CN114697046B - Security authentication method and system based on SM9 secret - Google Patents

Security authentication method and system based on SM9 secret Download PDF

Info

Publication number
CN114697046B
CN114697046B CN202210611039.1A CN202210611039A CN114697046B CN 114697046 B CN114697046 B CN 114697046B CN 202210611039 A CN202210611039 A CN 202210611039A CN 114697046 B CN114697046 B CN 114697046B
Authority
CN
China
Prior art keywords
signature
terminal
data
private key
kgc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210611039.1A
Other languages
Chinese (zh)
Other versions
CN114697046A (en
Inventor
路博
杨良
刘凯雄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Sanxiang Bank Co Ltd
Original Assignee
Hunan Sanxiang Bank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Sanxiang Bank Co Ltd filed Critical Hunan Sanxiang Bank Co Ltd
Priority to CN202210611039.1A priority Critical patent/CN114697046B/en
Publication of CN114697046A publication Critical patent/CN114697046A/en
Application granted granted Critical
Publication of CN114697046B publication Critical patent/CN114697046B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The disclosure relates to a security authentication method and system based on a SM9 secret, wherein the method comprises the following steps: responding to a first data request initiated by a second terminal to acquire first data and generate a signature private key request; sending a signature private key request to a key generation center KGC, receiving a signature master public key and a plurality of private key fragment data returned by the KGC in response to the signature private key request, combining the plurality of private key fragment data to form a signature private key, generating the signature private key by the KGC based on a terminal identifier of a first terminal and a signature master private key, determining the signature master private key by a first random number generated by the KGC, and generating the signature master public key by the KGC based on the signature master private key and system parameters; and generating a signature private key based on the plurality of private key fragment data, performing signature processing on the first data based on the signature private key and the signature master public key to obtain signature data, and sending the signature data to the second terminal so that the second terminal performs signature verification based on the terminal identifier of the first terminal to authenticate the source of the first data.

Description

Security authentication method and system based on SM9 secret
Technical Field
The embodiment of the disclosure relates to the technical field of information network security, in particular to a security authentication method and system based on a SM9 secret.
Background
At present, traditional identity authentication based on Public Key Infrastructure (PKI) needs to rely on a third party Certificate Authority (CA), and a digital Certificate needs to be created for each end user, so that a large number of complicated Certificate exchange and verification processes exist, and Certificate issuance and management are very complicated.
An Identity-Based Cryptograph (IBC) developed on the basis of the traditional PKI has the characteristics of simple protocol, no certificate, simplicity and easiness in deployment and management and the like, and mainly solves the problem that the PKI needs to exchange a large number of digital certificates and verify the digital certificates besides the technical advantages of the PKI. For example, the IBC-based SM9 secret is an asymmetric cryptosystem, and the security authentication system constructed based on the SM9 secret has the advantages of high-efficiency operation, simple deployment and convenience in operation and maintenance.
However, although the SM 9-based security authentication system does not require a complicated process of exchanging and verifying certificates, there still exist some security problems in itself, for example, a user private Key generated by a Key Generation Center (KGC), such as a user signature private Key, may be leaked during transmission, which may seriously jeopardize the security of user information.
Disclosure of Invention
In order to solve the technical problem or at least partially solve the technical problem, embodiments of the present disclosure provide a security authentication method and system based on a secret SM 9.
In a first aspect, an embodiment of the present disclosure provides a security authentication method based on a secret SM9, which is applied to a first terminal, and the method includes:
responding to a first data request initiated by a second terminal, acquiring first data and generating a signature private key request, wherein the signature private key request and the first data at least carry a terminal identifier of the first terminal;
sending the signature private key request to a key generation center KGC, and receiving a signature master public key and a plurality of private key fragment data returned by the KGC in response to the signature private key request; the plurality of pieces of private key data are used for combining to form a signature private key, the signature private key is generated by the KGC based on a terminal identifier of the first terminal and a signature master private key, the signature master private key is determined by a first random number generated by the KGC, and the signature master public key is generated by the KGC based on the signature master private key and system parameters;
generating a signature private key based on the plurality of private key fragment data, and performing signature processing on the first data based on the signature private key and the signature master public key to obtain signature data;
and sending the signature data to the second terminal so that the second terminal performs signature verification based on the terminal identification of the first terminal to authenticate the source of the first data.
In an embodiment, the plurality of private key fragment data each carry a specific data identifier and are stored in different storage locations in the KGC database, and each specific data identifier is associated with each storage location in a one-to-one correspondence, and is uniquely mapped and associated with the terminal identifier of the first terminal.
In one embodiment, the method further comprises:
resending the signature private key request to the KGC;
and receiving the plurality of private key fragment data which are acquired and returned by the KGC from different storage positions in the KGC database in response to the retransmitted signing private key request.
In one embodiment, the method further comprises:
when the number of the currently received encrypted data requests is determined to be larger than a preset value, generating a first indication message, and sending the first indication message to the KGC, wherein the first indication message indicates the KGC to generate a specified secret key;
generating a second random number and a second indication message, and sending the second random number and the second indication message to the second terminal, where the second indication message indicates the second terminal to obtain the specified key from the KGC, and encrypt the second random number based on the specified key to obtain a first encrypted random number;
acquiring the specified secret key from the KGC, and locally encrypting the second random number based on the specified secret key to obtain a second encrypted random number;
and receiving the first encrypted random number sent by the second terminal, comparing whether the first encrypted random number is the same as the second encrypted random number, if so, successfully authenticating, and directly returning encryption request data to the second terminal.
In one embodiment, the specified key is generated by the KGC based on the signer master public key, the terminal identity of the first terminal, and the terminal identity of the second terminal.
In one embodiment, the first data request carries a terminal identifier of the second terminal and face feature information of a user who initiated the first data request, and the method further includes:
the signature data are encrypted to obtain encrypted data based on an SM9 encryption algorithm, the terminal identification of the second terminal and the face feature information of the user initiating the first data request, the encrypted data are sent to the second terminal, so that the second terminal decrypts the encrypted data to obtain the signature data based on an SM9 decryption algorithm, the terminal identification of the second terminal and the face feature information of the user initiating the first data request, and signature verification is performed on the signature data based on the terminal identification of the first terminal.
In one embodiment, the first terminal and the second terminal are internet of things terminals.
In a second aspect, an embodiment of the present disclosure provides a security authentication system based on a secret SM9, which is applied to a first terminal, and the system includes:
the request response module is used for responding to a first data request initiated by a second terminal, acquiring first data and generating a signature private key request, wherein the signature private key request and the first data at least carry a terminal identifier of the first terminal;
the data receiving and sending module is used for sending the signature private key request to a key generation center KGC and receiving a signature master public key and a plurality of private key fragment data returned by the KGC in response to the signature private key request; the plurality of pieces of private key data are used for combining to form a signature private key, the signature private key is generated by the KGC based on a terminal identifier of the first terminal and a signature master private key, the signature master private key is determined by a first random number generated by the KGC, and the signature master public key is generated by the KGC based on the signature master private key and system parameters;
the data signature module is used for generating a signature private key based on the plurality of private key fragment data and carrying out signature processing on the first data based on the signature private key and the signature master public key to obtain signature data;
and the data sending module is used for sending the signature data to the second terminal so that the second terminal performs signature verification based on the terminal identifier of the first terminal to authenticate the source of the first data.
In a third aspect, the disclosed embodiments provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the security authentication method based on the secret SM9 according to any of the above embodiments.
In a fourth aspect, an embodiment of the present disclosure provides an electronic device, including:
a processor; and
a memory for storing a computer program;
wherein the processor is configured to execute the security authentication method based on the secret SM9 according to any one of the above embodiments by executing the computer program.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages:
in the security authentication method and system based on the SM9 secret provided by the embodiment of the present disclosure, in response to receiving a first data request initiated by a second terminal, the first terminal obtains first data and generates a signature private key request, where the signature private key request and the first data at least carry a terminal identifier of the first terminal; sending the signature private key request to a key generation center KGC, and receiving a signature master public key and a plurality of private key fragment data returned by the KGC in response to the signature private key request; the private key fragments are combined to form a private signature key, the private signature key is generated by the KGC based on a terminal identifier of the first terminal and a private signature master key, the private signature master key is determined by a first random number generated by the KGC, and the public signature master key is generated by the KGC based on the private signature master key and system parameters; generating a signature private key based on the plurality of private key fragment data, and performing signature processing on the first data based on the signature private key and the signature master public key to obtain signature data; and sending the signature data to the second terminal so that the second terminal performs signature verification based on the terminal identification of the first terminal to authenticate the source of the first data. Therefore, in the signature authentication process of the SM 9-based security authentication system in this embodiment, after the KGC generates the signature private key of the user, the signature private key is divided into a plurality of private key fragment data and transmitted to the first terminal, the first terminal combines the plurality of private key fragment data to recover the signature private key for signature processing to complete subsequent authentication, that is, the signature private key of the user generated by the KGC is actually transmitted between the KGC and the terminal in the form of the plurality of private key fragment data, and is not easily detected by malicious attack compared with the storage form of one signature private key data, so that the possibility of leakage of the signature private key of the user in the transmission process is reduced, and the security of the user information of the SM 9-based security authentication system is improved. In addition, only the logic level configuration is needed in the KGC, other complex settings such as additional KGC or related auxiliary equipment are not needed, and the cost is saved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the embodiments or technical solutions in the prior art description will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
Fig. 1 is a flowchart of a security authentication method based on a secret SM9 according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a security authentication system architecture based on a secret SM9 according to an embodiment of the present disclosure;
fig. 3 is a flowchart of a security authentication method based on the secret SM9 according to another embodiment of the present disclosure;
fig. 4 is a schematic diagram of a security authentication system based on a secret SM9 according to an embodiment of the present disclosure;
fig. 5 is a schematic diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
It is to be understood that, hereinafter, "at least one" means one or more, "a plurality" means two or more. "and/or" is used to describe the association relationship of the associated objects, meaning that there may be three relationships, for example, "a and/or B" may mean: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
In the current SM9 system, since the KGC generates and stores the master key, the private key (e.g., the private signature key) of the user is generated by combining the master key with the corresponding public algorithm and system parameters. The encryption system and the signature system respectively have a corresponding main public key and a corresponding main private key, for example, a signature main public key corresponding to the signature system, which can be understood with reference to the prior art specifically, and are not described herein again. Therefore, the KGC knows the user private keys of all users, such as the signature private keys, and transmits the signature private keys to the terminal, and the security of the user private keys is based on the trustworthiness of the KGC, which leads to the opening vulnerability of the security system.
In order to solve the above problem, the embodiments of the present disclosure provide a security authentication method and system based on a secret SM 9. Fig. 1 is a flowchart of a security authentication method based on a secret SM9 according to an embodiment of the present disclosure, where the method may be executed by a first terminal 201, such as a server or a computer, and specifically includes the following steps:
step S101: responding to a first data request initiated by a second terminal, acquiring first data and generating a signature private key request, wherein the signature private key request and the first data at least carry a terminal identifier of the first terminal.
For example, as shown in fig. 2, the second terminal 202 may be communicatively connected to the first terminal 201, and both the second terminal 202 and the first terminal 201 may be communicatively connected to the key generation center KGC 203. The second terminal 202 may be a server or a computer, but is not limited thereto. In a communication system, such as an internet of things system, comprising a first terminal 201 and at least one second terminal 202, the second terminal 202 can verify by signature whether the data was indeed sent by the first terminal 201. When the second terminal 202 initiates a first data request to the first terminal 201 to request first data, the first terminal 201 locally acquires the first data X and generates a private signature key request, where the private signature key request is used to request the KGC203 to acquire the private signature key of the first terminal 201. The signing private key request may carry a terminal identification, such as an ID, of the first terminal 201, but is not limited thereto.
Step S102: sending the signature private key request to a key generation center KGC, and receiving a signature master public key and a plurality of private key fragment data returned by the KGC in response to the signature private key request; the plurality of pieces of private key data are used for combining to form a signature private key, the signature private key is generated by the KGC based on a terminal identifier of the first terminal and a signature master private key, the signature master private key is determined by a first random number generated by the KGC, and the signature master public key is generated by the KGC based on the signature master private key and system parameters.
It is understood that in the SM9 system, the master key (master key) includes a master private key and a master public key, wherein the master public key is public and the master private key is kept secret by the KGC. And the KGC generates and stores a user private key by using the main private key and the identification ID of the user. In the identity cryptosystem, the master private key is generally generated by KGC through a random number generator, and the master public key is generated by the master private key in combination with system parameters. In addition, the master key of the signature system is different from the master key of the encryption system. The digital signature algorithm belongs to a signature system, the main key of the digital signature algorithm is a signature main key, the key exchange protocol, the key packaging mechanism and the public key encryption algorithm belong to an encryption system, and the main key of the digital signature algorithm is an encryption main key.
In an example embodiment, the first terminal 201 sends the signature private key request to the KGC203, the KGC responds to the signature private key request, generates a first random number R1 through a random number generator and uses the first random number as a signature master private key P1, and a signature master public key P2 is generated by the KGC based on the signature master private key P1 and system parameters, which may be understood with reference to the prior art specifically and are not described herein again. Then, the KGC generates a private signature key P3, i.e., a private signature key of the user, based on the terminal ID of the first terminal 201 and the private signature master key P1. And then dividing the signature private key P3 into N private key fragment data P31-P3N, wherein N is a natural number greater than or equal to 2, and the N private key fragment data are used for combining to form a complete signature private key P3. Finally, the first terminal 201 receives the signature master public key P2 and a plurality of private key fragment data P31-P3 n returned by the KGC 203.
Step S103: and generating a signature private key based on the plurality of private key fragment data, and performing signature processing on the first data based on the signature private key and the signature master public key to obtain signature data.
For example, the first terminal 201 generates a private signature key P3 based on the received multiple private key fragment data P31-P3 n, for example, generates a private signature key P3 based on the sequence combination of the received multiple private key fragment data P31-P3 n, and then performs signature processing on the first data X based on the private signature key P3 (i.e., the private signature key of the signer) and the public signature master key P2 to obtain the private signature data X ', that is, performs digital signature processing on the first data X to obtain the private signature data X'.
Step S104: and sending the signature data to the second terminal so that the second terminal performs signature verification based on the terminal identification of the first terminal to authenticate the source of the first data.
Illustratively, the first terminal 201 sends the signature data X' to the second terminal 202. The second terminal 203 obtains the terminal ID of the first terminal 201 carried by the first data X from the signature data X', and then performs signature verification based on the terminal ID of the first terminal 201 to authenticate the source of the first data, for example, obtain the signature master public key P2 from the KGC203, and verify the signature based on the signature master public key P2 and the terminal ID of the first terminal 201, that is, the signer ID. As for a more specific process of digital signature verification, it can be understood by referring to the prior art, and the details are not described herein.
In the embodiment, in the process of signature authentication performed by the security authentication system based on SM9, the KGC generates a signature private key of a user, and then divides the signature private key into a plurality of private key fragment data and transmits the data to the first terminal, and the first terminal combines the plurality of private key fragment data to recover the signature private key to perform signature processing to complete subsequent signature authentication, that is, the signature private key of the user generated by the KGC is actually transmitted between the KGC and the terminal in the form of the plurality of private key fragment data, and is not easy to be detected by malicious attack compared with the form of one signature private key data, so that the possibility of leakage of the signature private key of the user in the transmission process is reduced, and the security of the user information of the security authentication system based on the state secret SM9 is improved. In addition, only the logic level configuration is needed in the KGC, other complex settings such as additional KGC or related auxiliary equipment are not needed, and cost is saved.
In order to further improve the security of the user information of the security authentication system based on the secret SM9, in one embodiment, each of the plurality of private key fragment data P31-P3 n carries a designated data identifier, such as a signature private key identifier, and is stored in a different storage location in the KGC database, and each of the designated data identifiers is associated with each of the storage locations in a one-to-one correspondence and is uniquely mapped and associated with the terminal identifier of the first terminal.
For example, the designated data identifiers carried by the private key fragment data P31-P3 n, such as the signature private key identifiers, may be configured in a customized manner, and the specific form is not limited. The signature private key of the user generated by the KGC in this embodiment may not be stored in the KGC, or may be stored in different storage locations in the KGC database as a plurality of private key fragment data, that is, the plurality of private key fragment data constituting the signature private key are scattered and stored in different storage locations in the KGC database, so that the signature private key of the user is less likely to be obtained by malicious attack detection, and the concealment is better, thereby further reducing the possibility of leakage of the signature private key of the user, and further improving the security of the user information of the security authentication system based on the domestic secret SM 9. In addition, the respective assigned data identifiers of the plurality of private key fragment data are in one-to-one correspondence with the storage positions and are in unique mapping association with the terminal identifier of the first terminal, so that the KGC can conveniently and quickly acquire the private key fragment data in the storage positions based on the terminal identifier of one terminal when processing a signature key request sent by the first terminal, and further the authentication efficiency of the security authentication system based on the SM9 is improved.
On the basis of the foregoing embodiments, in one embodiment, the method may further include the steps of:
step A: and retransmitting the signature private key request to the KGC.
For example, the first terminal 201 may resend the private signing key request to the KGC203 after first sending the private signing key request, which may be triggered by another new data request initiated by the second terminal 202, but is not limited thereto.
And B: and receiving a plurality of private key fragment data which are acquired and returned by the KGC from different storage positions in the KGC database in response to the retransmitted signature private key request.
It can be understood that, since the first terminal 201 has already sent the signature private key request to the KGC for the first time, the KGC has given the corresponding signature private key P3 for the first terminal 201 and divided into a plurality of private key fragment data P31 to P3n to be stored in different storage locations in the database of the KGC203, when the first terminal 201 sends the signature private key request to the KGC again, the KGC does not need to regenerate the signature private key P3 for the first terminal 201, but directly obtains the plurality of private key fragment data, that is, the signature private key P3, from different storage locations in the database of the KGC203, so that the authentication efficiency of the security authentication system based on the secret SM9 can be improved.
In addition, since the SM9 system is asymmetric encryption and is not suitable for large data volume encryption/decryption processing, how to improve the authentication efficiency of the security authentication system based on the secret SM9 becomes an important issue when a large data volume encryption/decryption situation occurs.
Therefore, on the basis of any of the above embodiments, as shown in fig. 3, in an embodiment of the present disclosure, the method may further include the following steps:
step S301: and when the number of the currently received encrypted data requests is determined to be larger than a preset value, generating a first indication message, and sending the first indication message to the KGC, wherein the first indication message indicates the KGC to generate a specified key.
For example, the preset value may be set by a user, and is not limited in this respect. The first terminal may receive a plurality of encrypted data requests initiated by a plurality of second terminals, where each encrypted data request is used to request the first terminal to obtain corresponding data and instruct the first terminal to encrypt the data and transmit the encrypted data to the corresponding second terminal. Generally, the data encryption/decryption process based on the secret SM9 includes processes of key encapsulation, key exchange, data encryption and the like, and the specific process can be understood by referring to the prior art. The process is relatively complex, and when the number of the plurality of encrypted data requests initiated by the plurality of second terminals is larger than a preset value, that is, when a large data volume encryption/decryption situation is encountered, the authentication efficiency of the security authentication system based on the secret SM9 is reduced. Therefore, in this embodiment, the first terminal generates a first indication message M1 at this time, and sends the first indication message M1 to the KGC, where the first indication message M1 indicates that the KGC generates a specified key P4. The specified key P4 generated by KGC may be different from the above-mentioned private signature key and master key, such as the public signature master key.
Step S302: and generating a second random number and a second indication message, and sending the second random number and the second indication message to the second terminal, wherein the second indication message indicates the second terminal to obtain the specified key from the KGC, and encrypts the second random number based on the specified key to obtain a first encrypted random number.
For example, the first terminal may further generate a second random number R2 and a second indication message M2, send the second random number R2 and a second indication message M2 to the second terminal 202, where the second indication message M2 indicates that the second terminal 202 obtains the specified key P4 from the KGC203, and encrypts the second random number R2 based on the specified key P4 to obtain a first encrypted random number R2'.
Step S303: and acquiring the specified secret key from the KGC, and encrypting the second random number 2 locally based on the specified secret key to obtain a second encrypted random number.
Illustratively, the first terminal 201 also obtains the specified key P4 from the KGC203, and encrypts the second random number R2 locally based on the specified key P4 to obtain a second encrypted random number R2 ″.
Step S304: and receiving the first encrypted random number sent by the second terminal, comparing whether the first encrypted random number is the same as the second encrypted random number, if so, successfully authenticating, and directly returning encryption request data to the second terminal.
Illustratively, the second terminal 202 obtains the specified key P4 from the KGC203, and encrypts the second random number R2 based on the specified key P4 to obtain a first encrypted random number R2 ', and then sends the first encrypted random number R2 ' to the first terminal 201, where the first terminal 201 compares whether the first encrypted random number R2 ' is the same as the second encrypted random number R2 ″, if so, the authentication is successful, and directly returns encrypted request data to the second terminal 202, where the encrypted request data is data corresponding to an encrypted data request initiated by the second terminal 202 on the first terminal 201.
In this embodiment, when the security authentication system based on the secret SM9 meets a large data volume encryption condition, the temporary fast authentication mode may be started, that is, the first terminal, the KGC and a part of the second terminals in the plurality of second terminals cooperate to instruct the KGC to generate a specific secret key, and then based on the specific secret key generated by the KGC, the first terminal and the part of the second terminals encrypt the second random numbers generated by the first terminal respectively to obtain two encrypted random numbers and compare whether the two encrypted random numbers are the same to complete fast authentication, so that when the large data volume encryption condition is met, the temporary fast authentication mode is started to improve the authentication efficiency of the security authentication system based on the secret SM9, and meanwhile, the implementation scheme of this embodiment is simple and convenient, and the implementation cost is low.
In one embodiment, the designated key P4 is generated by the KGC based on the signer master public key P2, the terminal identification ID of the first terminal, and the terminal identification ID of the second terminal. Therefore, the uniqueness of the specified key P4 can be ensured, the accuracy of the authentication result of the rapid authentication mode is prevented from being reduced due to malicious tampering, and the accuracy of the authentication result of the rapid authentication mode is improved.
In one embodiment, the first data request carries a terminal identifier of the second terminal and face feature information of a user initiating the first data request, and the method may further include: the signature data are encrypted to obtain encrypted data based on an SM9 encryption algorithm, the terminal identification of the second terminal and the face feature information of the user initiating the first data request, the encrypted data are sent to the second terminal, so that the second terminal decrypts the encrypted data to obtain the signature data based on an SM9 decryption algorithm, the terminal identification of the second terminal and the face feature information of the user initiating the first data request, and signature verification is performed on the signature data based on the terminal identification of the first terminal.
It will be appreciated that the encryption/decryption process based on the SM9 encryption/decryption algorithm can be understood with reference to the prior art. In the embodiment, an SM9 encryption/decryption algorithm is adopted, signature data are encrypted based on combined information containing face feature information, and then the encrypted data are transmitted so that a receiving end can decrypt and verify the signature.
In one embodiment, the first terminal and the second terminal are terminals of the internet of things. The internet of things generally has security risks of network attack type diversification, no security protection standard, high possibility of intercepting or cracking data and the like. Therefore, when the first terminal and the second terminal are terminals of the internet of things, the scheme of each embodiment of the disclosure can be applied to the field of the internet of things, and the safety of user information between the terminals of the internet of things is improved.
It should be noted that although the various steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that these steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc. Additionally, it will also be readily appreciated that the steps may be performed synchronously or asynchronously, e.g., among multiple modules/processes/threads.
As shown in fig. 4, an embodiment of the present disclosure provides a security authentication system based on a secret SM9, which is applied to a first terminal, and the system includes:
a request response module 401, configured to, in response to receiving a first data request initiated by a second terminal, obtain first data and generate a private signature key request, where the private signature key request and the first data at least carry a terminal identifier of the first terminal;
a data transceiver module 402, configured to send the private signature key request to a key generation center KGC, and receive a master public signature key and multiple private key fragment data returned by the KGC in response to the private signature key request; the plurality of pieces of private key data are used for combining to form a signature private key, the signature private key is generated by the KGC based on a terminal identifier of the first terminal and a signature master private key, the signature master private key is determined by a first random number generated by the KGC, and the signature master public key is generated by the KGC based on the signature master private key and system parameters;
a data signature module 403, configured to generate a private signature key based on the multiple private key fragment data, and perform signature processing on the first data based on the private signature key and the public signature master key to obtain signature data;
a data sending module 404, configured to send the signature data to the second terminal, so that the second terminal performs signature verification based on the terminal identifier of the first terminal, thereby authenticating a source of the first data.
In an embodiment, the plurality of private key fragment data each carry a specific data identifier and are stored in different storage locations in the KGC database, and each specific data identifier is associated with each storage location in a one-to-one correspondence manner and is associated with a unique mapping manner of the terminal identifier of the first terminal.
In one embodiment, the data transceiver module 402 is further configured to resend the request for the private signing key to the KGC; and receiving the plurality of private key fragment data which are acquired and returned by the KGC from different storage positions in the KGC database in response to the retransmitted signing private key request.
In one embodiment, the system may further comprise a data authentication module to: when the number of the currently received encrypted data requests is determined to be larger than a preset value, generating a first indication message, and sending the first indication message to the KGC, wherein the first indication message indicates the KGC to generate a specified secret key; generating a second random number and a second indication message, and sending the second random number and the second indication message to the second terminal, where the second indication message indicates the second terminal to obtain the specified key from the KGC, and encrypt the second random number based on the specified key to obtain a first encrypted random number; acquiring the appointed secret key from the KGC, and encrypting the second random number locally based on the appointed secret key to obtain a second encrypted random number; receiving the first encrypted random number sent by the second terminal, comparing whether the first encrypted random number is the same as the second encrypted random number, if so, successfully authenticating, and enabling the data sending module 404 to directly return the encryption request data to the second terminal.
In one embodiment, the specified key is generated by the KGC based on the signature master public key, the terminal identity of the first terminal, and the terminal identity of the second terminal.
In one embodiment, the first data request carries a terminal identifier of the second terminal and face feature information of a user who initiated the first data request, and the system further includes a data encryption module configured to: the signature data are encrypted to obtain encrypted data based on an SM9 encryption algorithm, the terminal identification of the second terminal and the face feature information of the user initiating the first data request, the encrypted data are sent to the second terminal, so that the second terminal decrypts the encrypted data to obtain the signature data based on an SM9 decryption algorithm, the terminal identification of the second terminal and the face feature information of the user initiating the first data request, and signature verification is performed on the signature data based on the terminal identification of the first terminal.
In one embodiment, the first terminal and the second terminal are internet of things terminals.
With regard to the system in the above embodiment, the specific manner in which each module performs operations and the corresponding technical effects have been described in detail in the embodiment related to the method, and will not be described in detail herein.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units. The components shown as modules or units may or may not be physical units, i.e. may be located in one place or may also be distributed over a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the wood-disclosed scheme. One of ordinary skill in the art can understand and implement it without inventive effort.
The disclosed embodiment also provides a computer readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the security authentication method based on the secret SM9 described in any one of the above embodiments is implemented.
By way of example, and not limitation, such readable storage media can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Embodiments of the present disclosure also provide an electronic device including a processor and a memory for storing a computer program. Wherein the processor is configured to perform the security authentication method based on the secret SM9 in any one of the above embodiments via execution of the computer program.
An electronic device 600 according to this embodiment of the invention is described below with reference to fig. 5. The electronic device 600 shown in fig. 5 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 5, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: at least one processing unit 610, at least one storage unit 620, a bus 630 that connects the various system components (including the storage unit 620 and the processing unit 610), a display unit 640, and the like.
Wherein the storage unit stores program code executable by the processing unit 610 to cause the processing unit 610 to perform steps according to various exemplary embodiments of the present invention as described in the above-mentioned method embodiment section of the present specification. For example, the processing unit 610 may perform the steps of the method as shown in fig. 1.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM) 6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 630 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. The network adapter 660 may communicate with the other modules of the electronic device 600 via the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the steps of the security authentication method based on the secret SM9 according to the above-mentioned embodiments of the present disclosure.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (9)

1. A security authentication method based on a secret SM9 is applied to a first terminal, and is characterized by comprising the following steps:
responding to a first data request initiated by a second terminal, acquiring first data and generating a signature private key request, wherein the signature private key request and the first data at least carry a terminal identifier of the first terminal;
sending the signature private key request to a key generation center KGC, and receiving a signature master public key and a plurality of private key fragment data returned by the KGC in response to the signature private key request; the plurality of pieces of private key data are used for combining to form a signature private key, the signature private key is generated by the KGC based on a terminal identifier of the first terminal and a signature master private key, the signature master private key is determined by a first random number generated by the KGC, and the signature master public key is generated by the KGC based on the signature master private key and system parameters;
generating a signature private key based on the plurality of private key fragment data, and performing signature processing on the first data based on the signature private key and the signature master public key to obtain signature data;
sending the signature data to the second terminal so that the second terminal performs signature verification based on the terminal identification of the first terminal to authenticate the source of the first data;
when the number of the currently received encrypted data requests is determined to be larger than a preset value, generating a first indication message, and sending the first indication message to the KGC, wherein the first indication message indicates the KGC to generate a specified secret key; generating a second random number and a second indication message, and sending the second random number and the second indication message to the second terminal, where the second indication message indicates the second terminal to obtain the specified key from the KGC, and encrypt the second random number based on the specified key to obtain a first encrypted random number; acquiring the appointed secret key from the KGC, and encrypting the second random number locally based on the appointed secret key to obtain a second encrypted random number; and receiving the first encrypted random number sent by the second terminal, comparing whether the first encrypted random number is the same as the second encrypted random number, if so, successfully authenticating, and directly returning encryption request data to the second terminal.
2. The method according to claim 1, wherein each of the plurality of private key fragment data carries a specific data identifier and is stored in a different storage location in the KGC database, and each of the specific data identifiers is associated with each of the storage locations in a one-to-one correspondence and is uniquely mapped and associated with the terminal identifier of the first terminal.
3. The method of claim 2, further comprising:
resending the signature private key request to the KGC;
and receiving the plurality of private key fragment data which are acquired and returned by the KGC from different storage positions in the KGC database in response to the retransmitted signing private key request.
4. The method of claim 1, wherein the specified key is generated by the KGC based on the signer public key, a terminal identity of the first terminal, and a terminal identity of the second terminal.
5. The method of claim 4, wherein the first data request carries a terminal identifier of the second terminal and facial feature information of a user who initiated the first data request, the method further comprising:
the signature data are encrypted to obtain encrypted data based on an SM9 encryption algorithm, the terminal identification of the second terminal and the face feature information of the user initiating the first data request, the encrypted data are sent to the second terminal, so that the second terminal decrypts the encrypted data to obtain the signature data based on an SM9 decryption algorithm, the terminal identification of the second terminal and the face feature information of the user initiating the first data request, and signature verification is performed on the signature data based on the terminal identification of the first terminal.
6. The method of claim 5, wherein the first terminal and the second terminal are Internet of things terminals.
7. A security authentication system based on a secret SM9 is applied to a first terminal, and is characterized by comprising:
the request response module is used for responding to a first data request initiated by a second terminal, acquiring first data and generating a signature private key request, wherein the signature private key request and the first data at least carry a terminal identifier of the first terminal;
the data receiving and sending module is used for sending the signature private key request to a key generation center KGC and receiving a signature master public key and a plurality of private key fragment data returned by the KGC in response to the signature private key request; the plurality of pieces of private key data are used for combining to form a signature private key, the signature private key is generated by the KGC based on a terminal identifier of the first terminal and a signature master private key, the signature master private key is determined by a first random number generated by the KGC, and the signature master public key is generated by the KGC based on the signature master private key and system parameters;
the data signature module is used for generating a signature private key based on the plurality of private key fragment data and carrying out signature processing on the first data based on the signature private key and the signature master public key to obtain signature data;
the data sending module is used for sending the signature data to the second terminal so that the second terminal can carry out signature verification based on the terminal identification of the first terminal to authenticate the source of the first data;
the data authentication module is configured to generate a first indication message when it is determined that the number of the currently received encrypted data requests is greater than a preset value, and send the first indication message to the KGC, where the first indication message indicates the KGC to generate an assigned key; generating a second random number and a second indication message, and sending the second random number and the second indication message to the second terminal, where the second indication message indicates the second terminal to obtain the specified key from the KGC, and encrypt the second random number based on the specified key to obtain a first encrypted random number; acquiring the specified secret key from the KGC, and locally encrypting the second random number based on the specified secret key to obtain a second encrypted random number; and receiving the first encrypted random number sent by the second terminal, comparing whether the first encrypted random number is the same as the second encrypted random number, if so, successfully authenticating, and enabling the data sending module to directly return encrypted request data to the second terminal.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the security authentication method according to any of claims 1 to 6 based on a secret SM 9.
9. An electronic device, comprising:
a processor; and
a memory for storing a computer program;
wherein the processor is configured to perform the security authentication method based on the secret SM9 of any of claims 1-6 via execution of the computer program.
CN202210611039.1A 2022-06-01 2022-06-01 Security authentication method and system based on SM9 secret Active CN114697046B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210611039.1A CN114697046B (en) 2022-06-01 2022-06-01 Security authentication method and system based on SM9 secret

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210611039.1A CN114697046B (en) 2022-06-01 2022-06-01 Security authentication method and system based on SM9 secret

Publications (2)

Publication Number Publication Date
CN114697046A CN114697046A (en) 2022-07-01
CN114697046B true CN114697046B (en) 2022-09-30

Family

ID=82131327

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210611039.1A Active CN114697046B (en) 2022-06-01 2022-06-01 Security authentication method and system based on SM9 secret

Country Status (1)

Country Link
CN (1) CN114697046B (en)

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873307A (en) * 2010-03-19 2010-10-27 上海交通大学 Digital signature method, device and system based on identity forward secrecy
CN106899413B (en) * 2017-04-07 2020-05-08 深圳奥联信息安全技术有限公司 Digital signature verification method and system
CN107438005B (en) * 2017-06-21 2020-01-14 深圳奥联信息安全技术有限公司 SM9 joint digital signature method and device
CN107135080B (en) * 2017-07-06 2019-09-27 深圳奥联信息安全技术有限公司 SM9 decryption method and device
US11516658B2 (en) * 2018-07-03 2022-11-29 Board Of Regents, The University Of Texas System Efficient and secure distributed signing protocol for mobile devices in wireless networks
CN108809658B (en) * 2018-07-20 2021-06-01 武汉大学 SM 2-based identity base digital signature method and system
CN111404672B (en) * 2019-01-02 2023-05-09 ***通信有限公司研究院 Quantum key distribution method and device
CN110830242A (en) * 2019-10-16 2020-02-21 聚好看科技股份有限公司 Key generation and management method and server
CN111490871A (en) * 2020-03-13 2020-08-04 南京南瑞国盾量子技术有限公司 SM9 key authentication method and system based on quantum key cloud and storage medium
CN112511311A (en) * 2020-11-20 2021-03-16 兰州交通大学 Encryption threshold signature method based on confusion technology
CN112511566B (en) * 2021-02-02 2022-08-26 北京信安世纪科技股份有限公司 SM9 algorithm certificateless mechanism signature key generation method, equipment and storage medium
CN113346992B (en) * 2021-05-27 2022-06-28 淮阴工学院 Identity-based multi-proxy signature method and device for protecting private key

Also Published As

Publication number Publication date
CN114697046A (en) 2022-07-01

Similar Documents

Publication Publication Date Title
CN111740828B (en) Key generation method, device and equipment and encryption and decryption method
CN110535628B (en) Method and device for performing multi-party security calculation through certificate signing and issuing
JP6797828B2 (en) Cloud-based cryptographic machine key injection methods, devices, and systems
CN101828357B (en) Credential provisioning method and device
US11930103B2 (en) Method, user device, management device, storage medium and computer program product for key management
CN101483518B (en) Customer digital certificate private key management method and system
CN111010410A (en) Mimicry defense system based on certificate identity authentication and certificate signing and issuing method
CN109510708A (en) A kind of public key cryptography calculation method and system based on Intel SGX mechanism
CN104580250A (en) System and method for authenticating credible identities on basis of safety chips
CN110177099B (en) Data exchange method, transmitting terminal and medium based on asymmetric encryption technology
JP2010514000A (en) Method for securely storing program state data in an electronic device
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN112487380A (en) Data interaction method, device, equipment and medium
CN111654503A (en) Remote control method, device, equipment and storage medium
CN115664655A (en) TEE credibility authentication method, device, equipment and medium
CN111859314A (en) SM2 encryption method, system, terminal and storage medium based on encryption software
CN103856463A (en) Lightweight directory access protocol realizing method and device based on key exchange protocol
CN114697046B (en) Security authentication method and system based on SM9 secret
CN115333732A (en) Anti-cloning structure and method for Internet of things equipment
CN115150098A (en) Identity authentication method based on challenge response mechanism and related equipment
CN109842490B (en) Digital signature generating/transmitting/verifying method, terminal and computer storage medium
JP2011250335A (en) Efficient mutual authentication method, program, and device
CN109104393B (en) Identity authentication method, device and system
CN105187213A (en) Method for ensuring computer information security
Yoon et al. Security enhancement scheme for mobile device using H/W cryptographic module

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant