CN115473652A - Identity authentication method - Google Patents

Identity authentication method Download PDF

Info

Publication number
CN115473652A
CN115473652A CN202211026010.3A CN202211026010A CN115473652A CN 115473652 A CN115473652 A CN 115473652A CN 202211026010 A CN202211026010 A CN 202211026010A CN 115473652 A CN115473652 A CN 115473652A
Authority
CN
China
Prior art keywords
parameter
verification
user
ccb
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211026010.3A
Other languages
Chinese (zh)
Other versions
CN115473652B (en
Inventor
徐省华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Polytechnic Normal University
Original Assignee
Guangdong Polytechnic Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Polytechnic Normal University filed Critical Guangdong Polytechnic Normal University
Priority to CN202211026010.3A priority Critical patent/CN115473652B/en
Publication of CN115473652A publication Critical patent/CN115473652A/en
Application granted granted Critical
Publication of CN115473652B publication Critical patent/CN115473652B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application belongs to the technical field of identity authentication and discloses an identity authentication method, which comprises the following steps: server obtains user U i Input identification ID i Password PW i And biometric information BIO i And obtain user U i Smart card of (2) original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i }; wherein Ccb (X, Y) is an operation rule of a cross-combination bit algorithm, and the cross-combination bit algorithm is an algorithm for performing bit operation based on hamming weight of the encrypted information. The method and the device can achieve the effects of reducing the calculated amount and ensuring the safety.

Description

Identity authentication method
Technical Field
The present application relates to the field of identity verification technologies, and in particular, to an identity authentication method.
Background
The authentication is also called as authentication or authorization, which means that the user identity is confirmed by a certain means. There are many methods for authentication, which can be basically divided into: shared key based authentication, biometric based authentication, and public key encryption algorithm based authentication. Different authentication methods have different levels of security, and authentication based on biological characteristics is increasingly used due to the uniqueness of the biological characteristics. However, in the process of identity authentication, the situation that the identity information of the user needs to be sent to the server for verification is often faced, and in order to ensure the safety of the user information, the transmission information needs to be encrypted. Therefore, the prior art has the problems of large calculation amount and insufficient safety.
Disclosure of Invention
The application provides an identity authentication method which can reduce the calculation amount and ensure the authentication safety.
The embodiment of the application provides an identity authentication method, which comprises the following steps:
server acquires user U i Input identification ID i Password PW i And biometric information BIO i And obtain user U i Smart card of (2) original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i }; wherein E is i 、F i And G i Are all encryption parameters, r i For user U i Writing a random number of the smart card; ccb (X, Y) is an operation rule of a cross-combination bit algorithm, which is an algorithm for performing bit operation based on hamming weight of the encryption information;
the server identifies the ID according to the identity i Password PW i Biological characteristic information BIO i And original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i Obtaining a verification parameter F' through calculation of a cross combination bit algorithm i And comparing the verification parameters F ″ i And an encryption parameter F i Whether the two are consistent; at verification parameter F ″ i And an encryption parameter F i When the two are consistent, the user U is judged i The login is successful;
at user U i When the login is successful, the intelligent card generates a random number x, and an encryption parameter I is obtained through a cross combination bit algorithm according to a first preset rule 1 Encryption parameter H i And an encryption parameter I 2 And generates a first set of parameter information { I 1 ,H i ,I 2 ,G i Sending the data to a server; the server stores a server identity ID j And a server key K RC_S
The server is based on the server key K RC_S And a first set of parameter information { I 1 ,H i ,I 2 ,G i Calculating by cross-combination bit algorithm to obtain verification parameter I ″ 2 And comparing the verification parameter I ″ 2 And encryption parameter I 2 Whether the two are consistent; at verification parameter I ″ 2 And encryption parameter I 2 When the two are consistent, the user U is judged i Passing the first verification;
at user U i When the first verification is passed, the server generates a random number y, and a first interaction key K is obtained through a cross combination bit algorithm according to a second preset rule S_U Encryption parameter I 3 And an encryption parameter I 4 And generates a second set of parameter information { ID j ,I 3 ,I 4 Sending the data to the smart card;
the smart card identifies ID according to random number x and ID i And a second set of parameter information { ID } j ,I 3 ,I 4 Calculating by cross-combination bit algorithm to obtain verification parameter I ″ 4 And comparing the verification parameters I ″) 4 And encryption parameter I 4 Whether the two are consistent; at verification parameter I ″ 4 And encryption parameter I 4 When the two are consistent, the user U is judged i Passing the second verification;
at user U i When the second verification is passed, the smart card obtains an encryption parameter N through a cross combination bit algorithm according to a third preset rule, and sends the encryption parameter N to the server;
the server is based on the first interaction key K S_U Calculating with the random number y through a cross combination bit algorithm to obtain a verification parameter N ', and comparing whether the verification parameter N' is consistent with the encryption parameter N; when the verification parameter N' is consistent with the encryption parameter N, the user U is judged i And passing the identity authentication.
In one embodiment, the server identifies the ID based on the identity i Password PW i Biological characteristic information BIO i And original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i Calculating by cross-combination bit algorithm to obtain verification parameter F ″ i Comprises that:
The server is based on the random number r i And an identity ID i Calculating to obtain verification parameter A i =Ccb(ID i ,r i ) And according to the password PW i And biometric information BIO i Calculating to obtain a verification parameter B i =Ccb(PW i ,BIO i );
According to the verification parameter B i And an encryption parameter E i Calculating to obtain verification parameters
Figure BDA0003815816510000021
According to the verification parameter A i And a verification parameter D ″ i Calculating to obtain verification parameters
Figure BDA0003815816510000022
In one embodiment, the server is based on a server key K RC_S And a first set of parameter information { I 1 ,H i ,I 2 ,G i Calculating by cross-combination bit algorithm to obtain verification parameter I ″ 2 The method comprises the following steps:
the server is based on the encryption parameter G i And a server key K RC_S Calculating to obtain verification parameters
Figure BDA0003815816510000023
The verification parameter C is processed i Divided into a left part C i_L And a right part C i_R Calculating to obtain a verification parameter D ″) i =Ccb(C` i_L ,C` i_R );
According to the verification parameter D i And encryption parameter I 1 Calculating to obtain verification random number
Figure BDA0003815816510000024
According to the verification random number x' and the verification parameter D ″ i And an encryption parameter H i Calculating to obtain the verification identity
Figure BDA0003815816510000025
Figure BDA0003815816510000026
According to the ID i Verifying random number x' and encryption parameter G i Calculating to obtain verification parameters
Figure BDA0003815816510000027
Figure BDA0003815816510000028
In one embodiment, the smart card identifies the smart card based on the random number x, the identification ID i And a second set of parameter information { ID j ,I 3 ,I 4 Calculating by cross-combination bit algorithm to obtain verification parameter I ″ 4 The method comprises the following steps:
the smart card identifies ID according to random number x and identity i And an encryption parameter I 3 Calculating to obtain verification random number
Figure BDA0003815816510000031
According to the verification random number y' and the server identity ID j Calculating to obtain verification parameter I 4 =Ccb(ID j ,y`)。
In one embodiment, the first preset rule includes:
Figure BDA0003815816510000032
and
Figure BDA0003815816510000033
wherein, D' is i_L And D i_R Respectively as verification parameters D i A left portion and a right portion of (a);
the second preset rule includes:
Figure BDA0003815816510000034
and I 4 =Ccb(ID j ,y);
The third preset rule includes:
second interaction key
Figure BDA0003815816510000035
Wherein, y L Is the left part of the random number y, y R To the right of the random number y.
In one embodiment, user U is obtained at the server i Input identification ID i Password PW i And biometric information BIO i Previously, the method further comprises:
the server sends a registration request to the registration center and receives a server key K sent by the registration center when the registration is successful RC_S
And, user U i Inputting the set ID at the terminal i Password PW i And biometric information BIO i And write a random number r i The terminal carries out identity identification ID through a cross combination bit algorithm according to a fourth preset rule i Password PW i Biological characteristic information BIO i And a random number r i Calculating to obtain an encryption parameter A i And an encryption parameter B i And generates a set of registration parameter information { ID i ,A i ,B i Sending the data to a registration center;
the registry verifies the identity ID i Whether it is unique; and identify ID in the identity i When the uniqueness exists, the user U is judged i If the registration is successful, the master key K and the server key K of the registration center are subjected to cross combination bit algorithm according to a fifth preset rule RC_S ID, ID i Encryption parameter A i And an encryption parameter B i Calculating to obtain an encryption parameter E i Encryption parameter F i And an encryption parameter G i And encrypt the parameter E i Encryption parameter F i Encryption parameter G i And cross-combining bitWriting the operation rule of the algorithm into the smart card;
the smart card also receives the user U i Written random number r i So that the smart card stores the original parameter information set { E } i ,F i ,G i ,Ccb(X,Y),r i }。
In one embodiment, the fourth preset rule includes: a. The i =Ccb(ID i ,r i ) And B i =Ccb(PW i ,BIO i );
The fifth preset rule includes: c i =Ccb(ID i ,K)、D i =Ccb(C i_L ,C i_R )、
Figure BDA0003815816510000036
And
Figure BDA0003815816510000037
wherein, C i And D i Are all encryption parameters, K is the master key of the registry, C i_L For encrypting the parameter C i Left part of (2), C i_R For encrypting the parameter C i The right part of (a).
In one embodiment, the method further comprises:
server verifying parameter F ″ i And an encryption parameter F i When the two are inconsistent, the user U is judged i The login fails, and the user U is informed i Performing second login; and (c) a second step of,
at user U i When the continuous times of login failure reach the threshold value, the user U is selected i The smart card is locked so that the smart card cannot perform login operation any more.
In one embodiment, in user U i After the login is successful, the method further comprises the following steps:
the server receives the user U i New password PW of input new And based on the new password PW new Updating encryption parameter E stored in smart card i
Wherein the encryption parameters
Figure BDA0003815816510000041
In one embodiment, the cross-binning algorithm is formulated as: z = Ccb (X, Y);
x, Y, Z is a binary string with length of L bits, H (X) represents the hamming weight of binary string X, and H (Y) represents the hamming weight of binary string Y;
the operation rule of the cross combination bit algorithm comprises the following steps:
when H (X) is more than or equal to H (Y), sequentially combining the right H (Y) bit of the binary string X and the left H (X) bit of the binary string Y to obtain a binary string; if H (X) + H (Y) is more than or equal to L, cutting off the right (H (X) + H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bit; if H (X) + H (Y) < L, (L- (H (X) + H (Y)) 0 s are complemented on the left side of the binary string to obtain a binary string Z with L bits;
when H (X) < H (Y), taking the left H (Y) bit of the binary string X and the right H (X) bit of the binary string Y to be combined in a reverse order to obtain a binary string; if H (X) + H (Y) is more than or equal to L, cutting off the left (H (X) + H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bit; if H (X) + H (Y) < L, (L- (H (X) + H (Y)) 0 s are complemented on the right side of the binary string to obtain a binary string Z with L bits in length.
In summary, compared with the prior art, the beneficial effects brought by the technical scheme provided by the embodiment of the application at least include:
the identity authentication method can be used in a single-server environment and a multi-server environment, and has a wider application range; the method uses the cross combination bit algorithm of bitwise operation to realize the encryption processing of the transmitted information, thus reducing the calculation amount; the cross combination bit algorithm is an algorithm for performing bit operation based on the Hamming weight of the encryption information, so that the inherent Hamming weight of the encryption information can be utilized in the encryption process, the parameter introduction can be reduced, and the third party cracking difficulty can be increased; the method can ensure the authentication safety and reduce the calculated amount in the identity authentication process.
Drawings
Fig. 1 is a flowchart of an identity authentication method according to an exemplary embodiment of the present application.
FIG. 2 is a diagram illustrating an exemplary operation of a cross-combine bit algorithm according to an exemplary embodiment of the present application.
FIG. 3 is a diagram of another example of a cross-binning arithmetic operation as provided in an exemplary embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the present application provides an identity authentication method, please refer to fig. 1, which can be applied in a single server environment or a multi-server environment, and has a wider application range. The method specifically comprises the following steps:
step S1, the server obtains a user U i Input identification ID i Password PW i And biometric information BIO i And obtain user U i Smart card of (2) original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i }。
Wherein, the user U i The user with the serial number of i is a positive integer value; e i 、F i And G i For a plurality of encryption parameters pre-stored in the smart card, r i For the user U i Writing a random number of the smart card; ccb (X, Y) is a cross-combination bit operator, which refers to the operation rule of the cross-combination bit algorithm, and the cross-combination bit algorithm is an algorithm for performing bit operation based on hamming weight of the encrypted information; biometric information BIO i May be information of the retina, fingerprint, DNA, etc. of the user.
In particular, byHousehold U i The intelligent card is inserted into a card reader corresponding to the server, and the server acquires a user U through the card reader i Input identification ID i Password PW i And biometric information BIO i And obtaining the user U through the card reader i Smart card of (2) original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i }。
S2, the server identifies the ID according to the identity i Password PW i And biometric information BIO i And original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i Calculating by cross-combination bit algorithm to obtain verification parameter F ″ i And comparing the verification parameters F i And an encryption parameter F i Whether the two are consistent; at verification parameter F ″ i And an encryption parameter F i When the two are consistent, the user U is judged i The login is successful.
In particular, the verification parameters F' are compared i And an encryption parameter F i Is of size F ″, i.e., the size of i =F i User U i By log-in authentication, i.e. user U i The login is successful.
In some embodiments of this embodiment, the server identifies the ID based on the identity i Password PW i Biological characteristic information BIO i And original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i Calculating by cross-combination bit algorithm to obtain verification parameter F ″ i The method specifically comprises the following steps:
the server is based on the random number r i And an identity ID i Calculating to obtain verification parameter A i =Ccb(ID i ,r i ) And according to the password PW i And biometric information BIO i Calculating to obtain a verification parameter B i =Ccb(PW i ,BIO i );
According to the verification parameter B i And encryption parameter E i Calculating to obtain verification parameters
Figure BDA0003815816510000051
According to the verification parameter A i And a verification parameter D ″ i Calculating to obtain verification parameters
Figure BDA0003815816510000052
Wherein,
Figure BDA0003815816510000061
is an XOR operator; ccb (X, Y) is the cross-combine bit operator.
Step S3, in user U i When login is successful, the smart card generates a random number x, and an encryption parameter I is obtained through a cross combination bit algorithm according to a first preset rule 1 Encryption parameter H i And an encryption parameter I 2 And generates a first set of parameter information { I } 1 ,H i ,I 2 ,G i Sending the data to a server; the server stores a server identity ID j And a server key K RC_S
In some embodiments of this embodiment, the first preset rule includes:
Figure BDA0003815816510000062
Figure BDA0003815816510000063
and
Figure BDA0003815816510000064
wherein, D' is i_L And D i_R Respectively as verification parameters D i Left and right portions of (a).
S4, the server sends the server key K RC_S And a first set of parameter information { I 1 ,H i ,I 2 ,G i Calculating by cross-combination bit algorithm to obtain verification parameter I ″ 2 And comparing the verification parameter I ″ 2 And encryption parameter I 2 Whether the two are consistent; at verification parameter I ″ 2 And encryption parameter I 2 When the two are consistent, the user U is judged i Passing the first verification.
In particular, the verification parameter I' is compared 2 And encryption parameter I 2 The size of (2).
If I- 2 ≠I 2 Indicate user U i Failing the first verification by the server, the authentication process terminates.
If I- 2 =I 2 Indicate user U i The authentication process continues with a first verification by the server.
In some implementations of this embodiment, the server bases on the server key K RC_S And a first set of parameter information { I 1 ,H i ,I 2 ,G i Calculating by cross-combination bit algorithm to obtain verification parameter I ″ 2 The method comprises the following steps:
the server is based on the encryption parameter G i And a server key K RC_S Calculating to obtain verification parameters
Figure BDA0003815816510000065
The verification parameter C is processed i Divided into a left part C i_L And a right part C i_R Calculating to obtain a verification parameter D ″) i =Ccb(C` i_L ,C` i_R );
According to the verification parameter D i And an encryption parameter I 1 Calculating to obtain verification random number
Figure BDA0003815816510000066
According to the verification random number x' and the verification parameter D ″ i And an encryption parameter H i Calculating to obtain the verification identity
Figure BDA0003815816510000067
Figure BDA0003815816510000068
Based on the ID i Verifying random number x' and encryption parameter G i Calculating to obtain verification parameters
Figure BDA0003815816510000069
Figure BDA00038158165100000610
Step S5, in user U i When the first verification is passed, the server generates a random number y, and a first interaction key K is obtained through a cross combination bit algorithm according to a second preset rule S_U Encryption parameter I 3 And encryption parameter I 4 And generates a second set of parameter information { ID j ,I 3 ,I 4 It sends it to the smart card.
In some embodiments of this embodiment, the second preset rule includes:
Figure BDA00038158165100000611
Figure BDA00038158165100000612
and I 4 =Ccb(ID j ,y);
S6, the smart card identifies the ID according to the random number x i And a second set of parameter information { ID j ,I 3 ,I 4 Calculating by cross-combination bit algorithm to obtain verification parameter I ″ 4 And comparing the verification parameter I ″ 4 And encryption parameter I 4 Whether the two are consistent; at verification parameter I ″ 4 And encryption parameter I 4 When the two are consistent, the user U is judged i Passing the second verification.
In particular, the verification parameters I' are compared 4 And encryption parameter I 4 The size of (2).
If I 4 ≠I 4 The server can not pass through the user U i The authentication process terminates.
If I- 4 =I 4 The server passes through the user U i And the authentication process continues.
In some embodiments of this embodiment, the smart card identifies the smart card based on the random number x and the identification ID i And a second set of parameter information { ID j ,I 3 ,I 4 Calculating by cross-combination bit algorithm to obtain verification parameter I ″ 4 The method comprises the following steps:
the smart card identifies ID according to random number x and ID i And an encryption parameter I 3 Calculating to obtain verification random number
Figure BDA0003815816510000071
According to the verification random number y' and the server identity ID j Calculating to obtain verification parameter I 4 =Ccb(ID j ,y`)。
Step S7, in user U i And when the second verification is passed, the intelligent card obtains an encryption parameter N through a cross combination bit algorithm according to a third preset rule, and sends the encryption parameter N to the server.
In some embodiments of this embodiment, the third preset rule includes:
second interaction key
Figure BDA0003815816510000072
Wherein, y L Is the left part of the random number y, y R To the right of the random number y.
Step S8, the server according to the first interactive key K S_U Calculating with the random number y through a cross combination bit algorithm to obtain a verification parameter N ', and comparing whether the verification parameter N' is consistent with the encryption parameter N; when the verification parameter N' is consistent with the encryption parameter N, the user U is judged i And passing the identity authentication.
Specifically, the size of the verification parameter N' is compared with the size of the received encryption parameter N.
If N ≠ N, user U i Fails to pass the server S j The protocol stops.
If N' = N, user U i By server S j Indicates the user U i For legitimate users, the server S can be freely used j The resource(s).
The identity authentication method provided by the embodiment can be used in a single-server environment and a multi-server environment, and has a wider application range; the method uses the cross combination bit algorithm of bitwise operation to realize the encryption processing of the transmitted information, thereby reducing the calculation amount; the cross combination bit algorithm is an algorithm for performing bit operation based on the Hamming weight of the encryption information, so that the inherent Hamming weight of the encryption information can be utilized in the encryption process, the parameter introduction can be reduced, and the third party cracking difficulty can be increased; the method can reduce the calculation amount in the identity authentication process and improve the authentication safety.
Based on the above embodiment, the formula of the cross-bit combination algorithm is as follows: z = Ccb (X, Y);
x, Y, Z are all binary strings with length of L bits, H (X) represents Hamming weight of binary string X, and H (Y) represents Hamming weight of binary string Y;
the operation rule of the cross combination bit algorithm comprises the following steps:
when H (X) is more than or equal to H (Y), sequentially combining the right H (Y) bit of the binary string X and the left H (X) bit of the binary string Y to obtain a binary string; if H (X) + H (Y) is more than or equal to L, cutting off the right (H (X) + H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bits; if H (X) + H (Y) < L, (L- (H (X) + H (Y)) 0 s are complemented on the left side of the binary string to obtain a binary string Z with L bits;
when H (X) < H (Y), taking the left H (Y) bit of the binary string X and the right H (X) bit of the binary string Y to be combined in a reverse order to obtain a binary string; if H (X) + H (Y) is more than or equal to L, cutting off the left (H (X) + H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bit; if H (X) + H (Y) < L, (L- (H (X) + H (Y)) 0 s are complemented on the right side of the binary string to obtain a binary string Z with L bits in length.
For a better understanding of the cross-bin bit algorithm, please see the following example:
as shown in fig. 2, when L =12, X =101101111101, and Y =010110000110 are taken, H (X) =9 and H (Y) =5 can be obtained, and H (X) ≧ H (Y) is satisfied, so Z can be obtained 0 =11101010110000. H (X) + H (Y) =14 is greater than L =12, so that H (X) + H (Y) ≧ L is satisfied, and the system is based on crossoverDefinition of cross-bit algorithm, requires truncation of binary string Z 0 To the right of the binary string Z = Ccb (X, Y) =111010101100.
As shown in fig. 3, when L =12, X =010110000110, and Y =101101111100 are taken, H (X) =5 and H (Y) =8 can be obtained, and it can be seen that H (X) < H (Y) is satisfied, and Z can be obtained 0 =1110001011000. Because H (X) + H (Y) =13 is greater than L =12, satisfying H (X) + H (Y) ≧ L, according to the definition of the cross-bit combination algorithm, the binary string Z needs to be truncated 0 The left 1 bit of the binary string Z = Ccb (X, Y) =110001011000 is finally obtained.
The identity authentication method provided by the embodiment adopts the cross-combination bit algorithm for performing the bit operation based on the hamming weight of the encrypted information, has the advantages of small calculation amount and high calculation efficiency of the bit operation, can also perform encryption by using the inherent hamming weight of the encrypted information, can reduce the introduction of parameters, and can increase the cracking difficulty of a third party, thereby achieving the effects of reducing the calculation amount and improving the safety.
In some embodiments, before step S1, the server and the user may be registered separately before performing the identity authentication. The method further comprises the following steps:
a server registration step:
the server sends a registration request to the registration center and receives a server key K sent by the registration center when the registration is successful RC_S
Wherein the server key K RC_S Is a key between the registry and the server.
Specifically, the server sends a registration request to a registration center, wherein the registration request comprises registration information input by the server;
wherein, the registration information may contain the server identity ID j
The registration center checks whether the registration information has uniqueness;
if the registration information has uniqueness, the registration center uses the server secret key K RC_S Sending the data to a server;
and if the registration information does not have uniqueness, informing the server of re-inputting the registration information until the registration information input by the server has uniqueness.
Since the above method can be used under a single server or under multiple servers, the registration center can receive registration requests of one or more servers and register for the servers respectively.
And a user registration step, specifically comprising the steps of:
user U i Inputting the set ID at the terminal i Password PW i And biometric information BIO i And write a random number r i The terminal carries out identity identification ID through a cross combination bit algorithm according to a fourth preset rule i Password PW i Biological characteristic information BIO i And a random number r i Calculating to obtain an encryption parameter A i And an encryption parameter B i And generates a set of registration parameter information { ID i ,A i ,B i And sending the result to a registration center.
Wherein, the random number r i Can be selected random number in the user registration process, and the random number r is implemented in concrete i May be a password set by the user; the fourth preset rule includes: a. The i =Ccb(ID i ,r i ) And B i =Ccb(PW i ,BIO i );
The registry verifies the identity ID i Whether it is unique; and identify ID in the identity i When the uniqueness exists, the user U is judged i After the registration is successful, the master key K and the server key K of the registration center are subjected to cross combination bit algorithm according to a fifth preset rule RC_S ID, ID i Encryption parameter A i And an encryption parameter B i Calculating to obtain an encryption parameter E i Encryption parameter F i And an encryption parameter G i And encrypt the parameter E i Encryption parameter F i Encryption parameter G i And writing the operation rule of the cross combination bit algorithm into the intelligent card.
In some embodiments of the present embodiment of the present invention,the fifth preset rule includes: c i =Ccb(ID i ,K)、D i =Ccb(C i_L ,C i_R )、
Figure BDA0003815816510000091
And
Figure BDA0003815816510000092
wherein, C i And D i Are all encryption parameters, K is the master key of the registry, C i_L For encrypting the parameter C i Left part of (2), C i_R For encrypting the parameter C i The right part of (a).
The terminal is generally a terminal device required for authentication, such as a registration host, a bank counter, and the like.
The smart card also receives the user U i Written random number r i So that the smart card stores the original parameter information set { E } i ,F i ,G i ,Ccb(X,Y),r i }。
The embodiment can encrypt the transmission information by adopting a cross combination bit algorithm in the user registration process, so that the information of other users is encrypted information when interacting with the registration center except the user identity identifier, and the safety of the user information is further ensured.
In some embodiments, the method further comprises:
server verifying parameter F ″ i And an encryption parameter F i When the user U is inconsistent with the user U, judging the user U i The login fails, and the user U is informed i Carrying out second login; and, at the user U i When the continuous times of login failure reach a threshold value, the user U is set i The smart card is locked so that the smart card cannot perform login operation any more.
Wherein, the threshold value can be 3-5 times and can be preset according to actual needs; when the smart card is locked, the user needs to hold the smart card and go to the registration center to unlock the smart card.
The embodiment can remind the user of logging in again when the user fails to log in, and lock the smart card when the number of times of continuous login failures of the user exceeds a threshold value, so that the smart card can not be logged in any more, and the situation that the smart card is stolen is prevented.
In some embodiments, to modify the password, the password is modified at user U i After the login is successful, the method further comprises:
the server receives the user U i New password PW of input new And based on the new password PW new Updating encryption parameter E stored in smart card i
Wherein, the encryption parameter E i =E new
Figure BDA0003815816510000101
Specifically, after the password modification is completed, the user can take out the smart card.
In the embodiment, the user can modify the password after logging in, and the modified password is immediately encrypted and stored, so that the safety in the password modifying process is ensured.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. An identity authentication method, the method comprising:
server obtains user U i Input identification ID i Password PW i And biometric information BIO i And acquire user U i Smart card of (2) original parameter information set { E i ,F i ,G i ,Ccb(X,Y),r i }; wherein E is i 、F i And G i Are all encryption parameters, r i For the user U i Writing a random number of the smart card; ccb (X, Y) is an operation rule of a cross-combination bit algorithm, which is an algorithm for performing bit operation based on hamming weight of encryption information;
the server identifies the ID according to the identity i The password PW i The biological characteristic information BIO i And the original parameter information set { E } i ,F i ,G i ,C cb (X,Y),r i Obtaining a verification parameter F' through the calculation of the cross combination bit algorithm i And comparing the verification parameters F ″) i And an encryption parameter F i Whether the two are consistent; at the verification parameter F ″ i With said encryptionParameter F i When the user U is consistent with the user U, the user U is judged i The login is successful;
at the user U i When login is successful, the smart card generates a random number x, and an encryption parameter I is obtained through the cross combination bit algorithm according to a first preset rule 1 Encryption parameter H i And an encryption parameter I 2 And generates a first set of parameter information { I 1 ,H i ,I 2 ,G i Sending the data to the server; the server stores a server identity ID j And a server key K RC_S
The server according to the server key K RC_S And said first set of parameter information { I } 1 ,H i ,I 2 ,G i Calculating by the cross-combination bit algorithm to obtain a verification parameter I ″) 2 And comparing the verification parameter I ″ 2 And the encryption parameter I 2 Whether the two are consistent; at the verification parameter I ″) 2 And the encryption parameter I 2 When the user U is consistent with the user U, the user U is judged i Passing the first verification;
at the user U i When the first verification is passed, the server generates a random number y, and a first interaction key K is obtained through the cross combination bit algorithm according to a second preset rule S_U Encryption parameter I 3 And encryption parameter I 4 And generates a second set of parameter information { ID j ,I 3 ,I 4 Sending the data to the smart card;
the smart card identifies the ID according to the random number x and the ID i And the second parameter information set { ID j ,I 3 ,I 4 Calculating by the cross-combination bit algorithm to obtain a verification parameter I ″) 4 And comparing the verification parameters I ″) 4 And the encryption parameter I 4 Whether the two are consistent; at the verification parameter I ″) 4 With said encryption parameter I 4 When the user U is consistent with the user U, the user U is judged i Passing the second verification;
at the user U i When the verification passes the second verification, the intelligent card is obtained through the cross combination bit algorithm according to a third preset ruleEncrypting a parameter N and sending the encrypted parameter N to the server;
the server is used for exchanging the key K according to the first exchange key K S_U Calculating by the cross combination bit algorithm with the random number y to obtain a verification parameter N ', and comparing whether the verification parameter N' is consistent with the encryption parameter N; when the verification parameter N' is consistent with the encryption parameter N, the user U is judged i And passing the identity authentication.
2. The method of claim 1, wherein the server identifies the ID based on the identity i The password PW i The biological characteristic information BIO i And the original parameter information set { E } i ,F i ,G i ,Ccb(X,Y),r i Obtaining a verification parameter F' through the calculation of the cross combination bit algorithm i The method comprises the following steps:
the server is based on the random number r i And the identity ID i Calculating to obtain verification parameter A i =Ccb(ID i ,r i ) And according to the password PW i And the biometric information BIO i Calculating to obtain verification parameter B i =Ccb(PW i ,BIO i );
According to the verification parameter B ″) i And an encryption parameter E i Calculating to obtain a verification parameter D i =E i ⊕B` i
According to the verification parameter A i And the verification parameter D i Calculating to obtain a verification parameter F i =D` i ⊕A` i
3. Method according to claim 2, characterized in that the server is based on the server key K RC_S And the first set of parameter information { I 1 ,H i ,I 2 ,G i Calculating by the cross-combination bit algorithm to obtain a verification parameter I ″) 2 The method comprises the following steps:
the server is used for encrypting the data according to the encryption parameter G i And said serviceSecret key K of device RC_S Calculating to obtain a verification parameter C i =K RC_S ⊕G i
The verification parameter C' is processed i Divided into a left part C i_L And a right part C i_R Calculating to obtain a verification parameter D ″) i =Ccb(C` i_L ,C` i_R );
According to the verification parameter D i And said encryption parameter I 1 Calculating to obtain verification random number x '= Ccb (D') i_L ,D`` i_R )⊕I 1
According to the verification random number x' and the verification parameter D ″ i And said encryption parameter H i Calculating to obtain ID i =Ccb(D`` i ,x`)⊕H i
According to the ID i The verification random number x' and the encryption parameter G i Calculating to obtain verification parameter I 2 =Ccb(ID` i ⊕x`,G i )。
4. Method according to claim 3, characterized in that said smart card is based on said random number x, said identification ID i And the second parameter information set { ID j ,I 3 ,I 4 Calculating by the cross-combination bit algorithm to obtain a verification parameter I ″) 4 The method comprises the following steps:
the smart card identifies the ID according to the random number x and the ID i And the encryption parameter I 3 Calculating to obtain a verification random number y' = Ccb (ID) i ,x)⊕I 3
According to the verification random number y' and the server identity ID j Calculating to obtain verification parameter I 4 =Ccb(ID j ,y`)。
5. The method of claim 4, wherein:
the first preset rule comprises:
I 1 =Ccb(D` i_L ,D` i_R )⊕x、H i =Ccb(D` i ,x)⊕ID i and I 2 =Ccb(ID i ⊕x,G i );
Wherein, D' is i_L And D i_R Respectively as verification parameters D i A left portion and a right portion of (d);
the second preset rule comprises:
K S_U =Ccb(ID i ⊕y,ID j ⊕x)、I 3 =Ccb(ID i x) y and I 4 =Ccb(ID j ,y);
The third preset rule comprises:
second interaction key K U_S =Ccb(ID i ⊕y,ID j ⊕x),N=Ccb(y L ,y R )⊕K U_S
Wherein, y L Is the left part of the random number y, y R To the right of the random number y.
6. The method of claim 1, wherein obtaining the user U at the server i Input identification ID i Password PW i And biometric information BIO i Previously, the method further comprises:
the server sends a registration request to a registration center and receives a server key K sent by the registration center when the registration is successful RC_S
And, the user U i Inputting the set ID at the terminal i Password PW i And biometric information BIO i And write a random number r i The terminal carries out the cross combination bit algorithm on the identity ID according to a fourth preset rule i The password PW i The biometric information BIO i And the random number r i Calculating to obtain an encryption parameter A i And an encryption parameter B i And generates a registration parameter information set { ID } i ,A i ,B i Sending the data to the registration center;
the registry verifies the identity ID i Whether or not to have the soleThe first property; and in the identity ID i When the user U has uniqueness, the user U is judged i After the registration is successful, the master key K and the server key K of the registration center are subjected to cross combination bit algorithm according to a fifth preset rule RC_S The identity ID i The encryption parameter A i And the encryption parameter B i Calculating to obtain an encryption parameter E i Encryption parameter F i And an encryption parameter G i And the encryption parameter E is used i The encryption parameter F i The encryption parameter G i Writing the operation rule of the cross combination bit algorithm into the smart card;
the smart card also receives the user U i Written random number r i So that the smart card stores the original parameter information set { E } i ,F i ,G i ,Ccb(X,Y),r i }。
7. The method of claim 6, wherein:
the fourth preset rule includes: a. The i =Ccb(ID i ,r i ) And B 0i =Ccb(PW i ,BIO i );
The fifth preset rule includes: c i =Ccb(ID i ,K)、D i =Ccb(C i_L ,C i_R )、E i =D i ⊕B i 、F i =D i ⊕A i And G i =K RC_S ⊕C i (ii) a Wherein, C i And D i Are all encryption parameters, K is the master key of the registry, C i_L For encrypting the parameter C i Left part of (2), C i_R For encrypting the parameter C i The right part of (a).
8. The method of claim 1, further comprising:
the server verifies the parameter F ″ i And an encryption parameter F i When the user U is inconsistent with the user U, judging the user U i Failure of loginNotify the user of U i Performing second login; and the number of the first and second groups,
at the user U i When the continuous times of login failure reach a threshold value, the user U is selected i The smart card is locked so that the smart card cannot perform login operation any more.
9. The method of claim 1, wherein the user U is a subscriber U i After the login is successful, the method further comprises the following steps:
the server receives the user U i New password PW of input new And based on the new password PW new Updating the encryption parameter E stored in the smart card i
Wherein, the encryption parameter E i =E new ,E new =E i ⊕Ccb(PW i ,BIO i )⊕Ccb(PW new ,BIO i )。
10. The method of any of claims 1 to 9, wherein the cross-binning algorithm is formulated as: z = Ccb (X, Y);
x, Y, Z are all binary strings with length of L bits, H (X) represents Hamming weight of binary string X, and H (Y) represents Hamming weight of binary string Y;
the operation rule of the cross combination bit algorithm comprises the following steps:
when H (X) is more than or equal to H (Y), sequentially combining the right H (Y) bit of the binary string X and the left H (X) bit of the binary string Y to obtain a binary string; if H (X) + H (Y) is more than or equal to L, cutting off the right (H (X) + H (Y) -L) bit of the binary string to obtain a binary string Z with the length of L bit; if H (X) + H (Y) < L, (L- (H (X) + H (Y)) 0 s are complemented on the left side of the binary string, so that a binary string Z with L bits in length is obtained;
when H (X) < H (Y), taking the left H (Y) bit of the binary string X and the right H (X) bit of the binary string Y to be combined in a reverse order to obtain a binary string; if H (X) + H (Y) is more than or equal to L, cutting off the left (H (X) + H (Y) -L) bit of the binary string to obtain a binary string Z with L bits; if H (X) + H (Y) < L, (L- (H (X) + H (Y)) 0 s are complemented on the right side of the binary string, resulting in a binary string Z of length L bits.
CN202211026010.3A 2022-08-25 2022-08-25 Identity authentication method Active CN115473652B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211026010.3A CN115473652B (en) 2022-08-25 2022-08-25 Identity authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211026010.3A CN115473652B (en) 2022-08-25 2022-08-25 Identity authentication method

Publications (2)

Publication Number Publication Date
CN115473652A true CN115473652A (en) 2022-12-13
CN115473652B CN115473652B (en) 2023-05-16

Family

ID=84369445

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211026010.3A Active CN115473652B (en) 2022-08-25 2022-08-25 Identity authentication method

Country Status (1)

Country Link
CN (1) CN115473652B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103346887A (en) * 2013-07-02 2013-10-09 山东科技大学 Low-complexity identity authentication method based on intelligent card and under multiserver environment
CN109274683A (en) * 2018-10-30 2019-01-25 国网安徽省电力有限公司信息通信分公司 A kind of combined crosswise Verification System and its authentication method
US20200076588A1 (en) * 2017-05-22 2020-03-05 Fnsvalue Co., Ltd. Security authentication system for generating secure key by combining multi-user authentication elements and security authentication method therefor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103346887A (en) * 2013-07-02 2013-10-09 山东科技大学 Low-complexity identity authentication method based on intelligent card and under multiserver environment
US20200076588A1 (en) * 2017-05-22 2020-03-05 Fnsvalue Co., Ltd. Security authentication system for generating secure key by combining multi-user authentication elements and security authentication method therefor
CN109274683A (en) * 2018-10-30 2019-01-25 国网安徽省电力有限公司信息通信分公司 A kind of combined crosswise Verification System and its authentication method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
王彩芬;乔慧;李亚红;刘超;陈丽;: "改进的三因素相互认证与密钥协商方案" *
王彩芬;乔慧;李亚红;刘超;陈丽;: "改进的三因素相互认证与密钥协商方案", 计算机应用研究 *

Also Published As

Publication number Publication date
CN115473652B (en) 2023-05-16

Similar Documents

Publication Publication Date Title
US6073237A (en) Tamper resistant method and apparatus
CN108616504B (en) Sensor node identity authentication system and method based on Internet of things
CN116112184A (en) Secure dynamic threshold signature scheme employing trusted hardware
CN105743638B (en) Method based on B/S architecture system client authorization certifications
CN117097466A (en) Computer-implemented system and method for providing a decentralised protocol for retrieving encrypted assets
KR20200012845A (en) Progressive Key Encryption Algorithm
US8788836B1 (en) Method and apparatus for providing identity claim validation
CN107925581A (en) 1:N organism authentications, encryption, signature system
CN107426235B (en) Authority authentication method, device and system based on equipment fingerprint
CN107920052B (en) Encryption method and intelligent device
CN110138548B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and DH protocol
US11783044B2 (en) Endpoint authentication based on boot-time binding of multiple components
CN114049121B (en) Block chain based account resetting method and equipment
US20030221109A1 (en) Method of and apparatus for digital signatures
TWI640897B (en) Electronic device with self-protection and anti-cloning capabilities and related method
CN110098925B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number
CN117216740A (en) Digital identity authentication method based on blockchain technology
US20240146525A1 (en) Batch Transfer of Control of Memory Devices over Computer Networks
CN115314228B (en) Unmanned aerial vehicle identity authentication method, device and system
CN115473652A (en) Identity authentication method
US10404719B2 (en) Data verification method
CN110138547B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and serial number
CN110113152B (en) Quantum communication service station key negotiation method and system based on asymmetric key pool pair and digital signature
CN116783593A (en) Server system for controlling memory devices via a computer network
CN113987446A (en) Authentication method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant