Password verification method and device based on zero knowledge proof and electronic equipment

A zero-knowledge proof and password verification technology, applied in the field of password verification methods, devices and electronic equipment based on zero-knowledge proof, can solve the problems of server keys being removed from the database, user information leakage, poor security and other problems

Active Publication Date: 2021-01-08
CHINA CONSTRUCTION BANK
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The most traditional and most commonly used means of verification is password verification. However, the existing method of password verification usually requires the server to perform key comparison, and requires the client to share the key with the authentication center (server) (that is, the client needs to The key is uploaded to the server)
Therefore, the existing password verification method has the risk of user information leakage and poor security; in addition, the server has the risk of the key being out of the warehouse and assumes the responsibility of keeping the key

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Password verification method and device based on zero knowledge proof and electronic equipment
  • Password verification method and device based on zero knowledge proof and electronic equipment
  • Password verification method and device based on zero knowledge proof and electronic equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] The embodiment of this application provides a password verification method based on zero-knowledge proof, which is applied to the client, such as figure 1 As shown, the method may include the following steps:

[0066] Step S101, the client generates a random number k, and maps the random number k to a finite field G to obtain K=k*G;

[0067] Step S102, sending password verification information to the server, the password verification information includes K; the server is used to generate a random number e, and query the first random number based on the client private key pair uploaded when the client sets the password R1 encrypts and calculates A, and uses it to return random numbers e and A to the client;

[0068] Step S103, the client decrypts the received A based on the local key SK1 to obtain R1;

[0069] Step S104, the client concatenates the user password and the first random number R1 to calculate the digest x, then calculates r=k+ex, and sends r to the server;...

Embodiment 2

[0092] The embodiment of this application provides a password verification method based on zero-knowledge proof, which is applied to the server, such as figure 1 As shown, the method may include the following steps:

[0093] Step S201, receiving password verification information sent by the client, the password verification information includes K, and the K is obtained by mapping a random number k generated by the client to a finite field G;

[0094] Step S202, the server generates a random number e, queries the A obtained by encrypting and calculating the random number R1 based on the client private key uploaded when the client sets a password, and returns the random numbers e and A to the client; The client is used to decrypt the received A based on the local key SK1 to obtain R1; the client is also used to concatenate the user password and the first random number R1 to calculate the digest x, and then calculate r=k+ex, and send r to the server;

[0095] Step S203, the ser...

Embodiment 3

[0106] image 3 The password verification device based on zero-knowledge proof provided for the embodiment of this application is applied to the client, wherein the device 30 includes:

[0107] A generating module 301, configured to generate a random number k, and map the random number k onto a finite field G to obtain K=k*G;

[0108] The first sending module 302 is used to send password verification information to the server, and the password verification information includes K; the server is used to generate a random number e, query the client private key uploaded when the client sets the password A obtained by encrypting and calculating the first random number R1 is used to return the random numbers e and A to the client;

[0109] A decryption module 303, configured to decrypt the received A based on the local key SK1 to obtain R1;

[0110] The second sending module 304 is used to concatenate the user password and the first random number R1 to calculate the digest x, then...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a password verification method and device based on zero knowledge proof and electronic equipment, and is applied to the field of password verification, the method comprises thesteps that the advantages of the zero knowledge proof are exerted, information related to an account password is not transmitted in the account password verification process, and a network eavesdropper cannot obtain any information about the account password, User passwords are effectively prevented from being leaked due to network transmission. Furthermore, the replay attack is prevented, and theexistence of the two random numbers not only ensures the verifiability of the password of the mobile user, but also ensures that the password is not disturbed by the replay attack; moreover, the secret factor (mobile user password) encrypted by the client is not transmitted to the background, so that the management difficulty of the server protection key is effectively reduced, password crackingor collision cannot be carried out even if the server storage information is leaked, the server information protection requirement is small, and the password leakage risk does not exist even if the server storage information is separated from the database.

Description

technical field [0001] The present application relates to the technical field of password verification, and in particular, the present application relates to a zero-knowledge proof-based password verification method, device and electronic equipment. Background technique [0002] Before the client can use the service of the server, authentication is required. The most traditional and most commonly used means of verification is password verification. However, the existing method of password verification usually requires the server to perform key comparison, and requires the client to share the key with the authentication center (server) (that is, the client needs to The key is uploaded to the server). Therefore, the existing password verification method has the risk of user information leakage and poor security; in addition, the server has the risk of the key being out of the warehouse and assumes the responsibility of keeping the key. Contents of the invention [0003] Th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08H04L9/32H04L29/06G06F21/31G06F21/45
CPCH04L9/3221H04L9/085H04L9/0869H04L63/0435H04L63/083H04L63/1441G06F21/31G06F21/45
Inventor 何伟明刘丽娟廖敏飞成楚天赖敷君周思彤
Owner CHINA CONSTRUCTION BANK
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap