CN113115307A

CN113115307A - Two-factor identity authentication method oriented to smart home scene

Info

Publication number: CN113115307A
Application number: CN202110386425.0A
Authority: CN
Inventors: 邹仕洪; 曹强; 徐国爱; 王晨宇; 徐国胜
Original assignee: Beijing University of Posts and Telecommunications
Current assignee: Beijing University of Posts and Telecommunications
Priority date: 2021-04-12
Filing date: 2021-04-12
Publication date: 2021-07-13
Anticipated expiration: 2041-04-12
Also published as: CN113115307B

Abstract

The invention discloses a two-factor identity authentication method in an intelligent home scene, and belongs to the technical field of information security. The invention comprises the following steps: in the registration stage, a user calculates a random hash value by using a national secret algorithm, and a gateway calculates a secret value for the user according to the hash value; in the authentication and negotiation stage, a user transmits request information containing equipment identity identification to a gateway, after the gateway and the equipment pass verification, the equipment performs elliptic curve multiplication twice to generate a session key, and simultaneously, generated authentication information contains parameters generated by binding self secret values with random parameters through XOR operation; the equipment sends the ciphertext and the authentication information to the user through the gateway, and after the authentication is passed, the user obtains the session key and establishes a session with the equipment. The invention avoids the attack of the internal user to obtain the plaintext identity of the user, can effectively resist the node capture attack and the user counterfeit attack, ensures the correctness of the session key negotiated by each legal user and the equipment, and greatly reduces the consumption of the storage space.

Description

Two-factor identity authentication method oriented to smart home scene

Technical Field

The invention belongs to the technical field of information security, relates to an identity information authentication method, and particularly relates to a two-factor identity authentication method under a wireless sensor network facing a single gateway.

Background

The intelligent Home (Smart Home) connects various devices in the Home such as audio and video devices, lighting systems, curtain control, air conditioner control, security systems, digital cinema systems, audio and video servers, video cabinet systems, network Home appliances and the like together through the Internet of things technology, and provides multiple functions and means such as Home appliance control, lighting control, telephone remote control, indoor and outdoor remote control, anti-theft alarm, environment monitoring, heating and ventilation control, infrared forwarding, programmable timing control and the like. Compared with the common home, the intelligent home has the traditional living function, integrates the functions of building, network communication, information household appliance and equipment automation, provides an all-around information interaction function, and even saves funds for various energy expenses. The smart home is a communication link built through a Wireless Sensor Network (WSNs) to intelligently control home equipment, so that intelligent beautiful life is realized. Furthermore, the intelligent home based on the Internet of things environment comprises a family user, a gateway and a large number of equipment nodes. The family user is mainly responsible for issuing instructions to the gateway and the equipment node according to the living needs of the family user; the gateway is used as an intermediate device of the wireless network and is mainly responsible for realizing the management of the home user and the device node and the required information exchange between the home user and the device node; the equipment nodes can cooperatively monitor the information covered by the home network area, and allow the home user to access the real-time data in the equipment nodes to acquire the state of the intelligent household equipment. The device nodes are typically low-power devices equipped with one or more sensors, memory, processors, radios, power supplies and actuators that may be deployed in any corner of the home as desired by the home user, but are limited in their memory and computing capabilities, and the resources that the device nodes can process and compute are limited. Under a common condition, data sensed by the equipment nodes are transmitted through a household wireless public network, so that the intelligent home under the wireless sensor network is easily attacked by various malicious users in the public network, the intelligent home equipment cannot normally function, and the life quality of people in the intelligent home environment is seriously influenced. Therefore, it is important to provide an identity authentication and key agreement protocol capable of ensuring the safe operation of the smart home environment to verify the legal identity of the user and encrypt the communication content.

Under the intelligent home environment, a complete two-factor identity authentication comprises 3 types of participants: one gateway, one to many home users, and a large number of device nodes. Considering that the computing resources and the storage resources of the device nodes are limited, the identity authentication and key agreement protocol should be lightweight, and meanwhile, the identity authentication and key agreement protocol can resist various known attacks and has ideal properties such as user anonymity and forward security.

The identity authentication process under the intelligent home environment comprises the following steps: in the registration stage, the home user and the equipment node are registered in the gateway to prepare for the subsequent authentication of the home user and the equipment node; in the login and authentication stage, a user wants to access data of a certain equipment node in real time, firstly, an access request is initiated to a gateway, then the gateway authenticates a registered home user, the authentication is passed, the gateway transmits the user request to the equipment node, and the equipment authenticates the gateway; after passing the authentication, the equipment node generates and sends data to the gateway, and the gateway authenticates the equipment node again; and after the authentication is passed, the gateway calculates and sends data to the home user, and finally the home user and the equipment node negotiate a consistent session key. After the authentication phase is over, the user and the device node will use the same session key for encrypting subsequent communications.

Under the intelligent home environment, the existing password-based two-factor remote user identity authentication protocol generally has serious security problems and storage problems: 1) off-line password guessing attacks based on smart cards or mobile devices cannot be resisted. Most authentication protocols have previously been based on the basic assumption that a smart card or mobile device is tamper resistant, i.e. data in the smart card or mobile device is not available to attackers. However, with the development of various attack analysis technologies, it has become a recognized fact that attackers can acquire data in smart cards or mobile devices. Most of the previous protocols are no longer valid under this new assumption. Further in an offline password guessing attack, after an attacker has acquired data in the smart card or mobile device, the user can successfully guess the correct password offline. 2) Off-line password guessing attacks based on the open channel cannot be resisted. The attacker checks the correctness of the guessed password by using the traditional method of guessing the password and further using the parameters which are transmitted by the legal user and the equipment node through the public channel and contain the user password when negotiating the session key, thereby obtaining the password of the user. 3) And (4) anonymous registration. In most of the existing related identity authentication protocols, a legal user needs to submit an identity ID to a registration center, so that identity privacy information of the user is very easy to be acquired by an internal attacker. 4) Forward security issues. The forward security can ensure that even if the system is broken, the former communication content can not be acquired by an attacker, the loss of the broken system can be greatly reduced, and the forward security is an important security attribute in a high-security requirement environment. Such as the recently promulgated TLS1.3 standard and WPA3 standard, require that the user authentication protocol achieve forward security. However, most of the current smart home-oriented user identity authentication protocols cannot effectively meet the security requirement. 5) The internal user counterfeiting attack cannot be effectively resisted. After negotiating a session key with a node, an internal legal user is further converted into an attacker, parameters transmitted to the equipment node by a next user are intercepted through a public channel, and the node is counterfeited and is negotiated with the next legal user to calculate the session key, so that the next user negotiates the session key with the attacker instead of the node. 6) The node capture attack cannot be effectively resisted. Once the key secret parameters are decomposed by an attacker, the key negotiated by the legal user and the decomposed node is completely recovered. 7) Usually, after a large number of users successfully register with the gateway, the gateway needs to store the identity IDs of the large number of users and the related authentication parameters, which is very easy to consume the limited storage space of the gateway. Therefore, in the present day when WSNs are widely applied to high security requirement scenarios, it is necessary to design a two-factor identity authentication method that can solve the above 6 security problems and 1 storage problem.

Disclosure of Invention

The invention provides a two-factor identity authentication method oriented to an intelligent home scene, aiming at solving the problems of safety and storage commonly existing in the two-factor identity authentication in the current intelligent home environment.

The invention provides a two-factor identity authentication method oriented to an intelligent household scene, which comprises the following steps:

step 1, a gateway selects a secret key X and a base point P, calculates a public key X, and calculates a gateway secret value h (GID | X) by using a national secret algorithm h (·); the GID is the identity of the gateway; the gateway stores X and h (GID | | X) and discloses GID and X;

step 2, registering equipment nodes and users;

the device node registration comprises: device node S_kIdentify the SID_kTransmitted to the gateway through a safety channel, the gateway is S_kCalculating a secret value k_GS＝h(SID_k| x), and sends k_GSAnd h (GID | | x) to the device S_k(ii) a Device node S_kStoring the secret value k locally_GSAnd a gateway secret value h (GID | | x);

the user registration includes: user U_iInput identity ID_iAnd password PW_iSelecting a random number r, and calculating a hash value HPW_i＝h(ID_i||PW_i)mod n₀And information

User U_iInformation A₀Sending the data to the gateway through a safety channel; the gateway is a user U_iCalculating a secret value k_GU＝h(A₀| x), computing information

Then the information A is processed₁The SUM is stored in the smart card and sent to the user U_i(ii) a SUM is the number of times that the user tries to verify, and the initial value is 0; user U_iAfter receiving the smart card, calculating

Calculating information A₂＝h(ID_i||HPW_i||k_GU)mod n₀Is updated again

Smart card storage A₁,A₂,SUM；n₀Is a large prime number of 256 bits;

step 3, the user inputs the identity and the password to the smart card, and the smart card verifies whether the user is a legal user; when the user logs in successfully, according to the equipment node S to be accessed_kIdentity SID of_kComputing the request information DID_i,A₄,M₁,V₁Sending the data to a gateway;

first, the smart card selects a random number a, r₁,r′₁∈[1,n-1]Calculating A₄＝r₁·P,W＝r₁·X；

Secondly, calculate

Calculating an intermediate parameter V₁＝h(h(r₁||a)||r′₁||M₁||A₄||SID_k) (ii) a n is a recommended value of the SM2 elliptic curve parameter;

step 4, the authentication and key agreement stage includes the following 4 stages:

(1) the gateway calculates and recovers by using x and h (GID | | | x) after receiving the request information

Computing

(ii) a If it is

And V₁Equality, the gateway computes the symmetric key k_GS＝h(SID_k| x), a random number r is selected₂∈[1,n-1]Using the SM4 algorithm for h (r)₁||a)||GID||A₄||r₂Encryption generates SM4 ciphertext M₂And calculates the information V₂＝h(SID_k||h(r₁||a)||GID||k_GS||A₄||r₂) (ii) a Gateway sends information M₂,V₂To the device S_k；

(2) Device S_kReceiving information M₂,V₂Then, using the stored k_GSDecrypting M₂And calculate

If it is

And V₂Equal; device S_kSelecting a random number r₃Calculating intermediate data A₅＝r₃·P,A₆＝r₃·A₄Calculating a session key SK with the user and intermediate data M for authentication₃,N₃,V₃,Y₃(ii) a Device sending information M₃,N₃,V₃,Y₃To the gateway; SK-h (h (r)₁||a)||GID||SID_k||A₆)；

V₃＝h(A₅||h(SK||r₂)||k_GS))；

(3) Gateway receives information M₃,N₃,V₃,Y₃Then, the self-stored h (GID | | x) is utilized to calculate the equipment identity

And recovering the key

Calculating the parameters

Comparison of

And V₃If they are equal, the gateway will x.A₄As a symmetric key, the SM4 algorithm is used for A₅Encrypting to generate ciphertext M₄And calculates authentication information V₄＝h(h(SK||A₅)||x·A₄) Wherein the secret value

Gateway sends information M₄,V₄Sending the data to a user;

(4) the user is receiving the information M₄,V₄Thereafter, the ciphertext M is decrypted using the data W calculated at login₄Recovery

And recovering the information

Comparison of

And V₄If the two are equal, the user receiving equipment node S_kShared session key SK, and device node S_kA session is established.

Compared with the prior art, the invention has the advantages and positive effects that:

(1) on the user noteIn the registration stage, the plaintext identity is not required to be uploaded to the gateway, and only the random hash value A containing the user identity is used₀To the gateway, which cannot directly follow A₀The plaintext identity of the user is obtained, so that anonymous registration of a legal user is realized, and the plaintext identity of the user is obtained by internal user attack;

(2) in the authentication and key agreement stage, the equipment node adopts two times of elliptic curve multiplication to generate a session key SK which is the same as a legal user, and an attacker can further obtain a W value of the user and decrypt M even if the attacker has a long-term key and/or a secret value of the gateway₄To obtain A₅And yet further can intercept A₄However, due to the elliptic curve computational Diffie-Hellman problem, an attacker still cannot recover the session key generated by the previous device node; therefore, the invention can effectively solve the problem of forward security;

(3) in the authentication and key agreement stage, the equipment node adopts two times of elliptic curve multiplication to generate a session key SK which is the same as a legal user, and even if an attacker has a secret value k of the equipment node_GSFurther attackers may intercept A₄Further by intercepted N₃To obtain A₅However, due to the elliptic curve computational Diffie-Hellman puzzle, an attacker still cannot compute A₆Furthermore, the session key generated by the previous equipment node cannot be recovered, so that the node capture attack is effectively resisted;

(4) in the authentication and key agreement phase, the device node uses its own secret value k_GSBound simultaneously to random data A₅,r₂Generating intermediate data Y₃And the legal user does not have r₂Cannot be unilateral from Y₃To the secret value k of the device node_GSFurther, the parameters related to the session key of the next legal user in the public channel cannot be recovered, and the node cannot be counterfeited to calculate the correct session key for the next legal user; therefore, the method of the invention can resist the user counterfeit attack and ensure the correctness of the session key negotiated by each legal user and the equipment node;

(5) the gateway only needs to store the relevant parameters of the gateway without storing a large number of identity IDs (identity) and relevant password verification table items of registered users, thereby greatly reducing the consumption of storage space and simultaneously realizing the effective verification of the legal identities of the users.

Drawings

FIG. 1 is a schematic overall flow chart of the two-factor identity authentication method of the present invention;

FIG. 2 is a flow chart of an implementation of the two-factor identity authentication method of the present invention in the registration phase;

fig. 3 is a flow chart of the implementation of the login and session key agreement process in the two-factor identity authentication method of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples.

In an intelligent home scene, the limited computing power of equipment nodes and various safety problems which emerge endlessly are main problems to be solved by a two-factor identity authentication method. In order to design a technical scheme capable of solving the six safety problems and one storage problem, the invention considers the following implementation technologies:

1) when a legal user registers in the gateway, only the identity and the password of the user are needed to be applied to the modular operation, and the result is stored in the intelligent card. The periodicity of the modular operation directly causes that an attacker cannot effectively guess the password of the user, thereby avoiding the attack guessing based on the offline password of the smart card or the mobile equipment; the legal user is equal to the family user;

2) when a legal user negotiates a session key with the equipment node, the secure SM4 cryptographic algorithm and the elliptic curve multiplication operation recommended by the SM2 cryptographic algorithm are correctly used, and the identity and password information related to the user are embedded into the message in the public channel. Therefore, an attacker cannot effectively crack a safe national cryptographic algorithm, cannot effectively solve the problem of discrete logarithm difficulty, and further cannot check the correctness of the guessed password by using the parameters in the public channel so as to resist the off-line password guessing attack based on the public channel;

3) when a legal user registers in the gateway, only the random hash value containing the user identity is transmitted to the gateway. The gateway can not obtain the effective plaintext identity of the legal user, so that the anonymous registration of the legal user is realized;

4) based on the elliptic curve computational Diffie-Hellman problem, the equipment node generates the session key the same as that of the legal user by adopting twice elliptic curve multiplication operations. Even if an attacker has a long-term key or a secret value of a gateway or both the long-term key and the secret value, the attacker cannot effectively break through the computational Diffie-Hellman problem of the elliptic curve and further cannot recover the session key generated by the previous equipment node, so that the problem of forward security is effectively solved;

5) after the device node negotiates the session key, the device node binds the secret value of the device node to the parameter containing the session key sent to the gateway and the parameter about the session key sent to the user by the gateway. Therefore, the legal user cannot unilaterally send the parameters containing the session key from the device node to the gateway, and the secret value of the device node is taken from the parameters about the session key sent by the gateway to the user, so that the parameters related to the session key in the public channel cannot be further recovered, the node cannot be counterfeited to calculate the correct session key for the next legal user, and further the authentication of the gateway cannot be passed.

6) Based on the elliptic curve computational Diffie-Hellman problem, the equipment node generates the session key the same as that of the legal user by adopting twice elliptic curve multiplication operations. Even if an attacker has the secret value of the equipment node, the attacker cannot effectively break through the elliptic curve computational Diffie-Hellman problem and further cannot recover the session key generated by the equipment node, so that the node capture attack is effectively resisted.

7) After the user successfully registers in the gateway, the gateway only needs to store the self long-term key x and the secret value h (GID | | | x), and does not additionally store a large number of Identities (IDs) of registered users and related verification table entries for verifying the user password.

In addition, in order to adapt to the smart home scene, the method has the flexible characteristic that the equipment nodes are added at any time according to needs, the method supports the function of dynamic addition of the equipment nodes, newly purchased equipment nodes only need to be simply registered with the gateway, and after the gateway broadcasts the identity of the new equipment nodes, the new equipment nodes can negotiate the secret key with the home user. Meanwhile, in order to embody user friendliness, the method of the invention also supports user password updating.

As shown in fig. 1 and 2, the two-factor identity authentication method oriented to the smart home scene specifically includes 6 steps, which are respectively: system initialization, equipment node and user registration, user login, authentication and key agreement, password updating and dynamic node addition. The symbols used in the following description of the steps and their meanings are shown in Table 1.

TABLE 1 symbol definitions

Step 1, system initialization.

Based on SM2 algorithm standard issued by the State crypto administration, gateway GWN selects elliptic curve E (F) with prime number domain of 256 bits_q)，F_qDenotes the prime number field, q is 256, in E (F)_q) The upper selection base point P (P ≠ 0), and the long-term secret (private) key x ∈ F_qAnd selecting a unique identity GID, calculating a secret value h (GID | | X) and a public key X ═ x.P, and finally saving { X, h (GID | | X) } by the gateway and disclosing the identity GID and the public key X.

In addition, the gateway also needs to be a node S for each device_kSelecting unique identification SID_kStoring it in the device node S_kAnd deploy the device nodes to target areas of rooms in the home.

And 2, registering each equipment node and the user.

Step 2.1, device node S_kThe registration stage (2) comprises the following R11-R13:

R11：

SID_ki.e. the device node S_kIdentify the SID_kAnd transmitting the information to a gateway GWN through a safety channel.

R12：

{h(GID||x),k_GSGWN is a device node S_kCalculating a secret value k_GS＝h(SID_k| x), and the secret values h (GID | | x) and k are transmitted through the secure channel_GSTo the device node S_k。

R13：S_kStorage k_GSH (GID | | x) to a secure storage unit.

Step 2.2, user U_iThe registration stage (2) comprises the following R21-R23:

R21：

A₀user U_iA to be calculated₀And transmitting the information to a gateway GWN through a safety channel.

User U_iInput (ID)_i,PW_i) Computing a secret value h (ID)_i||PW_i) And a random number r is selected and then calculated as follows:

first computing a hash value HPW_i＝h(ID_i||PW_i)mod n₀,n₀Is 1 to 2 of 256 bits²⁵⁶A large prime number in between;

HPW hash value_iExclusive or with a random number r to obtain

Information A₀A string of 256 bits 0 and 1.

R22：

A smart card. Gateway GWN stores A calculated as user₁The SUM value is sent to the user U by the smart card_i。

GWN receives user U_iSent information A₀First, user U_iCalculating a secret value k_GU＝h(A₀| x), then calculate the data

GWN then sets the parameter A₁The SUM is stored in the smart card and sends the smart card to the user U_i. SUM refers to the number of times the user is allowed to attempt authentication, and in the embodiment of the present invention, a maximum value of 3 is set, and an initial value is 0.

R23: after the user receives the smart card, the secret value A is updated₁The following are:

according to A in the smart card₁Computing

Recalculating the intermediate value A₂，

A₂＝h(ID_i||HPW_i||k_GU)mod n₀；

Updating secret values

n₀Is a large prime number of 256 bits.

Finally, the smart card stores<A₁,A₂,SUM>。

The periodicity of the modulo operation directly results in that an attacker cannot effectively guess the user's password, thereby avoiding off-line password guessing attacks based on smart cards or mobile devices.

Step 3, logging in by the user, wherein the logging in comprises the following steps of L1-L3:

l1: user U_iEnter a user name and password

In the smart card, the smart card verifies the input user identity, and firstly calculates:

then, compare A₂ ^*And A₂If equal, if A₂ ^*＝A₂If the user identity authentication is passed, the step L2 is carried out continuously; otherwise, the SUM value is automatically increased by 1, and the user tries to input another value again

And performing identity authentication. If the SUM value exceeds the preset maximum value, terminating the session, and freezing the user account until U_iAnd (6) re-registering.

L2: smart card selecting random number a, r₁,r′₁∈[1,n-1]N is the recommended value of the elliptic curve parameter of the SM2 algorithm, and intermediate data A is calculated₄＝r₁·P,W＝r₁X, then select the device node S to access_kIdentity SID of_kAnd further calculating:

V₁＝h(h(r₁||a)||r′₁||M₁||A₄||SID_k)

wherein, DID_i、M₁、V₁Are all intermediate parameters. DID_i,A₄,M₁,V₁For negotiating a session key with the device node.

L3：U_i→GWN:{DID_i,A₄,M₁,V₁The user will request the information DID_i,A₄,M₁,V₁And sending the data to the gateway.

Step 4, authentication and key agreement stage, including V1-V10:

v1: gateway receives user U_iThe request information of (2) is calculated as follows by using the secret value x, h (GID | | x) stored in itself:

wherein, the gateway passes the information DID sent by the user_i、A₄、M₁Is recovered to

And then calculate out

The proxy is a random number recovered (or calculated) by the gateway. Then compare

And V₁If yes, indicating that the request information authentication is passed, and continuing to step V2; otherwise, the session is terminated.

When in use

And V₁When equal, the information indicating the gateway recovery is correct, i.e.

V2: GWN selection random number r₂∈[1,n-1]Calculating k_GS＝h(SID_k| x), and k is added_GSAs symmetric key, the SM4 algorithm pair h (r) is used₁||a)||GID||A₄||r₂Encrypt and generate SM4 ciphertext

Further calculating authentication information V₂＝h(SID_k||h(r₁||a)||GID||k_GS||A₄||r₂)。

V3：GWN→S_k:{M₂,V₂The gateway sends the information M₂,V₂To the device S_k。

V4：S_kUsing k of the previously registered store_GSDecrypting M₂Recovery

And calculate

Further comparison

And V₂If yes, it indicates that the received information authentication is passed and the information recovered by the device is correct, and the process continues to step V5; otherwise, the session is terminated.

When in use

And V₂Equal when the equipment is recovered

V5：S_kSelecting a random number r₃Then, calculate:

A₅＝r₃·P,A₆＝r₃·A₄and U is_iIs equal to h (r)₁||a)||GID||SID_k||A₆) And an

V₃＝h(A₅||h(SK||r₂)||k_GS)),

M₃,N₃,V₃,Y₃Are all intermediate parameters.

V6：S_k→GWN:{M₃,N₃,V₃,Y₃}, device S_kSending information M₃,N₃,V₃,Y₃To the gateway.

V7: GWN calculates the secret value h (GID | x) stored by itself

Calculating parameters for recovery

Then compare

And V₃If yes, continue to step V8; otherwise, the session is terminated.

When in use

And V₃Equal, the received information of the representative gateway passes the authentication, the gateway calculates the recovered information to be correct,

v8: GWN calculation

And x.A₄As symmetric key, useSM4 Algorithm pair A₅Encrypt and generate SM4 ciphertext

Further calculate V₄＝h(h(SK||A₅)||x·A₄)。

V9：GWN→U_i:{M₄,V₄The gateway sends the information M₄,V₄Sent to user U_i。

V10：U_iDecrypting SM4 ciphertext M with previously logged-in stored W₄Recovery

And calculating:

further comparison

And V₄If equal, the receiving device node S_kShared session key SK, user and device node S_kAnd establishing a session to finish the user identity authentication. Otherwise, the session key generated by the device node is not accepted.

In addition, in order to adapt to the flexible characteristic that the equipment nodes are added at any time according to needs in the intelligent household scene, the method supports the function of dynamic addition of the equipment nodes, newly purchased equipment nodes only need to be simply registered with the gateway, and after the gateway broadcasts the identity of the new equipment nodes, the new equipment nodes can negotiate the secret key with the household user. Meanwhile, in order to embody user friendliness, the method supports user password updating.

And 5: and a password updating phase. User U_iCan be locally carried out according to the following steps of U1-U2The new password:

u1: user U_iInput device

To smart cards, smart card computing

Then compare A₂ ^*And A₂If equal, continue to step U2; otherwise, the session is terminated.

U2: the smart card accepts the request according to the new password entered

Calculating new parameters:

in the smart card<A₁,A₂>Is updated to

Step 6: the device nodes are dynamically increased.

In order to meet the requirements of intelligent household life quality, the increase of dynamic equipment nodes is undoubtedly necessary, and a new equipment node S is adopted_tWant to add to the existing household life, S_tOnly a registration request needs to be initiated to the gateway as in step 2.1. S_tAfter successful registration, GWN broadcasts S_tIdentity SID of_tTo let other family users know S_tIdentity SID of_t。

Claims

1. A two-factor identity authentication method oriented to an intelligent household scene is characterized by comprising the following steps:

step 2, registering equipment nodes and users;

when the equipment node is registered, the secret value k calculated for the equipment at the local storage gateway_GSAnd a secret value h (GID | | x) of the gateway;

Calculating information A₂＝h(ID_i||HPW_i||k_GU)mod n₀Is updated again

Smart card storage A₁，A₂，SUM；n₀Is a large prime number of 256 bits;

step 3, the user inputs the identity and the password to the smart card, and the smart card verifies whether the user is a legal user; when the user logs in successfully, according to the equipment node S to be accessed_kIdentity SID of_kComputing the request information DID_i，A₄，M₁，V₁Sending the data to a gateway;

wherein the smart card selects the random number a, r₁，r′₁∈[1，n-1]Calculating intermediate data A₄＝r₁·P，W＝r₁X, calculating intermediate data

V₁＝h(h(r₁||a)||r′₁||M₁||A₄||SID_k) (ii) a n is a recommended value of the SM2 elliptic curve parameter;

step 4, the authentication and key agreement stage includes:

Computing

If it is

And V₁Equality, the gateway computes the symmetric key k_GS＝h(SID_k| x), a random number r is selected₂∈[1，n-1]Using the SM4 algorithm for h (r)₁||a)||GID||A₄||r₂Encryption generates SM4 ciphertext M₂And calculates the information V₂＝h(SID_k||h(r₁||a)||GID||k_GS||A₄||r₂) (ii) a Gateway sends information M₂，V₂To the device S_k；

(2) Device S_kReceive toInformation M₂，V₂Then, using the stored k_GSDecrypting M₂And calculate

If it is

And V₂Equal; device S_kSelecting a random number r₃Calculating intermediate data A₅＝r₃·P，A₆＝r₃·A₄Calculating a session key SK with the user and intermediate data M for authentication₃，N₃，V₃，Y₃(ii) a Device sending information M₃，N₃，V₃，Y₃To the gateway; SK-h (h (r)₁||a)||GID||SID_k||A₆)；

V₃＝h(A₅||h(SK||r₂)||k_GS))；

(3) Gateway receives information M₃，N₃，V₃，Y₃Then, the self-stored h (GID | | x) is utilized to calculate the equipment identity

And recovering the secret key

Calculating parameters

Comparison

And V₃If the two phases are in phaseEtc. the gateway will x.A₄As a symmetric key, the SM4 algorithm is used for A₅Encrypting to generate ciphertext M₄And calculates authentication information V₄＝h(h(SK||A₅)||x·A₄) Wherein the secret value

Gateway sends information M₄，V₄Sending the data to a user;

(4) the user is receiving the information M₄，V₄Thereafter, the ciphertext M is decrypted using the data W calculated at login₄Recovery

And recovering information

Comparison

2. The method according to claim 1, wherein in step 1, the gateway selects an elliptic curve with a prime number field of 256 bits, and selects a base point P on the curve, where P ≠ 0; the public key X is X · P.

3. The method according to claim 1, wherein in step 3, the smart card verifies the inputted user identity by: entering a user identity

And password

Computing hash values

And a secret value

Then compare A₂ ^*And A₂Whether the identity is equal or not, if so, the identity authentication is passed, and the user login is successful; otherwise, let the user re-input

And PW_i ^*Carrying out verification; and if the verification times exceed the set SUM maximum value, terminating the session and freezing the user account.

4. The method according to claim 1, wherein in step 4 (1), the gateway obtains the DID from the received request message_i，A₄，M₁Then calculate

Respectively as follows:

5. the method according to claim 1 or 4, wherein in step 4 (3), the gatewayComputing

The following were used:

and then calculates recovery parameters

6. The method according to claim 1, wherein in step 4 (4), the user calculates the recovery data

The method comprises the following steps:

according to

Computing trust

And then calculates the session key

Computing

7. The method of claim 1, wherein the method performs the following operations when the user performs password update:

firstly, a user inputs an identity and a password to a smart card, and the smart card verifies whether the user is a legal user;

after the verification is passed, the smart card receives a password updating request of a user, and calculates new parameters according to an input new password as follows:

wherein the content of the first and second substances,

is a user U_iThe new password entered;

then, the smart card stores A in the card₁，A₂Is updated to