CN105119721A - Three-factor remote identity authentication method based on intelligent card - Google Patents
Three-factor remote identity authentication method based on intelligent card Download PDFInfo
- Publication number
- CN105119721A CN105119721A CN201510477113.5A CN201510477113A CN105119721A CN 105119721 A CN105119721 A CN 105119721A CN 201510477113 A CN201510477113 A CN 201510477113A CN 105119721 A CN105119721 A CN 105119721A
- Authority
- CN
- China
- Prior art keywords
- server
- smart card
- registration center
- user
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Collating Specific Patterns (AREA)
Abstract
The invention discloses three-factor remote identity authentication method based on an intelligent card. The method comprises the following steps that a user and a server log in a registration center, wherein the intelligent card comprises encryption information; the user logins; local verification is performed on the intelligent card; the registration center verifies the server and the user; the server verifies the registration center; and the intelligent card verifies the server. By using the method of the invention, user anonymity is realized; and attacking modes of denial of service attacking, eavesdropping attacking, intelligent-card stolen attacking and the like are successfully resisted.
Description
Technical field
The present invention relates to information security and networking technology area, particularly a kind of Three factors remote identity authentication method based on smart card.
Background technology
Network communications technology development rapidly, makes increasing people be accustomed to obtaining service, such as ecommerce, E-Government, E-logistics etc. by network.User obtains information from server or enjoys the service that provides of server, first needs to sign in server.Therefore, a long-distance identity-certifying scheme being applied to network need be had, with the legitimacy of authentication of users.But the Internet is a public environment, and anyone can tackle the message between user and server, so how to protect user profile, prevent illegal communication extremely important.
In practical application, the Dual-factor identity authentication method under environment of multi-server is widely used, and the environment of high safety but these class methods still can not meet the demands, as fields such as finance, military affairs, national security.Biological characteristic, as fingerprint, iris etc., has uniqueness, and not easily lose, not malleable, not easily usurp, just in time meet the needs of high security applications.Nineteen seventies, some researchers start to pay close attention to biological information, but due to technical limitations, effectively cannot extract, store biological information, also the correctness of biological information cannot be verified by digital means, so failed to be used widely by biological identification technology.Along with the development of fingerprint identification technology, iris recognition technology and voice recognition technology, biological identification technology has come into multiple field, and one of them important field is exactly identity identifying method.
Three factors identity identifying method, by three factors (" user is known ", " user owns ", " whom user is ") identifying user identity, utilizes the feature that biological information is uniquely constant, enhances the fail safe of identity identifying method.When user wants logon server, except password and identify label are provided, also need to input biological information; If the matching degree of the biological information gathered when the biological information of input and registration does not reach secure threshold, server can not provide service to registrant.
But the certain methods provided in prior art, there is the problem cannot resisted Denial of Service attack, eavesdropping attack, the stolen attack of smart card and anonymity and attack in such as now general credit identity verification method.
Summary of the invention
For above defect, the object of the present invention is to provide the Three factors remote identity authentication method based on smart card under a kind of safer environment of multi-server, Denial of Service attack can be resisted, eavesdropping is attacked, the stolen attack of smart card, has fingerprint identification function simultaneously.
For achieving the above object, the present invention adopts following technical scheme:
Based on a Three factors remote identity authentication method for smart card, described method comprises: server is registered as the legal server in multi-server system in registration center; User submits application for registration to registration center, and after succeeding in registration, user obtains the smart card having customizing messages, and described customizing messages is { P
i, D
i, C
i, G
i, V
i, Z
i, B
i, h () }, wherein, P
i, D
i, C
i, G
i, V
i, Z
iand B
ibe enciphered message, Pi is provided password PW by user
itwice cryptographic Hash P
i=h (h (PW
i)), Di is User Identity UID
isecret value
C
ifor the secret value of user
RU
i=h (UID
i|| x), G
ifor the secret value of system parameters
v
ifor the secret value of fingerprint feature point
z
iand B
ifor the enciphered message that described registration center generates
b is the random number that described smart card generates, and z and x, y are the key of registration center; User uses described smart card logon server; The entry password that described smart card provides according to user carries out local verification, if password is correct, the biological characteristic of the further authentication of users of smart card, if be verified, then generate first verification data and send it to described server, otherwise stopping session; After described server receives first verification data, generate the second verification msg proving described server identity, and first verification data and the second verification msg are issued described registration center; Described registration center is first according to the legitimacy of the second verification msg authentication server identity received, then according to the legitimacy of first verification data identifying user identity, after the identity of server and user is all verified, registration center generates the 3rd verification msg and the 4th verification msg, and the 3rd and four verification msgs are sent to described server; Described server is verified registration center's identity according to the 3rd received verification msg, if server authentication the 3rd verification msg is really by described registration center is sent out, then described server generation server end session key, and the 4th verification msg is sent to described smart card; Whether the 4th verification msg that described smart card authentication receives is legal, if by checking, then smart card completes the inspection of server identity legitimacy, generate smart card end session key, described smart card and described server use the session key of each self-generating to be encrypted with symmetrical encipher-decipher method and communicate, otherwise stop session.
Further, a kind of Three factors remote identity authentication method based on smart card, the step of server registration comprises further: registration center uses key y encryption server identify label SID
j, generate cryptographic Hash RS
j=h (SID
j|| y), and by { RS
j, g, h () } by safe lane stored in server, wherein g is the parameter of system.
Further, a kind of Three factors remote identity authentication method based on smart card, the step that user carries out registering in registration center comprises further: user submits User Identity UID to registration center
iwith password PW
i, and typing fingerprint; Described registration center extracts digitized fingerprint feature point F
i, twice cryptographic Hash P of generating cipher
i=h (h (PW
i)), identify label secret value
the secret value RU of user
i=h (UID
i|| x) and
the secret value of system parameters
and the secret value of fingerprint feature point
described smart card generates a random number b, and described registration center calculates
and then generate
x, y and z are the keys of registration center; Described registration center is by enciphered message { P
i, D
i, C
i, G
i, V
i, Z
i, B
i, h () } and stored in smart card.
Further, a kind of Three factors remote identity authentication method based on smart card, user's login step comprises further: described user is by the password PW of smart card input oneself
i *, smart card judges equation P
i=h (h (PW
i *)) whether set up, if set up, smart card prompting user typing fingerprint, and extract its characteristic value F
i *, otherwise end session; Described smart card is by calculating reduction registered fingerprint characteristic value
and check F
i *with F
imatching degree, if the matching degree of the two does not exceed the secure threshold of setting, then stop log in, if exceed described threshold value, then login successfully.
Further, a kind of Three factors remote identity authentication method based on smart card, the step that smart card generates and sends first verification data comprises further: described smart card generates random number r
uand b
new, and reduce user ID
Calculate
With
Reduction
And calculate first verification data
Wherein T
iit is the timestamp that smart card end represents current time; Smart card is by aided verification data
with first verification data M
1send to server.
Further, a kind of Three factors remote identity authentication method based on smart card, the step that server sends first verification data and the second verification msg to registration center comprises further: described server verifies its time stamp T after receiving the verification msg of smart card transmission
ivalidity, if timestamp is not in scope service time, then stop communication; Otherwise server generates random number
for the multiplication of integers group of mould q, q is Big prime, and calculates the second verification msg
wherein T
jit is the timestamp that server end represents current time; Described server by first verification data, the second verification msg and relevant aided verification data as
deng all issuing registration center.
Further, a kind of Three factors remote identity authentication method based on smart card, registration center's examination service device and user identity legitimacy comprise further: described registration center is proving time stamp T first
iand T
jwhether effective, if invalid, then stop session, otherwise carry out following steps, described registration center calculates RS'
j=h (SID
j|| y) and
then equation M' is checked
2=M
2whether set up, if set up, then server, otherwise stop session if having legitimacy; Described registration center calculates
With
And reduce User Identity
Calculate RU '
i=h (UID
i|| x) and
judge M '
1with M
1whether equal, if equal, then the identity of user is legal.
Further, a kind of Three factors remote identity authentication method based on smart card, the step that registration center generates and sends the 3rd verification msg and the 4th verification msg comprises further: described registration center calculates
3rd verification msg
With the 4th verification msg
and by { Q
j, M
3, M
4issue server.
Further, a kind of Three factors remote identity authentication method based on smart card, the bi-directional authentication steps of server and user identity comprises further: whether described server authentication the 3rd verification msg is by registration center is sent out, if by checking, server forwards the 4th verification msg and aided verification message to smart card
generation server end key simultaneously, otherwise stop session; Whether described smart card authentication the 4th verification msg, by registration center is sent out, if by checking, then generates smart card end key, otherwise stops session.
Further, a kind of Three factors remote identity authentication method based on smart card, also comprises the steps: that smart card calculates after smart card authentication server identity is legal
and with { Z
new, B
newreplace it the front { Z stored
i, B
i.
{ P is stored in the inventive solutions in smart card
i, D
i, C
i, G
i, V
i, Z
i, B
i, h () }, except hash function, other information are all secret value, even if victim is stolen, also can not reveal sensitive information, thus reach the target that the opposing stolen attack of smart card and opposing eavesdropping attack.P in smart card
i=h (h (PW
i)), user is after input password, and smart card will calculate twice cryptographic Hash of password, and checking whether with P
iequal, thus can in the correctness of local verification password, compensate for prior art cannot the defect of local verification password correctness, has well resisted Denial of Service attack.And, present invention improves over storage and the verification method of fingerprint, adopt the method for feature point extraction and threshold value coupling, fingerprint recognition is more easily realized.In addition, the present invention achieves good anonymity by using random number encryption and smart card to upgrade the method stored, and can resist anonymity and attack.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of a specific embodiment server registration stage etch of the present invention;
Fig. 2 is the schematic diagram of a specific embodiment user registration phase step of the present invention;
Fig. 3 is the schematic diagram of a specific embodiment entry stage of the present invention and Qualify Phase step.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The technical scheme announced in the present invention comprises three participants, user U
i, registration center RC and server S
j; Comprise three phases, registration phase, entry stage and Qualify Phase.
As shown in Figure 1,2 and 3, a kind of Three factors remote identity authentication method based on smart card, described method comprises: server is registered as the legal server in multi-server system in registration center; User submits application for registration to registration center, and after succeeding in registration, user obtains the smart card having customizing messages, and described customizing messages is { P
i, D
i, C
i, G
i, V
i, Z
i, B
i, h () }, wherein, P
i, D
i, C
i, G
i, V
i, Z
iand B
ibe enciphered message, P
iby user is provided password PW
itwice cryptographic Hash P
i=h (h (PW
i)), D
ifor User Identity UID
isecret value
c
ifor the secret value of user
rU
i=h (UID
i|| x), G
ifor the secret value of system parameters
v
ifor the secret value of fingerprint feature point
z
iand B
ifor the enciphered message that described registration center generates
b is the random number that described smart card generates, and x, y and z are the key of registration center; User uses described smart card logon server; The entry password that described smart card provides according to user carries out local verification, if password is correct, the biological characteristic of the further authentication of users of smart card, if be verified, then generate first verification data and send it to described server, otherwise stopping session; After described server receives first verification data, generate the second verification msg proving described server identity, and first verification data and the second verification msg are issued described registration center; Described registration center is first according to the legitimacy of the second verification msg authentication server identity received, then according to the legitimacy of first verification data identifying user identity, after the identity of server and user is all verified, registration center generates the 3rd verification msg and the 4th verification msg, and the 3rd and four verification msgs are sent to described server; Described server is verified registration center's identity according to the 3rd received verification msg, if server authentication the 3rd verification msg is really by described registration center is sent out, then described server generation server end session key, and the 4th verification msg is sent to described smart card; Whether the 4th verification msg that described smart card authentication receives is legal, if by checking, then smart card completes the inspection of server identity legitimacy, generate smart card end session key, described smart card and described server use the session key of each self-generating to be encrypted with symmetrical encipher-decipher method and communicate, otherwise stop session.
{ P is stored in the inventive solutions in smart card
i, D
i, C
i, G
i, V
i, Z
i, B
i, h () }, except hash function, other information are all secret value, even if victim is stolen, also can not reveal sensitive information, thus reach the target that the opposing stolen attack of smart card and opposing eavesdropping attack.P in smart card
i=h (h (PW
i)), user is after input password, and smart card will calculate twice cryptographic Hash of password, and with checking whether with P
iequal, thus can in the correctness of local verification password, this compensate for the defect that prior art cannot carry out local password checking.And, present invention improves over storage and the verification method of fingerprint, adopt the method for feature point extraction and threshold value coupling, fingerprint recognition is more easily realized.In addition, the present invention achieves good anonymity by being used by first verification data random number encryption and smart card to upgrade the method stored, and can resist anonymity and attack.Carry out authentication server and smart card by registration center, then server authentication registration center, smart card authentication server, this verification method entirety can realize the technique effect resisting server emulates attack.
Further, the step of server registration comprises further: registration center uses key y encryption server identify label SID
j, obtain cryptographic Hash RS
j=h (SID
j|| y), and by { RS
j, g, h () } by safe lane stored in server, wherein g is the parameter of integrated system.Integrated system refers to the system of the compositions such as registration center, smart card, server.
Further, the step that user carries out registering in registration center comprises further: when registration phase starts, and user submits User Identity UID to registration center
iwith password PW
i, and typing fingerprint; Described registration center extracts digitized fingerprint feature point F
i, calculate twice cryptographic Hash P of password
i=h (h (PW
i)), identify label secret value
user encryption value RU
i=h (UID
i|| x) and
the secret value of integrated system parameter
and the secret value of fingerprint feature point
described smart card generates a random number b, and described registration center calculates
and then calculate
the key of x herein, y and z Dou Shi registration center; Described registration center is by enciphered message { P
i, D
i, C
i, G
i, V
i, Z
i, B
i, h () } and stored in smart card, and by safe lane, smart card is issued user.
Further, login step comprises further: described user is by the password PW of smart card input oneself
i *, smart card is by judging equation P
i=h (h (PW
i *)) whether become Rob Roy inspection user password whether correct.Only after password is correctly entered, smart card prompting user typing fingerprint, and extract its characteristic value F
i *; Described smart card is by calculating reduction registered fingerprint characteristic value
and check F
i *with F
imatching degree, if the matching degree of the two does not exceed the secure threshold (as 90%) of setting, then stop log in, if exceed described threshold value, smart card can think the register that described user implements.
Further, the step that smart card generates and sends first verification data comprises further: described smart card generates random number r
uand b
new, and reduce user ID
calculate
With
Reduction
And calculate first verification data
wherein T
ibe the timestamp that smart card end represents current time, finally, smart card is aided verification data just
with first verification data M
1send to server.
Further, the step that server sends first verification data and the second verification msg to registration center comprises further: described server verifies its time stamp T after receiving the verification msg of smart card transmission
ivalidity, if timestamp is not in scope service time, then stop communication, otherwise server generate random number
wherein,
for the multiplication of integers group of mould q, q is Big prime, and calculates the second verification msg
wherein T
jit is the timestamp that server end represents current time; First verification data and the second verification msg and relevant aided verification data are all issued registration center by described server, comprise
with
Further, registration center's examination service device and user identity legitimacy comprise further: described registration center is proving time stamp T first
iand T
jwhether effective, if effectively, then authentication server identity legitimacy, the then identity legitimacy of authentication of users; Under server and all legal prerequisite of user, registration center sends the 3rd verification msg to server, and server and user complete the two-way authentication of the two according to the 3rd verification msg.
Further, registration center's examination service device identity legitimacy comprises further: described registration center calculates RS'
j=h (SID
j|| y) and
then equation M' is checked
2=M
2whether set up, if set up, then prove that message that described server sends comprises the information of key y, also just demonstrate the legitimacy of server, if equation is false, then registration center stops this session.
Further, registration center's inspection user identity legitimacy comprises further: described registration center calculates
With
And reduce User Identity
Calculate RU '
i=h (UID
i|| x) and
judge M '
1with M
1whether equal, if equal, then the identity of provable user is legal.
Further, the step that registration center generates and sends the 3rd verification msg and the 4th verification msg comprises further: described registration center calculates
with
and the 3rd verification msg
with the 4th verification msg
And by { Q
j, M
3, M
4issue server.
Further, the bi-directional authentication steps of server and user identity comprises further: described server by confirmation the 3rd verification msg really send out by registration center the identity of indirect verification user, after demonstrating user identity, while server forwards the 4th verification msg to smart card, also need to send aided verification message
described smart card by confirmation the 4th verification msg really send out by registration center the identity of indirect verification server.
Further, smart card authentication server identity legal after also comprise: upgrade the storage content of smart card; Smart card calculates
and with { Z
new, B
newreplace it the front { Z stored
i, B
i.
Further, identical session key is calculated after smart card and server authentication
As another one of the present invention more close to the specific embodiment of application, registration phase completing user U
iand server S
jin the registration work of registration center, communicate and to carry out in safe lane.Concrete steps are as described below:
For legal server, need to submit its identify label SID to registration center
j, registration center calculates secret value RS
j=h (SID
j|| y), and by { RS
j, g, h () } by safe lane stored in server, wherein g is the parameter of system.
For validated user, need during registration to submit User Identity UID to registration center
iwith password PW
i, and typing fingerprint, registration center extracts digitized fingerprint feature point F
i.Then, registration center carries out following steps:
Step1. registration center calculates twice cryptographic Hash P of password
i=h (h (PW
i)), identify label secret value
the secret value RU of user
i=h (UID
i|| x) and
the secret value of system parameters
and the secret value of fingerprint feature point
Step2. smart card generates a random number b, and registration center calculates
and then
the key of z and x, y Dou Shi registration center herein.
Step3. registration center is by { P
i, D
i, C
i, G
i, V
i, Z
i, B
i, h () } and stored in smart card, and by safe lane, smart card is issued user.
To log in and Qualify Phase will complete smart card local verification, registration center to the checking of server and user, server and user to the checking of the verification msg that registration center sends.Concrete steps are as follows:
Step1. user wants logon server, needs smart card to insert card reader, then inputs password PW
i *, smart card is by judging equation P
i=? h (h (PW
i *)) whether become the password of Rob Roy inspection user whether correct.Only after password is correctly entered, smart card prompting user typing fingerprint, and extract its characteristic value F
i *.Smart card is by calculating reduction registered fingerprint characteristic value
and check F
i *with F
imatching degree, if the matching degree of the two does not exceed the threshold value (this threshold value can set according to the requirement of fail safe) of setting, then stop log in, if exceed threshold value, then can think that user logs in.Smart card continues to generate random number r
uand b
new, and reduce user ID
calculate
With
Reduction
And calculate first verification data
Finally, smart card will
send to server.
Step2. server receives the landing request information of user
after, its time stamp T will be verified
ivalidity, if timestamp is not in scope service time, then stops communication, otherwise continue step below.
Step3. server generates random number
for the multiplication of integers group of mould q, q is Big prime, and calculates the second verification msg
wherein T
jit is the timestamp of server end current time.Then server landing request information that smart card is sent
be transmitted to registration center, and send the authorization information of server to registration center simultaneously
Step4. registration center receives
with
after, first will verify T
iand T
jwhether effective, if effectively, more whether the identity examining server and user is legal, and under server and all legal prerequisite of user, registration center will send identity authentication message to server, and server and user can complete authentication according to this authentication message.Refer to following sub-step.
Step4-1. registration center calculates RS'
j=h (SID
j|| y) and
then equation M' is checked
2=? M
2whether set up, if set up, then prove that the message of server transmission comprises the information of key y, demonstrate the legitimacy of server.If equation is false, then registration center stops this session.
Step4-2. registration center calculates
with
and reduce User Identity
calculate RU '
i=h (UID
i|| x) and
judge M '
1with M
1whether equal, if equal, then the identity of provable user is legal.If unequal, this user is illegal for registration center's announcement server.
Step4-3., after the identity of server and user all passes through checking, registration center calculates secret value
with
and the 3rd verification msg of authentication is completed for user and server
with the 4th verification msg
And by { Q
j, M
3, M
4issue server.
Step5. server receives { Q
j, M
3, M
4after, calculate
and verify M '
3whether equal the M that registration center transmits
3.If equal, then prove what this message was sent out for this login process registration center really, and be send out after the authenticated user profile of registration center, that is, now server completes the authentication to user.Server calculates the session key of this time service
And will
send to user.
Step6. user receives the feedback information that server is beamed back
after, calculate identity authentication message
checking M'
4the M sent with server
4whether equal, if equal, then prove M
4be that registration center calculates, and registration center is only in legal rear this value that just can calculate of first authentication server identity, so user also completes the authentication to server.Then, smart card calculates
and with { Z
new, B
newreplace it the front { Z stored
i, B
i.Last smart card calculates the session key identical with server
so far, login and proof procedure complete.
In sum, the present invention stores the method such as data, smart cards for storage password twice cryptographic Hash, random number encryption and renewal smart cards for storage by encrypted smart card this locality, solve being subject to that the people such as Chen institute proposes to exist in identity identifying method anonymity attacked, eavesdropping attack, the stolen attack of smart card and cannot the problem such as authentication password correctness.Meanwhile, the present invention has local verification, password can be revised, without the beneficial effect such as proof list, front backward security.
The foregoing is only preferred embodiment of the present invention, be not used for limiting practical range of the present invention; If do not depart from the spirit and scope of the present invention, the present invention is modified or equivalent to replace, in the middle of the protection range that all should be encompassed in the claims in the present invention.
Claims (10)
1. based on a Three factors remote identity authentication method for smart card, it is characterized in that, described method comprises:
Server is registered as the legal server in multi-server system in registration center;
User submits application for registration to registration center, and after succeeding in registration, user obtains the smart card having customizing messages, and described customizing messages is { P
i, D
i, C
i, G
i, V
i, Z
i, B
i, h () }, wherein, P
i, D
i, C
i, G
i, V
i, Z
iand B
ibe enciphered message, P
iby user is provided password PW
ithe value after twice Hash, i.e. P
i=h (h (PW
i)), D
ifor User Identity UID
isecret value
c
ifor the secret value of user
rU
i=h (UID
i|| x), G
ifor the secret value of system parameters
v
ifor the secret value of fingerprint feature point
z
i, B
ifor the enciphered message that described registration center generates
B is the random number that described smart card generates, and x, y and z are the key of registration center;
User uses described smart card logon server;
The entry password that described smart card provides according to user carries out local verification, if password is correct, the biological characteristic of the further authentication of users of smart card, if be verified, then generate first verification data and send it to described server, otherwise stopping session;
After described server receives first verification data, generate the second verification msg proving described server identity, and first verification data and the second verification msg are issued described registration center;
Described registration center is first according to the legitimacy of the second verification msg authentication server identity received, then according to the legitimacy of first verification data identifying user identity, after the identity of server and user is all verified, registration center generates the 3rd verification msg and the 4th verification msg, and the 3rd and four verification msgs are sent to described server;
Described server is verified registration center's identity according to the 3rd received verification msg, if server authentication the 3rd verification msg is really by described registration center is sent out, then described server generation server end session key, and the 4th verification msg is sent to described smart card;
Whether the 4th verification msg that described smart card authentication receives is legal, if by checking, then smart card completes the inspection of server identity legitimacy, generate smart card end session key, described smart card and described server use the session key of each self-generating to be encrypted with symmetrical encipher-decipher method and communicate, otherwise stop session.
2. method according to claim 1, is characterized in that, the step of server registration comprises further:
Registration center uses key y encryption server identify label SID
j, and generate cryptographic Hash RS
j=h (SID
j|| y), then by { RS
j, g, h () } by safe lane stored in server, wherein g is the parameter of system.
3. method according to claim 1, is characterized in that, the step that user carries out registering in registration center comprises further:
User submits User Identity UID to registration center
iwith password PW
i, and typing fingerprint;
Described registration center extracts digitized fingerprint feature point F
i, twice cryptographic Hash P of generating cipher
i=h (h (PW
i)), identify label secret value
user encryption value RU
i=h (UID
i|| x) and
the secret value of system parameters
and the secret value of fingerprint feature point
Described smart card generates a random number b, and described registration center calculates
and then generate
x, y and z are the keys of registration center;
Described registration center is by enciphered message { P
i, D
i, C
i, G
i, V
i, Z
i, B
i, h () } and stored in smart card.
4. method according to claim 1, is characterized in that, user's login step comprises further:
Described user is by the password PW of smart card input oneself
i *, smart card judges equation P
i=h (h (PW
i *)) whether set up, if set up, smart card prompting user typing fingerprint, and extract its characteristic value F
i *, otherwise end session;
Described smart card is by calculating reduction registered fingerprint characteristic value
and check F
i *with F
imatching degree, if the matching degree of the two does not exceed the secure threshold of setting, then stop log in, if exceed described threshold value, then login successfully.
5. method according to claim 4, is characterized in that, the step that smart card generates and sends first verification data comprises further:
Described smart card generates random number r
uand b
new, and reduce user ID
calculate
With
Reduction
And calculate first verification data
wherein T
iit is the timestamp that smart card end represents current time; Smart card is by aided verification data
with first verification data M
1send to server.
6. method according to claim 5, is characterized in that, the step that server sends first verification data and the second verification msg to registration center comprises further:
Described server verifies its time stamp T after receiving the verification msg of smart card transmission
ivalidity, if timestamp is not in scope service time, then stop communication, otherwise, server generate random number
wherein,
for the multiplication of integers group of mould q, q is Big prime, and then server calculates the second verification msg
wherein T
jit is the timestamp that server end represents current time;
First verification data and the second verification msg and relevant aided verification data are all issued registration center by described server, comprise
With
7. method according to claim 6, is characterized in that, registration center's examination service device and user identity legitimacy comprise further:
Described registration center is proving time stamp T first
iand T
jwhether effective, if invalid, then stop session, otherwise carry out following steps,
Described registration center calculates RS'
j=h (SID
j|| y) and
then equation M' is checked
2=M
2whether set up, if set up, then server, otherwise stop session if having legitimacy;
Described registration center calculates
with
and reduce User Identity
Calculate RU
i'=h (UID
i|| x) and
Judge M
1' and M
1whether equal, if equal, then the identity of user is legal.
8. method according to claim 7, is characterized in that, the step that registration center generates and sends the 3rd verification msg and the 4th verification msg comprises further:
Described registration center calculates and generates
with
3rd verification msg
With the 4th verification msg
By { Q
j, M
3, M
4issue server.
9. method according to claim 8, is characterized in that, the bi-directional authentication steps of server and user identity comprises further:
Whether described server authentication the 3rd verification msg is by registration center is sent out, if by checking, server forwards the 4th verification msg and aided verification message to smart card
generation server end key simultaneously, otherwise stop session;
Whether described smart card authentication the 4th verification msg, by registration center is sent out, if by checking, then generates smart card end key, otherwise stops session.
10. method according to claim 9, is characterized in that, also comprises the steps: after smart card authentication server identity is legal
Smart card calculates
and with { Z
new, B
newreplace it the front { Z stored
i, B
i.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510477113.5A CN105119721B (en) | 2015-08-06 | 2015-08-06 | A kind of three factor remote identity authentication methods based on smart card |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510477113.5A CN105119721B (en) | 2015-08-06 | 2015-08-06 | A kind of three factor remote identity authentication methods based on smart card |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105119721A true CN105119721A (en) | 2015-12-02 |
CN105119721B CN105119721B (en) | 2018-05-29 |
Family
ID=54667621
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510477113.5A Active CN105119721B (en) | 2015-08-06 | 2015-08-06 | A kind of three factor remote identity authentication methods based on smart card |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105119721B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106230840A (en) * | 2016-08-04 | 2016-12-14 | 南京邮电大学 | A kind of command identifying method of high security |
CN107294725A (en) * | 2016-04-05 | 2017-10-24 | 电子科技大学 | A kind of three factor authentication methods under environment of multi-server |
CN107425964A (en) * | 2017-05-09 | 2017-12-01 | 哈尔滨工业大学深圳研究生院 | Three-side password authentication and key agreement protocol based on the fault-tolerant smart card of information leakage |
CN108400962A (en) * | 2017-02-08 | 2018-08-14 | 上海格尔软件股份有限公司 | A kind of Authentication and Key Agreement method under multiserver framework |
CN109088888A (en) * | 2018-10-15 | 2018-12-25 | 山东科技大学 | A kind of safety communicating method and its system based on smart card |
CN110708337A (en) * | 2019-10-30 | 2020-01-17 | 山东浪潮商用***有限公司 | Big data security framework system based on identity authentication |
CN116707952A (en) * | 2023-06-28 | 2023-09-05 | 南通大学 | Information security transmission method based on Present algorithm |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045170A (en) * | 2010-12-28 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Method and system for protecting safety of password |
CN103338201A (en) * | 2013-07-02 | 2013-10-02 | 山东科技大学 | Remote identity authentication method participated in by registration center under multi-sever environment |
CN103368954A (en) * | 2013-07-02 | 2013-10-23 | 山东科技大学 | Smart card registration entry method based on password and biological characteristics |
-
2015
- 2015-08-06 CN CN201510477113.5A patent/CN105119721B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102045170A (en) * | 2010-12-28 | 2011-05-04 | 北京深思洛克软件技术股份有限公司 | Method and system for protecting safety of password |
CN103338201A (en) * | 2013-07-02 | 2013-10-02 | 山东科技大学 | Remote identity authentication method participated in by registration center under multi-sever environment |
CN103368954A (en) * | 2013-07-02 | 2013-10-23 | 山东科技大学 | Smart card registration entry method based on password and biological characteristics |
Non-Patent Citations (4)
Title |
---|
R. MADHUSUDHAN等: "Weaknesses of a dynamic based remote user authentication protocol for multi-server environmentID", 《JOURNAL OF COMPUTER AND COMMUNICATIONS》 * |
TE-YU CHEN等: "Towards secure and efficient user authentication scheme using smart card for multi-server environments", 《THE JOURNAL OF SUPERCOMPUTING》 * |
崔建明: "《中国博士学位论文全文数据库(电子期刊)》", 30 September 2013 * |
张莹: "《中国硕士学位论文全文数据库(电子期刊)》", 31 December 2014 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107294725A (en) * | 2016-04-05 | 2017-10-24 | 电子科技大学 | A kind of three factor authentication methods under environment of multi-server |
CN106230840A (en) * | 2016-08-04 | 2016-12-14 | 南京邮电大学 | A kind of command identifying method of high security |
CN106230840B (en) * | 2016-08-04 | 2019-09-10 | 南京邮电大学 | A kind of command identifying method of high security |
CN108400962A (en) * | 2017-02-08 | 2018-08-14 | 上海格尔软件股份有限公司 | A kind of Authentication and Key Agreement method under multiserver framework |
CN107425964A (en) * | 2017-05-09 | 2017-12-01 | 哈尔滨工业大学深圳研究生院 | Three-side password authentication and key agreement protocol based on the fault-tolerant smart card of information leakage |
CN109088888A (en) * | 2018-10-15 | 2018-12-25 | 山东科技大学 | A kind of safety communicating method and its system based on smart card |
CN109088888B (en) * | 2018-10-15 | 2021-02-05 | 山东科技大学 | Secure communication method and system based on smart card |
CN110708337A (en) * | 2019-10-30 | 2020-01-17 | 山东浪潮商用***有限公司 | Big data security framework system based on identity authentication |
CN110708337B (en) * | 2019-10-30 | 2022-06-28 | 浪潮软件科技有限公司 | Big data security framework system based on identity authentication |
CN116707952A (en) * | 2023-06-28 | 2023-09-05 | 南通大学 | Information security transmission method based on Present algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN105119721B (en) | 2018-05-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Jiang et al. | Three-factor authentication protocol using physical unclonable function for IoV | |
CN105119721A (en) | Three-factor remote identity authentication method based on intelligent card | |
CN101170407B (en) | A method for securely generating secret key pair and transmitting public key or certificate application file | |
JP6973385B2 (en) | Authentication system, authentication method and program | |
CN105141425B (en) | A kind of mutual authentication method for protecting identity based on chaotic maps | |
CN109327313A (en) | A kind of Bidirectional identity authentication method with secret protection characteristic, server | |
CN103338201B (en) | The remote identity authentication method that under a kind of environment of multi-server, registration center participates in | |
Kumar | A New Secure Remote User Authentication Scheme with Smart Cards. | |
CN101958913B (en) | Bidirectional ID (Identity) authentication method based on dynamic password and digital certificate | |
CN101902476A (en) | Method for authenticating identity of mobile peer-to-peer user | |
CN103368954B (en) | A kind of smart card registration entry based on password and biological characteristic | |
CN105072110A (en) | Two-factor remote identity authentication method based on smart card | |
CN103853950A (en) | Authentication method based on mobile terminal and mobile terminal | |
CN105871553A (en) | Identity-free three-factor remote user authentication method | |
CN101697540A (en) | Method for authenticating user identity through P2P service request | |
CN103338202B (en) | A kind of long-distance user's password double verification method based on smart card | |
GB2434724A (en) | Secure transactions using authentication tokens based on a device "fingerprint" derived from its physical parameters | |
CN103347018A (en) | Long-distance identity authentication method based on intelligent card and under multiple-service environment | |
CN104767624A (en) | Remote protocol authentication method based on biological features | |
CN106921663A (en) | Identity based on intelligent terminal software/intelligent terminal continues Verification System and method | |
CN104065487A (en) | Random secret value IBC identity authentication method based on digital fingerprint | |
CN103701787A (en) | User name password authentication method implemented on basis of public key algorithm | |
CN104901809A (en) | Remote authentication protocol method based on password and intelligent card | |
CN116388995A (en) | Lightweight smart grid authentication method based on PUF | |
CN105682092B (en) | Bidirectional authentication method based on short-distance wireless communication technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20151202 Assignee: Qingdao Huaheng Shengtai Electronic Technology Co.,Ltd. Assignor: SHANDONG University OF SCIENCE AND TECHNOLOGY Contract record no.: X2023370010006 Denomination of invention: A three-factor remote identity authentication method based on smart card Granted publication date: 20180529 License type: Common License Record date: 20230106 |