User-centered multi-factor authentication method for multi-IDP aggregation

An authentication method and multi-factor technology, applied in the field of information security, can solve problems such as inability to track users and inability to interact, and achieve the effect of improving authentication efficiency

Active Publication Date: 2022-08-05
XIDIAN UNIV
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The present invention adopts a user-centered authentication architecture. The user interacts with the IDP to obtain credentials, interacts with the SP to verify the credentials, and interacts with the data registration center to store and retrieve credentials. Except for the user, the other three entities cannot interact. User-centered The architecture ensures that IDP does not participate in the process of verifying credentials, and cannot track the SP accessed by the user, so as to solve the problem that the SP entrusts IDP authentication, and the IDP can track the SP accessed by the user

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User-centered multi-factor authentication method for multi-IDP aggregation
  • User-centered multi-factor authentication method for multi-IDP aggregation
  • User-centered multi-factor authentication method for multi-IDP aggregation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention will be further described below with reference to the accompanying drawings.

[0032] refer to figure 1 The implementation steps of the present invention are further described with the examples.

[0033] The embodiment of the present invention performs identity authentication on a mobile phone user to be authenticated under the condition of two identity providers and three authentication factors.

[0034] Step 1, the data registry generates public parameters and each identity provider's signing key and verification key.

[0035] Step 1.1, using the bilinear mapping rule and the label-based signature algorithm standard, the data registration center will generate 7 public parameters q, p, G respectively. 1 ,G 2 ,g, G T Open, the data registration center transmits the generated identity of each mobile phone user to the user, and each mobile phone user uses its identity to generate a label. The label can be regarded as the alias of the mobile pho...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A user-centered multi-IDP aggregation-oriented multi-factor authentication method is used for solving the problems of user identity privacy and incapability of realizing multi-IDP expandability, and comprises the following specific steps: a data registration center generates a public parameter and a signature key and a verification key of each identity provider IDP; each identity provider IDP issues identity certificates for different authentication factors of the user and stores the identity certificates in the data registration center; according to an authorization strategy of a service provider (SP), the user obtains a certificate from the data registration center; the user aggregates a plurality of certificates into one certificate; a service provider (SP) verifies authentication factors in credentials using zero-knowledge attestation and bilinear mapping techniques. The method has user non-linkability and non-trackability, reduces the calculation overhead of multi-IDP scene authentication, and can be widely applied to high-security-level identity authentication application systems.

Description

technical field [0001] The invention belongs to the technical field of information security, and further relates to a multi-factor authentication method in the technical field of identity authentication, which is user-centered and oriented to the aggregation of multiple identity providers (IDPs). The present invention relies on the remote server to perform identity authentication on the verifier (terminal user), and can be widely used in identity authentication scenarios of multiple IDP scenarios to handle the relationship between terminal user identity and authentication factors. Background technique [0002] Multi-factor authentication refers to the use of password technology combined with two or more different authentication factors to achieve identity authentication, among which authentication factors are classified into three categories, namely secrets (passwords) that people can remember, devices held by people, smart cards, and long-term passwords. key, etc., as well ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L9/40
CPCH04L9/3247H04L9/3231H04L9/3226H04L9/3221H04L63/083H04L63/0861H04L63/0876H04L2463/082
Inventor 姜奇刘怡静杨雪赵贵川
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap