Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A lightweight anonymous authentication and key agreement method in a multi-server environment

A multi-server, anonymous authentication technology, applied in the field of information security, which can solve the problems of account vulnerability to impersonation attacks, limited computing power, storage capacity and communication capacity, and single function.

Active Publication Date: 2018-10-23
深圳市迅威恒达信息技术有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] (1) Poor scalability
Most multi-factor authentication schemes are basically adapted to a single server environment, that is to say, if a user wants to log in to different servers to obtain different services at the same time, the user needs to register on multiple different servers and remember different usernames and passwords. Login password (users use the same username and password on different servers, and the account is vulnerable to impersonation attacks). Research shows that users on the Internet log in to more than 20 different servers per month on average. A large number of usernames and login passwords bring users It is inconvenient to memorize, store, and manage, and it has caused potential safety hazards
In addition, most of the current multi-factor authentication schemes can only provide two-party identity authentication, which has a single function and cannot provide the key negotiation function, and the application scenarios and scope are limited.
[0004] (2) Low efficiency
The current development trend is that mobile terminal users hold mobile terminals with limited computing power, storage capacity and communication capabilities, including smart phones, Tablets, and PDAs, which cannot complete complex computing tasks.
Therefore, most existing multi-factor authentication technologies cannot be directly migrated to resource-constrained mobile terminals. It is necessary to design additional low-power multi-factor authentication technologies that only involve Hash operations and XOR operations.
[0005] (3) Poor robustness
At present, most multi-factor authentication scheme systems allow users to change their own passwords under appropriate circumstances to prevent offline or online password guessing attacks by opponents, but biological information cannot be adaptively updated dynamically.
But in fact, the biometric information, such as fingerprints, is damaged due to labor during personal registration, and needs to be upgraded to new biometric authentication information. However, the existing multi-factor authentication scheme cannot meet the application requirements and cannot demonstrate the robustness of dynamic update of authentication technology. sex
[0006] (4) Does not provide privacy protection and anonymous services
At present, users basically operate through smart phones, PDAs and other mobile terminals with limited computing power and storage capacity, so most multi-factor authentication technologies based on cryptographic technology are not suitable for direct migration to current mobile terminal users.
[0009] In addition, most of the current multi-factor authentication technologies do not take into account the protection of user anonymity

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A lightweight anonymous authentication and key agreement method in a multi-server environment
  • A lightweight anonymous authentication and key agreement method in a multi-server environment
  • A lightweight anonymous authentication and key agreement method in a multi-server environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] Now as user U 3 to server S 6 Take anonymous authentication and key agreement as an example, the specific method is as follows:

[0039] (1) System establishment and selection of system parameters

[0040] The registration center RC selects the SHA-2 algorithm and the fuzzy extractor according to the security requirements of the system, and makes the SHA-2 algorithm and the fuzzy extractor public, and then writes the SHA-2 algorithm and the Rep(.) algorithm of the fuzzy extractor into the user's smart card In SC, the smart card has certain storage capacity, computing power and the ability to connect to a remote server, such as OR1200, an open source 32-bit processor RISC.

[0041] (2) The server and the user are registered in the registration center RC

[0042] Assume that the server and the user register their real identities in the registration center and become legal members of the system. First, the registration center RC selects a key x with a binary length of l...

Embodiment 2

[0055] In this embodiment, after the server and the user are all registered in the registration center RC in step (2), because the fingerprint of user 3 is accidentally damaged, the password pw needs to be changed 3 and / or biometricsb 3 ,Specific steps are as follows:

[0056] (a) password pw 3 and / or biometricsb 3 Buzz for

[0057] The specific method is: User U 3 Insert user smart card SC into card reader and enter ID 3 、pw 3 , b' 3 , the user smart card SC uses the Rep(.) algorithm of the fuzzy extractor to recover the user U 3 The biological key Rep(Δ 3,b' 3 ) = θ' 3 , and calculate A' 3 = h(pw 3 ||θ′ 3 ), verify F 3 =h(ID 3 ||A' 3 ) is established, if not established, the user smart card SC automatically interrupts the request; if established, the user is prompted to enter a new password and / or biometric information user U 3 Re-collect your own biological information and choose a new password to pass Calculate the user U 3 The new bio-key recalculation...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a lightweight anonymous authentication and key negotiation method in a multi-server environment and belongs to the technical field of information safety. The method is characterized by achieving the anonymous authentication and key negotiation in the multi-server environment by means of the following three steps: (1) building a system and selecting system parameters; (2) registering in a registering center RC by a server and a user; (3) carrying out authentication and key negotiation by the user and a remote server so as to provide subsequent communication session keys. The lightweight anonymous authentication and key negotiation method is applicable to remote authentication of a mobile terminal and servers with low calculation capability, memory space and communication capability; the mobile terminal can log in any server registered by RC through a user name and a password; the server only can authenticate that the user is a valid user and cannot know the specific identity of the user, so that the privacy of the user is protected; the lightweight anonymous authentication and key negotiation method is excellent in expansibility; the two-party negotiation session keys are determined by random numbers Ni1 and Ni2 selected by authenticating for each time by two parties; the independence and the forward and backward security of the session keys are ensured.

Description

technical field [0001] The patent of the present invention belongs to the field of information security technology, specifically, in the multi-service environment of the mobile Internet, a mobile terminal user authenticates and logs in to a remote server based on biometric information and negotiates a subsequent session key to obtain a remote service. Key agreement method. Background technique [0002] Existing remote authentication technologies mainly include authentication technologies based on passwords, authentication technologies based on smart cards, and authentication technologies based on human biological information. Low-entropy passwords are vulnerable to offline guessing attacks. In a multi-server environment, high-entropy passwords are likely to bring difficulties to users in memorization and management. The smart card is easy to be stolen, and the information stored on the smart card is easy to be attacked by side channel technology and leaked inadvertently. B...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0421H04L63/068H04L63/0853H04L63/0861H04L63/1466H04L65/1073
Inventor 李艳平鲁来凤张建中刘小雪聂好好齐艳姣
Owner 深圳市迅威恒达信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products