time-varying parameter.
- the time-varying parameter r 2 can be a time stamp or a serial number. Specifically, if the time-varying parameter r 2 is a timestamp, the verifier verifies whether the absolute value of the difference between the timestamp and the time point at which the verifier receives the timestamp exceeds the preset delay time, the preset delay time is for example 1 minute, if If the value is not exceeded, the verification result is valid, otherwise it is invalid, and the verification fails; if the time-varying parameter r 2 is the serial number, the verifier verifies whether the serial number sent by the claimant is consistent with the serial number generated by the verifier’s serial number counter, If they are consistent, the verification result is valid, otherwise, it is invalid, and the verification fails.
- the serial number format of the serial number is the format agreed by the claimant and the verifier in advance.
- the serial number counter must be restarted or reset, or the serial number counter can be restarted or reset at a preset interval, for example, once every 30 days.
- Step S208 When the verification result of the time-varying parameter is valid, the verifier obtains the bilinear pairing operation based on the verifier’s token, the time-varying parameter, the first variable element and the second variable element based on the bilinear pairing operation. The result of the calculation.
- the token Token B of the verifier is obtained by the key generation center according to the claimant ID A and the password pwd sent by the claimant before the identity authentication request is triggered, and sent to the verifier.
- the bilinear pairing operation e is a bilinear pairing operation from the first additive cyclic group G 1 and the second additive cyclic group G 2 to the multiplicative cyclic group G T , that is, the bilinear pair from G 1 ⁇ G 2 to G T.
- the result of the bilinear pairing operation e can be one or more.
- the operation result of the bilinear pairing operation e includes the first operation result e 1 and the second operation result e 2 , according to the token Token B of the verifier, the time-varying parameter r 2 , and the first variable element X And the second variable element Y, the formulas for obtaining the first operation result e 1 and the second operation result e 2 are as follows:
- Q is the generator of the second additive cyclic group G 2.
- step S209 the verifier judges whether the preset condition is satisfied according to the calculation result, and when the preset condition is satisfied, it proceeds to step S210.
- the preset condition is set according to the calculation result of the bilinear pairing operation, and may be preset by the server or manually.
- the verifier judges whether the first calculation result e 1 and the second calculation result e 2 are equal according to the first calculation result e 1 and the second calculation result e 2 , and when the two are equal, the verifier judges whether the first calculation result e 1 and the second calculation result e 2 are equal. In order to meet the preset conditions, it means that the identity authentication of the claimant has passed.
- step S210 the verifier returns an authentication passed message to the claimant.
- the verifier passes the identity authentication of the claimant, and returns an authentication passed message to the claimant.
- the claimant ID, the time-varying parameter, the first variable element, and the second variable element are sent to the verifier through the claimant.
- the first variable element is generated based on the claimant ID
- the second variable The meta is generated based on the claimant’s token and password, and the verifier verifies the validity of the time-varying parameters, prevents the claimant from sending previously verified data, and ensures the time validity of the verification process.
- the verifier uses time-varying parameters and the verifier’s token to verify the first variable element and the second variable element, so as to realize the authentication of the identity information of the claimant.
- the above method is more efficient through one-time information transfer from the claimant to the verifier.
- the system deployment of SM9 is used. There is no need to deploy a new system.
- the private information of the claimant is split into the token and password of the claimant, and no password is required directly.
- Information transfer improves the security of identity authentication, and requires very low computing power for the claimant. More complicated calculations, such as bilinear pairing operation e, are placed on the verifier.
- an identity authentication method based on the SM9 algorithm is provided. Taking the method applied to the claimant in FIG. 1 as an example for description, the method includes the following steps:
- Step S302 when the identity authentication request is triggered, a random number and a time-varying parameter are generated.
- Step S304 based on the cryptographic function and according to the claimant identity, obtain the element of the claimant identity.
- Step S306 Determine the first variable element according to the random number and the element identified by the claimant; the first variable element is the element of the first additive cyclic group.
- Step S308 Determine the second variable element according to the random number, the time-varying parameter, the element identified by the claimant, the token of the claimant, and the password; before the token of the claimant triggers the identity authentication request, the claim is sent to the key generation center Party ID and password are applied for; the second variable element is the element of the second additive cyclic group.
- Step S310 Send the claimant ID, the time-varying parameter, the first variable element, and the second variable element to the verifier; the verifier verifies the validity of the time-varying parameter, and when the verification result of the time-varying parameter is valid, it is based on the two-line Sexual pairing operation, according to the token of the verifier, the time-varying parameter, the first variable element and the second variable element, the operation result of the bilinear pairing operation is obtained. According to the operation result, it is judged whether the preset condition is satisfied, and when the preset condition is satisfied When the conditions are met, the authentication passed message is returned to the claimant.
- the claimant ID, the time-varying parameter, the first variable element, and the second variable element are sent to the verifier through the claimant.
- the first variable element is generated based on the claimant ID
- the second variable The meta is generated based on the claimant’s token and password
- the verifier verifies the validity of the time-varying parameters, prevents the claimant from sending previously verified data, and ensures the time validity of the verification process.
- the verifier uses time-varying parameters and the verifier’s token to verify the first variable element and the second variable element to achieve the authentication of the claimant’s identity information.
- the above method does not require direct use of passwords for information Transfer to improve the security of identity authentication.
- an identity authentication method based on the SM9 algorithm is provided. Taking the method applied to the verifier in FIG. 1 as an example for description, the method includes the following steps:
- Step S402 Receive the claimant identity, time-varying parameter, first variable element and second variable element sent by the claimant; the time-varying parameter, the first variable element and the second variable element are generated by the claimant when the identity authentication request is triggered.
- the first variable element is the element of the first additive cyclic group
- the second variable element is the element of the second additive cyclic group.
- step S404 the validity of the time-varying parameter is verified.
- Step S406 When the verification result of the time-varying parameter is valid, based on the bilinear pairing operation, the operation result of the bilinear pairing operation is obtained according to the token, the time-varying parameter, the first variable element and the second variable element of the verifier ; Before the verification party’s token is triggered by the identity authentication request, the key generation center obtains it according to the claimant ID and password sent by the claimant, and sends it to the verifier.
- Step S408 According to the calculation result, it is determined whether the preset condition is satisfied, and when the preset condition is satisfied, the authentication passed message is returned to the claimant.
- the verifier receives the claimant identity, time-varying parameters, first variable element, and second variable element sent by the claimant, wherein the first variable element is generated based on the claimant identity, and the first variable element is generated according to the claimant identity.
- the binary element is generated based on the claimant’s token and password to verify the validity of the time-varying parameters, prevent the claimant from sending previously verified data, and ensure the time validity of the verification process.
- time-varying parameter verification is valid
- the bilinear pairing operation uses time-varying parameters and the verifier’s token to verify the first variable element and the second variable element to achieve the authentication of the identity information of the claimant.
- the above method does not require direct use of passwords for information transmission, which improves Improved the security of identity authentication.
- an identity authentication method based on the SM9 algorithm is provided, and the method is applied to the identity authentication system based on the SM9 algorithm in FIG. 1 as an example for description.
- Step S501 When the identity authentication request is triggered, the claimant generates a first random number.
- the first random number is that r 1 is a random number between 1 and N-1, N is the order N of the first additive cyclic group G 1 or the second additive cyclic group G 2 , and r 1 can be a random number generator produce.
- step S502 the claimant obtains the meta of the claimant identity based on the cryptographic function and according to the claimant identity.
- Step S503 The claimant determines the first variable element according to the first random number and the element identified by the claimant.
- the first variable element X is the element of the first additive cyclic group G 1 , and the claimant determines the first variable element X according to the random number r 1 and the element P A identified by the claimant as follows:
- X is a first variable element r 1 identifies the party claiming multiple value P A of the element.
- step S504 the claimant sends the claimant identifier and the first variable element to the verifier.
- the claimant sends the claimant identification ID A and the first variable element X to the verifier.
- Step S505 The verifier receives the claimant identifier and the first variable element sent by the claimant.
- the verifier receives the claimant identification ID A and the first variable element X sent by the claimant.
- Step S506 the verifier generates a second random number.
- the second random number r 2 is a random number between 1 and N-1
- N is the order N of the first additive cyclic group G 1 or the second additive cyclic group G 2
- r 2 can be generated by a random number generator .
- the random number generator of the verifier generates the second random number r 2 .
- Step S507 The verifier sends the second random number to the claimant.
- the verifier sends the second random number r 2 to the claimant.
- Step S508 the claimant receives the second random number sent by the verifier.
- the claimant receives the second random number r 2 sent by the claimant.
- Step S509 The claimant determines the second variable element according to the first random number, the second random number, the element identified by the claimant, the token of the claimant, and the password.
- the token Token A of the claimant is obtained by the claimant sending the claimant ID A and the password pwd to the key generation center before triggering the identity authentication request, and the second variable element Y is the element of the second additive cyclic group G 2 .
- the formula for the claimant to determine the second variable element Y according to the first random number r 1 , the second random number r 2 , the element P A identified by the claimant, the token Token A of the claimant, and the password pwd is as follows:
- Step S510 the claimant sends the second variable element to the verifier.
- the claimant sends the second variable element Y to the verifier.
- Step S511 the verifier receives the second variable element sent by the claimant.
- the verifier receives the second variable element Y sent by the claimant.
- step S512 the verifier obtains the result of the bilinear pairing operation based on the verifier's token, the second random number, the first variable element, and the second variable element based on the bilinear pairing operation.
- the token Token B of the verifier is obtained by the key generation center according to the claimant ID A and the password pwd sent by the claimant before the identity authentication request is triggered, and sent to the verifier.
- the bilinear pairing operation e is a bilinear pairing operation from the first additive cyclic group G 1 and the second additive cyclic group G 2 to the multiplicative cyclic group G T , that is, the bilinear pair from G 1 ⁇ G 2 to G T.
- the result of the bilinear pairing operation e can be one or more.
- the operation result of the bilinear pairing operation e includes the first operation result e 1 and the second operation result e 2 , according to the token Token B of the verifier, the time-varying parameter r 2 , and the first variable element X And the second variable element Y, the formulas for obtaining the first operation result e 1 and the second operation result e 2 are as follows:
- Q is the generator of the second additive cyclic group G 2.
- step S513 the verifier judges whether the preset condition is satisfied according to the calculation result, and when the preset condition is satisfied, it proceeds to step S514.
- the preset condition is set according to the calculation result of the bilinear pairing operation, and may be preset by the server or manually.
- the verifier judges whether the first calculation result e 1 and the second calculation result e 2 are equal according to the first calculation result e 1 and the second calculation result e 2 , and when the two are equal, the verifier judges whether the first calculation result e 1 and the second calculation result e 2 are equal. In order to meet the preset conditions, it means that the identity authentication of the claimant has passed.
- step S514 the verifier returns an authentication passed message to the claimant.
- the verifier passes the identity authentication of the claimant, and returns an authentication passed message to the claimant.
- the first variable element is generated based on the claimant identity, and the verifier generates the second random number and sends it to the claimant.
- the verifier determines the second variable element and sends it to the verifier.
- the verifier receives the second variable element, it is based on bilinear pairing In operation, the first variable element and the second variable element are verified using the token of the verifier and the second random number, so as to realize the authentication of the identity information of the claimant.
- the above method has higher security through multiple information transfers between the claimant and the verifier.
- the system deployment of SM9 is used. There is no need to deploy a new system, and the claimant’s private information is split into the claimant’s token and password, and there is no need to directly
- the use of passwords for data transmission improves the security of identity authentication, and requires very low computing power for the claimant. More complicated calculations, such as the bilinear pairing operation e, are placed on the verifier.
- an identity authentication method based on the SM9 algorithm is provided. Taking the method applied to the claimant in FIG. 1 as an example, the method includes the following steps:
- Step S602 when the identity authentication request is triggered, a first random number is generated.
- step S604 based on the cryptographic function, the element of the claimant identity is obtained according to the claimant identity.
- Step S606 Determine a first variable element according to the first random number and the element identified by the claimant; the first variable element is the element of the first additive cyclic group.
- Step S608 Send the claimant identifier and the first variable element to the verifier.
- Step S610 Receive a second random number sent by the verifier; the second random number is generated by the verifier after receiving the claimant identifier and the first variable element sent by the claimant.
- Step S612 Determine the second variable element according to the first random number, the second random number, the element identified by the claimant, the token of the claimant, and the password; the token of the claimant is generated to the key before the identity authentication request is triggered.
- the center sends the claimant ID and password request; the second variable element is the element of the second additive cyclic group.
- Step S614 the second variable element is sent to the verifier; based on the bilinear pairing operation, the verifier obtains the bilinear pairing based on the verifier’s token, the second random number, the first variable element, and the second variable element. According to the calculation result of the calculation, it is determined whether the preset condition is satisfied, and when the preset condition is satisfied, the authentication passed message is returned to the claimant.
- the first variable element is generated based on the claimant identity, and the verifier generates the second random number and sends it to the claimant.
- the verifier determines the second variable element and sends it to the verifier.
- the verifier receives the second variable element, it is based on bilinear pairing In operation, the first variable element and the second variable element are verified using the token of the verifier and the second random number, so as to realize the authentication of the identity information of the claimant.
- the above method has higher security through multiple information transfers between the claimant and the verifier.
- the system deployment of SM9 is used. There is no need to deploy a new system, and the claimant’s private information is split into the claimant’s token and password. There is no need to directly
- the use of passwords for data transfer improves the security of identity authentication, and requires very low computing power for the claimant. More complicated calculations, such as bilinear pairing operation e, are placed on the verifier.
- an identity authentication method based on the SM9 algorithm is provided. Taking the method applied to the verifier in FIG. 1 as an example, the method includes the following steps:
- Step S702 Receive the claimant ID and the first variable element sent by the claimant; the first variable element is the element of the first additive cyclic group.
- the claimant When the identity authentication request is triggered, the claimant generates a first random number based on the cryptographic function, After obtaining the element identified by the claimant according to the claimant identification, it is obtained according to the first random number and the element identified by the claimant.
- Step S704 Generate a second random number.
- Step S706 Send the second random number to the claimant.
- Step S708 receiving the second variable element sent by the claimant; the second variable element is the element of the second addition cycle group.
- Step S710 based on the bilinear pairing operation, the operation result of the bilinear pairing operation is obtained according to the token, the second random number, the first variable element and the second variable element of the verifier; the token of the verifier is triggered by the identity
- the key generation center obtains it from the claimant ID and password sent by the claimant and sends it to the verifier.
- step S712 according to the calculation result, it is determined whether the preset condition is satisfied, and when the preset condition is satisfied, the authentication passed message is returned to the claimant.
- the verifier After the verifier receives the claimant ID and the first variable element sent by the claimant, it generates a second random number and sends it to the claimant.
- the claimant is based on the first random number and the second random number.
- the second variable element is determined and sent to the verifier.
- the verifier After receiving the second variable element, the verifier uses the verifier’s token and second random number based on the bilinear pairing operation. The first variable element and the second variable element are verified to realize the authentication of the identity information of the claimant.
- the above method has higher security through multiple information transfers between the claimant and the verifier.
- the system deployment of SM9 is used.
- the identity authentication request before triggering the identity authentication request, it further includes: sending the claimant ID and password to the key generation center; the claimant ID and password are used to apply for the claimant’s token and verifier Token; Receive and store the claimant’s token sent by the key generation center.
- a key generation center (the KGC) generates a random number s as the primary private key, P a party identity claims membered cryptographic function, key generation center (the KGC) generated in accordance with claims party identifier ID a is generated based on the following formula:
- KGC Key Generation Center
- s is a random number from 1 to N-1, which is owned by the key generation center KGC, and pwd is a password owned by the claimant.
- KGC Key Generation Center
- s is a random number from 1 to N-1, which is owned by the key generation center KGC, and Q is the generator of the second additive cyclic group G 2.
- KGC key generation center
- the claimant only needs to send the claimant ID and password to the key generation center, the claimant can obtain the claimant’s token, and the verifier can obtain the verifier’s token, thereby realizing the initialization of identity authentication.
- the subsequent claimant and verifier perform identity authentication again, there is no need to initialize the identity authentication to obtain the token, and then the identity authentication can be performed.
- an identity authentication device 900 based on the SM9 algorithm which is applied to the claimant and includes: a time-varying parameter generation module 902, a first variable element determination module 904, and a second variable The meta determining module 906 and the variable meta sending module 908, wherein:
- the time-varying parameter generation module 902 is used to generate random numbers and time-varying parameters when the identity authentication request is triggered.
- the first variable element determination module 904 is used to obtain the element of the claimant identification based on the cryptographic function and according to the claimant identification; determine the first variable element according to the random number and the element of the claimant identification; the first variable element is the first addition The element of the cyclic group.
- the second variable element determination module 906 is used to determine the second variable element according to the random number, the time-varying parameter, the element identified by the claimant, the claimant’s token, and the password; before the claimant’s token is triggered by the identity authentication request, Send the claimant ID and password request to the key generation center; the second variable element is the element of the second additive cyclic group.
- the variable element sending module 908 is used to send the claimant ID, the time-varying parameter, the first variable element and the second variable element to the verifier; the verifier verifies the validity of the time-varying parameter, and the verification result of the time-varying parameter is valid When, based on the bilinear pairing operation, the operation result of the bilinear pairing operation is obtained according to the token, time-varying parameter, first variable element and second variable element of the verifier. According to the operation result, it is judged whether the preset condition is met , When the preset conditions are met, the authentication passed message is returned to the claimant.
- the identity authentication device 900 based on the SM9 algorithm further includes an initialization module 901 for sending the claimant identity and password to the key generation center before triggering the identity authentication request; the claimant identity And the password is used to apply for the token of the claimant and the token of the verifier; receive and store the token of the claimant sent by the key generation center.
- an identity authentication device 1100 based on the SM9 algorithm is provided, which is applied to a verifier, and includes: a variable element receiving module 1102, a time-varying parameter verification module 1104, a pairing operation module 1106, and Authentication judgment module 1108, where:
- the variable element receiving module 1102 is used to receive the claimant identifier, time-varying parameters, first variable element and second variable element sent by the claimant; when the time-varying parameter, the first variable element and the second variable element are triggered by the identity authentication request , The claimant is generated, where the first variable element is the element of the first additive cyclic group, and the second variable element is the element of the second additive cyclic group.
- the time-varying parameter verification module 1104 is used to verify the validity of the time-varying parameter.
- the pairing operation module 1106 is used for when the verification result of the time-varying parameter is valid, based on the bilinear pairing operation, the bilinear pairing is obtained according to the token, the time-varying parameter, the first variable element and the second variable element of the verifier The result of the operation; before the authentication request is triggered, the token of the verifier is obtained by the key generation center according to the claimant ID and password sent by the claimant and sent to the verifier.
- the authentication judgment module 1108 is used for judging whether the preset condition is satisfied according to the calculation result, and when the preset condition is satisfied, it returns an authentication passing message to the claimant.
- the operation result of the bilinear pairing operation includes a first operation result and a second operation result; the authentication judgment module 1108 is further configured to determine the first operation result and the second operation result according to the first operation result and the second operation result. Whether the two calculation results are equal, when they are equal, the authentication is passed, and the authentication passed message is returned to the claimant.
- Each module in the above-mentioned SM9 algorithm-based identity authentication device can be implemented in whole or in part by software, hardware, and a combination thereof.
- the above-mentioned modules may be embedded in the form of hardware or independent of the processor in the computer equipment, or may be stored in the memory of the computer equipment in the form of software, so that the processor can call and execute the operations corresponding to the above-mentioned modules.
- a computer device is provided.
- the computer device may be a server, and its internal structure diagram may be as shown in FIG. 12.
- the computer equipment includes a processor, a memory, and a network interface connected through a system bus. Among them, the processor of the computer device is used to provide calculation and control capabilities.
- the memory of the computer device includes a non-volatile storage medium and an internal memory.
- the non-volatile storage medium stores an operating system, a computer program, and a database.
- the internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium.
- the database of the computer equipment is used to store tokens and variable metadata.
- the network interface of the computer device is used to communicate with an external terminal through a network connection.
- the computer program is executed by the processor to realize an identity authentication method based on the SM9 algorithm.
- a computer device is provided.
- the computer device may be a terminal, and its internal structure diagram may be as shown in FIG. 13.
- the computer equipment includes a processor, a memory, a communication interface, a display screen and an input device connected through a system bus.
- the processor of the computer device is used to provide calculation and control capabilities.
- the memory of the computer device includes a non-volatile storage medium and an internal memory.
- the non-volatile storage medium stores an operating system and a computer program.
- the internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium.
- the communication interface of the computer device is used to communicate with an external terminal in a wired or wireless manner, and the wireless manner can be implemented through WIFI, an operator's network, NFC (near field communication) or other technologies.
- the computer program is executed by the processor to realize an identity authentication method based on the SM9 algorithm.
- the display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, or it can be a button, a trackball or a touch pad set on the housing of the computer equipment , It can also be an external keyboard, touchpad, or mouse.
- FIGS. 12-13 is only a block diagram of part of the structure related to the solution of the present application, and does not constitute a limitation on the computer equipment to which the solution of the present application is applied.
- the specific computer The device may include more or fewer parts than shown in the figures, or combine certain parts, or have a different arrangement of parts.
- a computer device including a memory and a processor, and a computer program is stored in the memory, and the processor implements the steps in the foregoing method embodiments when the processor executes the computer program.
- a computer-readable storage medium on which a computer program is stored, and the computer program is executed by a processor to implement the steps in the foregoing method embodiments.
- Non-volatile memory may include read-only memory (Read-Only Memory, ROM), magnetic tape, floppy disk, flash memory, or optical storage.
- Volatile memory may include random access memory (RAM) or external cache memory.
- RAM can be in various forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims (10)
- 一种基于SM9算法的身份认证方法,应用于声称方,所述方法包括:当触发身份认证请求时,生成随机数和时变参数;基于密码函数,根据声称方标识,得到声称方标识的元;根据所述随机数和所述声称方标识的元,确定第一变量元;所述第一变量元为第一加法循环群的元;根据所述随机数、所述时变参数、所述声称方标识的元、声称方的令牌以及口令,确定第二变量元;所述声称方的令牌由触发身份认证请求之前,向密钥生成中心发送所述声称方标识和所述口令申请得到;所述第二变量元为第二加法循环群的元;将所述声称方标识、所述时变参数、所述第一变量元以及所述第二变量元发送至验证方;由所述验证方验证所述时变参数的有效性,当所述时变参数的验证结果为有效时,基于双线性配对运算,根据验证方的令牌、所述时变参数、所述第一变量元以及所述第二变量元,得到双线性配对运算的运算结果,根据所述运算结果,判断是否满足预设条件,当满足所述预设条件时,返回认证通过消息至所述声称方。
- 一种基于SM9算法的身份认证方法,应用于验证方,所述方法包括:接收声称方发送的声称方标识、时变参数、第一变量元以及第二变量元;所述时变参数、所述第一变量元以及所述第二变量元由触发身份认证请求时,所述声称方生成得到,其中,所述第一变量元为第一加法循环群的元,所述第二变量元为第二加法循环群的元;验证所述时变参数的有效性;当所述时变参数的验证结果为有效时,基于双线性配对运算,根据验证方的令牌、所述时变参数、所述第一变量元以及所述第二变量元,得到双线性配对运算的运算结果;所述验证方的令牌由触发身份认证请求之前,密钥生成中心根据所述声称方发送的声称方标识和口令得到,并发送至所述验证方;根据所述运算结果,判断是否满足预设条件,当满足所述预设条件时,返回认证通过消息至所述声称方。
- 一种基于SM9算法的身份认证方法,应用于声称方,所述方法包括:当触发身份认证请求时,生成第一随机数;基于密码函数,根据声称方标识,得到声称方标识的元;根据所述第一随机数和所述声称方标识的元,确定第一变量元;所述第一变量元为第一加法循环群的元;将所述声称方标识和所述第一变量元发送至验证方;接收所述验证方发送的第二随机数;所述第二随机数由所述验证方在接收到声称方发送的所述声称方标识和所述第一变量元之后生成;根据所述第一随机数、所述第二随机数、所述声称方标识的元、声称方的令牌以及口令,确定第二变量元;所述声称方的令牌由触发身份认证请求之前,向密钥生成中心发送所述声称方标识和所述口令申请得到;所述第二变量元为第二加法循环群的元;将所述第二变量元发送至所述验证方;由所述验证方基于双线性配对运算,根据验证方的令牌、所述第二随机数、所述第一变量元以及所述第二变量元,得到双线性配对运算的运算结果,根据所述运算结果,判断是否满足预设条件,当满足所述预设条件时,返回认证通过消息至所述声称方。
- 一种基于SM9算法的身份认证方法,应用于验证方,所述方法包括:接收声称方发送的声称方标识和第一变量元;所述第一变量元为第一加法循环群的元,由触发身份认证请求时,所述声称方生成第一随机数,并基于密码函数,根据声称方标识得到声称方标识的元之后,根据所述第一随机数和所述声称方标识的元得到;生成第二随机数;将所述第二随机数发送至所述声称方;接收所述声称方发送的第二变量元;所述第二变量元为第二加法循环群的元;基于双线性配对运算,根据验证方的令牌、所述第二随机数、所述第一变量元以及所述第二变量元,得到双线性配对运算的运算结果;所述验证方的令牌由触发身份认证请求之前,密钥生成中心根据所述声称方发送的声称方标识和口令得到,并发送至所述验证方;根据所述运算结果,判断是否满足预设条件,当满足所述预设条件时,返回认证通过消息至所述声称方。
- 根据权利要求1和3任意一项所述的方法,其特征在于,所述当触发身份认证请求之前,还包括:向密钥生成中心发送所述声称方标识和所述口令;所述声称方标识和所述口令用于申请所述声称方的令牌和所述验证方的令牌;接收所述密钥生成中心发送的所述声称方的令牌并存储。
- 根据权利要求2和4任意一项所述的方法,其特征在于,所述双线性配对运算的运算结果包括第一运算结果和第二运算结果;所述根据所述运算结果,判断是否满足预设条件,当满足所述预设条件时,返回认证通过消息至所述声称方,包括:根据第一运算结果和第二运算结果,判断所述第一运算结果和所述第二运算结果是否相等,当相等时,则认证通过,返回认证通过消息至所述声称方。
- 一种基于SM9算法的身份认证装置,应用于声称方,其特征在于,所述装置包括:时变参数生成模块,用于当触发身份认证请求时,生成随机数和时变参数;第一变量元确定模块,用于基于密码函数,根据声称方标识,得到声称方标识的元;根据所述随机数和所述声称方标识的元,确定第一变量元;所述第一变量元为第一加法循环群的元;第二变量元确定模块,用于根据所述随机数、所述时变参数、所述声称方标识的元、声称方的令牌以及口令,确定第二变量元;所述声称方的令牌由触发身份认证请求之前,向密钥生成中心发送所述声称方标识和所述口令申请得到;所述第二变量元为第二加法循环群的元;变量元发送模块,用于将所述声称方标识、所述时变参数、所述第一变量元以及所述第二变量元发送至验证方;由所述验证方验证所述时变参数的有效性,当所述时变参数的验证结果为有效时,基于双线性配对运算,根据验证方的令牌、所述时变参数、所述第一变量元以及所述第二变量元,得到双线性配对运算的运算结果,根据所述运算结果,判断是否满足预设条件,当满足预设 条件时,返回认证通过消息至所述声称方。
- 一种基于SM9算法的身份认证装置,应用于验证方,其特征在于,所述装置包括:变量元接收模块,用于接收声称方发送的声称方标识、时变参数、第一变量元以及第二变量元;所述时变参数、所述第一变量元以及所述第二变量元由触发身份认证请求时,所述声称方生成得到,其中,所述第一变量元为第一加法循环群的元,所述第二变量元为第二加法循环群的元;时变参数验证模块,用于验证所述时变参数的有效性;配对运算模块,用于当所述时变参数的验证结果为有效时,基于双线性配对运算,根据验证方的令牌、所述时变参数、所述第一变量元以及所述第二变量元,得到双线性配对运算的运算结果;所述验证方的令牌由触发身份认证请求之前,密钥生成中心根据所述声称方发送的声称方标识和口令得到,并发送至所述验证方;认证判断模块,用于根据所述运算结果,判断是否满足预设条件,当满足预设条件时,返回认证通过消息至所述声称方。
- 一种计算机设备,包括存储器和处理器,所述存储器存储有计算机程序,其特征在于,所述处理器执行所述计算机程序时实现权利要求1至6中任一项所述方法的步骤。
- 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至6中任一项所述的方法的步骤。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010041318.XA CN111259353B (zh) | 2020-01-15 | 2020-01-15 | 基于sm9算法的身份认证方法、装置和计算机设备 |
CN202010041318.X | 2020-01-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021143457A1 true WO2021143457A1 (zh) | 2021-07-22 |
Family
ID=70948768
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/137631 WO2021143457A1 (zh) | 2020-01-15 | 2020-12-18 | 基于sm9算法的身份认证方法、装置和计算机设备 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN111259353B (zh) |
WO (1) | WO2021143457A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114301651A (zh) * | 2021-12-22 | 2022-04-08 | 河南大学 | 基于cp-abe的黄河坝岸监测数据共享方法 |
CN115150062A (zh) * | 2022-06-10 | 2022-10-04 | 武汉理工大学 | 签名制作数据安全受控的sm9数字签名生成方法及系统 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111259353B (zh) * | 2020-01-15 | 2022-10-14 | 江苏芯盛智能科技有限公司 | 基于sm9算法的身份认证方法、装置和计算机设备 |
CN111865964B (zh) * | 2020-07-16 | 2022-05-20 | 北京望京科技孵化服务有限公司 | 一种基于企业私有云加密文件系统的身份认证系统 |
CN113381982B (zh) * | 2021-05-17 | 2023-04-07 | 北京字跳网络技术有限公司 | 注册方法、装置、电子设备和存储介质 |
CN114745114B (zh) * | 2022-04-25 | 2022-11-08 | 四川凝思软件有限公司 | 基于口令派生的密钥协商方法、装置、设备及介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108989054A (zh) * | 2018-08-30 | 2018-12-11 | 武汉理工大学 | 一种密码系统及数字签名方法 |
CN109600225A (zh) * | 2018-12-04 | 2019-04-09 | 北京海泰方圆科技股份有限公司 | 一种密钥交换方法、装置和存储介质 |
CN109981292A (zh) * | 2019-03-27 | 2019-07-05 | 北京思源互联科技有限公司 | 一种基于sm9算法的认证方法、装置及系统 |
CN111259353A (zh) * | 2020-01-15 | 2020-06-09 | 江苏芯盛智能科技有限公司 | 基于sm9算法的身份认证方法、装置和计算机设备 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130283361A1 (en) * | 2012-04-23 | 2013-10-24 | General Instrument Corporation | Identity verification |
CN109639426B (zh) * | 2019-02-26 | 2022-03-01 | 中国人民解放军国防科技大学 | 一种基于标识密码的双向自认证方法 |
-
2020
- 2020-01-15 CN CN202010041318.XA patent/CN111259353B/zh active Active
- 2020-12-18 WO PCT/CN2020/137631 patent/WO2021143457A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108989054A (zh) * | 2018-08-30 | 2018-12-11 | 武汉理工大学 | 一种密码系统及数字签名方法 |
CN109600225A (zh) * | 2018-12-04 | 2019-04-09 | 北京海泰方圆科技股份有限公司 | 一种密钥交换方法、装置和存储介质 |
CN109981292A (zh) * | 2019-03-27 | 2019-07-05 | 北京思源互联科技有限公司 | 一种基于sm9算法的认证方法、装置及系统 |
CN111259353A (zh) * | 2020-01-15 | 2020-06-09 | 江苏芯盛智能科技有限公司 | 基于sm9算法的身份认证方法、装置和计算机设备 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114301651A (zh) * | 2021-12-22 | 2022-04-08 | 河南大学 | 基于cp-abe的黄河坝岸监测数据共享方法 |
CN115150062A (zh) * | 2022-06-10 | 2022-10-04 | 武汉理工大学 | 签名制作数据安全受控的sm9数字签名生成方法及系统 |
CN115150062B (zh) * | 2022-06-10 | 2024-04-02 | 武汉理工大学 | 签名制作数据安全受控的sm9数字签名生成方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
CN111259353A (zh) | 2020-06-09 |
CN111259353B (zh) | 2022-10-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021143457A1 (zh) | 基于sm9算法的身份认证方法、装置和计算机设备 | |
TWI718585B (zh) | 使用同態加密的區塊鏈資料保護 | |
TWI749061B (zh) | 區塊鏈身份系統 | |
JP4790731B2 (ja) | 派生シード | |
KR101486782B1 (ko) | 무한 중첩된 해시 체인들에 의한 1회용 패스워드 인증 | |
US8295490B1 (en) | Method and system for storing and providing an encryption key for data storage | |
US8806600B2 (en) | Method and system for verifying an access request | |
CN113691502B (zh) | 通信方法、装置、网关服务器、客户端及存储介质 | |
US10924289B2 (en) | Public-private key pair account login and key manager | |
US8713323B2 (en) | Codeword-enhanced peer-to-peer authentication | |
US10878108B1 (en) | Delegated private set intersection, and applications thereof | |
US10484350B2 (en) | Privacy-preserving location corroborations | |
EP3378190A1 (en) | Method of performing keyed-hash message authentication code (hmac) using multi-party computation without boolean gates | |
KR20160003796A (ko) | 사용자 인증 | |
CN111835526B (zh) | 一种生成匿名凭证的方法及系统 | |
Shirvanian et al. | Building and studying a password store that perfectly hides passwords from itself | |
CN107347073B (zh) | 一种资源信息处理方法 | |
CN116170144B (zh) | 智能电网匿名认证方法、电子设备及存储介质 | |
KR20060069611A (ko) | 이동통신 단말기의 서명을 이용한 이종 네트워크에서의사용자 인증 방법 | |
CN113826096A (zh) | 利用用户生物特征识别数据的用户认证及签名装置和方法 | |
WO2021196478A1 (zh) | 加密数据对等关系比对方法、装置、计算机设备及存储介质 | |
US20130061302A1 (en) | Method and Apparatus for the Protection of Computer System Account Credentials | |
TWI761053B (zh) | 數位憑證處理方法 | |
US20220321354A1 (en) | Using a zero-knowledge proof to prove knowledge that a website visitor is a legitimate human user | |
WO2020121942A1 (ja) | 情報通信方法、情報通信システムおよび方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20913713 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20913713 Country of ref document: EP Kind code of ref document: A1 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20913713 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 24/02/2023) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20913713 Country of ref document: EP Kind code of ref document: A1 |