Identity-free three-factor remote user authentication method

An authentication method and technology for remote users, applied in the field of remote user authentication, can solve problems such as reducing user experience and system fault tolerance, and violating three-factor authentication, achieving the effect of untraceability and anonymous login.

Inactive Publication Date: 2016-08-17

UNIV OF ELECTRONIC SCI & TECH OF CHINA

7 Cites 18 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0005] However, in the current remote user authentication scheme based on three factors, the user is required to enter the ...

Abstract

The invention belongs to the field of multi-factor authentication protocols and discloses an identity-free three-factor remote user authentication method. Identity-free three-factor authentication is realized through elliptic curve based public key cryptography. The method includes steps: 1, a server generates a public and private key pair and other public parameters; 2, a user submits registration information to the server, and a registration center returns corresponding data or a smart card; 3, the user inputs a password and biological features and inserts the smart card to calculate registration parameters which are sent to the server, and by corresponding data exchange between the user and the server, authentication and key agreement are realized, and a session key is generated. On the basis of a remote user authentication environment, user authentication can be smoothly realized through the server without identity input; on the basis of three-factor authentication with the password, the smart card and the biological features involved, safety of the method is guaranteed, and all referred attacks can be resisted, and the method is applicable to fields of security, finance and the like high in safety requirement.

Application Domain

Public key for secure communicationUser identity/authority verification

Technology Topic

User authenticationMulti-factor authentication +7

Image

Examples

Experimental program(1)

Example Embodiment

[0029] Specific embodiments of the present invention are described in detail below.

[0030] In step 1, the server initializes the elliptic curve E over the field GF(p) p And generate server private key s and public key PK=sP, select a one-way hash function h(·) and fuzzy extraction function {Gen(·), Rep(·,·)}. Finally, the server publishes the system public parameters p , h(·), Gen(·), Rep(·,·)>.

[0031] In step 2, the following stages are specifically included:

[0032] User U i Just select PW i Instead of selecting a user identity and entering biometric information Bio i , generated by fuzzy extraction function (σ i , θ i ) = Gen(Bio i ), where σ i is the eigenvalue, and θ i for auxiliary strings. Afterwards, the client generates h(σ i ||n b ) and send it to the server as a registration request through a secure channel, where n b is a random number.

[0033] The server receives user U i The registration request h(σ i ||n b ), generate a random number n i , calculate the verification parameter A i =h(h(σ i ||n b)||s||n i ), will i , h(·), p, P, E p Stored in an empty smart card and sent to the user through a secure channel. In addition, the server also needs to maintain in its storage a structure i ||n b ), n i The data table is used for subsequent user authentication.

[0034] After the user gets the smart card, according to the previously selected user password, the authentication parameters in the smart card are kept secret, and the C i =h(n b ||PW i ||h(σ i ||n b )), and Finally, the user will A in the card i Replace with i ,E i.

[0035] In step 3, as in figure 1 As shown, it specifically includes the following stages:

[0036] S101: User U i Enter BIO i and PW i , insert the smart card, calculate σ i =Gen(Bio i , θ i ), C i =h(n b ||PW i ||h(σ i ||n b )) and end up with validation parameters Then, the user generates a random number and calculate P u =n u P and K i =n u PK, parameters required to generate a login request and R 1 =h(DID i ||K i ||A i ||ID s ), and finally the user sends a login request to the server i , R 1 , P u.

[0037] S102: Server S j received < DID i , R 1 , P u After that, calculate K i =sP u And retrieve the user's data item in its store i ||n b ), n i, and calculate A i =h(h(σ i ||n b )||n i ||s) and R 1 =h(DID i ||K i ||A i ||ID s ), compare it with the same parameters contained in the received request, if they are the same, the verification will pass, otherwise the verification will fail. After the verification is passed, a random number is generated and calculate P s =n s P, the session key SK s =h(h(σ i ||n b )||K i ||n s P u ||ID s ||A i ), verify the return parameter R 2 =h(ID s ||h(σ i ||n b )||A i ||SK s ), and return the parameter to the user 2 , P s.

[0038] S103: User U i After receiving the return message, also calculate the session key SK u =h(h(σ i ||n b )||K i ||u i P s ||ID s ||A i ) and the validation return parameter R 2 =H(ID s ||h(σ i ||n b )||A i ||SK u ), and compare it with the parameters contained in the received message, and only when the two are equal can the verification be passed. Then send the final authentication request R to the server 3 =H(ID s ||h(σ i ||n b )||SK u ||A i ) to confirm to the server that both parties generated the same key

[0039] S104: After the server verification is passed, mutual authentication and session key negotiation are completed. Both parties can use the session key to communicate securely.

[0040] In step 4, the following stages are specifically included:

[0041] User U i Enter new biometric Bio i , and use the fuzzy extraction function Calculate the new sent to the server, where is the new random number.

[0042] After the server receives the request, it retrieves and updates the data item corresponding to the user in its storage with the new parameters in the request, and calculates the new authentication parameters and return it to the user.

[0043] After receiving the new parameters, the user encrypts the data with the new password and calculates and and use the new parameter Updating the data in the smart card completes the update.

[0044] The parameters and operation symbols involved in the above authentication method and the description of the figure below are respectively explained as follows:

[0045] u i : user with number i

[0046] S j : server with number j

[0047] ID s : the identifier of the server

[0048] bio i , ID i , PW i : user i's biometrics, username, password

[0049] SK: session key

[0050] n: User or server generated random number

[0051] P, PK: server's public key

[0052] p: large prime number

[0053] s: private key of the server

[0054] h( ): one-way hash function operation

[0055] Gen( ), Rep( , ): biometric fuzzy extraction function

[0056] XOR operation

[0057] ||: concatenated string

[0058] Although the specific embodiments of the present invention have been described above, those skilled in the art should understand that these are only examples, and various changes or modifications can be made to these embodiments without departing from the principles of the present invention. Principle and substance. The scope of the invention is limited only by the appended claims.

PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.