Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Single sign-on authentication method based on inadvertent pseudo-random function and signcryption

A pseudo-random function and single sign-on technology, applied in the field of information security, can solve the problems of not being able to provide anti-KCI attack properties, increasing deployment costs, and not being able to be deployed independently

Active Publication Date: 2020-02-11
XIDIAN UNIV
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the focus of SPA is to implement authentication rather than authenticated key exchange, which means that the security guarantee of subsequent sessions relies on existing encryption infrastructure, such as the secure channel protocol SSL or TLS, that is, SPA cannot be deployed independently, thus increasing the The complexity of solution deployment increases deployment costs, and SPA only implements one-way authentication from users to SPs, so it cannot provide the ability to resist KCI attacks
[0007] To sum up, the problems existing in the existing technology are: either the scheme has a password verifier, and the adversary can easily implement offline dictionary attacks and insider attacks; or the scheme does not implement two-way authentication and key agreement, relying on encryption foundations such as TLS / SSL Facilities cannot be deployed independently; or the solution cannot provide properties against KCI attacks
[0014] In short, the difficulty of SSO protocol design lies in how to combine the password with the private key to prevent brute force cracking. For example, the AUMA scheme, which calculates the password and private key through a simple hash calculation to obtain a derivative value, and stores the derivative value in a file that can be cracked by the adversary. In the smart card, it is very easy to lead to offline dictionary guessing attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Single sign-on authentication method based on inadvertent pseudo-random function and signcryption
  • Single sign-on authentication method based on inadvertent pseudo-random function and signcryption
  • Single sign-on authentication method based on inadvertent pseudo-random function and signcryption

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0094] In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the examples. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0095] For the existing technology or the existence of password verifiers, the adversary can easily implement offline dictionary attacks and insider attacks; or do not implement two-way authentication and key agreement, rely on encryption infrastructure such as TLS / SSL, and cannot be independently deployed; or cannot provide anti- The attribute of KCI attack, the present invention solves the above problem by combining OPRF and signcryption scheme. The specific process includes that the user and the SP complete the registration at the KGA, obtain the sign-secret private key required for the authentication phase, and in order...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of information security, and discloses a single sign-on (SSO) authentication system and method based on an inadvertent pseudorandom function (OPRF) and signcryption. The single sign-on authentication method includes a system initialization parameter stage, a user / service provider (SP) registration stage, an information retrieval stage and a user and SPbidirectional authentication stage. According to the invention, the OPRF and the signcryption scheme are combined, i.e., the OPRF value is obtained by blinding the password of the user through the OPRF and is used for encrypting the signcryption private key of the user, and the ciphertext is stored in the storage provider end. Before login, the user recovers the OPRF value and decrypts the retrieved ciphertext to obtain the signcryption private key, thereby realizing bidirectional authentication with the SP. The invention provides a security enhancement function for password leakage threats, an SP does not store a password or a password derivative value, a client accidentally leaks the password, and an enemy cannot counterfeit the password as the SP to deceive a user. According to the invention, common attacks in an SSO authentication system can be resisted and bidirectional authentication can be completed efficiently.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a single sign-on authentication system and method based on inadvertent pseudo-random function and signcryption. Background technique [0002] At present, new services emerge one after another on the Internet, giving birth to a variety of service providers, providing a wealth of network services in the fields of entertainment, commerce, transportation, and medical care. However, network attacks widely exist in open communication channels, so how to ensure the legitimacy of the identity of the communication entity, realize secure data access control, and ensure the availability of services at the same time has become one of the severe challenges facing the current multi-service provider network environment . [0003] Lamport proposed a password-based authentication protocol suitable for client / server architecture to achieve identity authentication between ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/06H04L9/08H04L29/06
CPCH04L9/0861H04L9/0838H04L9/0869H04L9/0894H04L9/0643H04L9/0866H04L63/0815H04L63/0869
Inventor 姜奇张玲王金花张欣马建峰马卓杨力马鑫迪张俊伟李兴华
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com