Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Single sign-on authentication method based on inadvertent pseudo-random function and signcryption

A pseudo-random function and single sign-on technology, applied in the field of information security, can solve problems such as increased deployment costs, offline dictionary guessing attacks, and inability to be deployed independently, so as to reduce the difficulty of identity maintenance, prevent insider attacks, and eliminate potential threats Effect

Active Publication Date: 2022-07-12
XIDIAN UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the focus of SPA is to implement authentication rather than authenticated key exchange, which means that the security guarantee of subsequent sessions relies on existing encryption infrastructure, such as the secure channel protocol SSL or TLS, that is, SPA cannot be deployed independently, thus increasing the The complexity of solution deployment increases deployment costs, and SPA only implements one-way authentication from users to SPs, so it cannot provide the ability to resist KCI attacks
[0007] To sum up, the problems existing in the existing technology are: either the scheme has a password verifier, and the adversary can easily implement offline dictionary attacks and insider attacks; or the scheme does not implement two-way authentication and key agreement, relying on encryption foundations such as TLS / SSL Facilities cannot be deployed independently; or the solution cannot provide properties against KCI attacks
[0014] In short, the difficulty of SSO protocol design lies in how to combine the password with the private key to prevent brute force cracking. For example, the AUMA scheme, which calculates the password and private key through a simple hash calculation to obtain a derivative value, and stores the derivative value in a file that can be cracked by the adversary. In the smart card, it is very easy to lead to offline dictionary guessing attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Single sign-on authentication method based on inadvertent pseudo-random function and signcryption
  • Single sign-on authentication method based on inadvertent pseudo-random function and signcryption
  • Single sign-on authentication method based on inadvertent pseudo-random function and signcryption

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0094] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

[0095] In view of the existing technology or the existence of password validators, the adversary can easily implement offline dictionary attacks and insider attacks; or does not implement two-way authentication and key negotiation, relies on encryption infrastructure such as TLS / SSL, and cannot be deployed independently; The properties of KCI attack, the present invention solves the above problems by combining OPRF and signcryption scheme. The specific process includes the user and SP completing the registration at the KGA, obtaining the signcryption private key required for the authentication stage, and in order t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of information security, and discloses a single sign-on (SSO) authentication system and method based on inadvertent pseudo-random function (OPRF) and signcryption, including system initialization parameter stage, user / service provider (SP) registration stage, information retrieval stage and user and SP two-way authentication stage. The invention combines the OPRF and the signcryption scheme, that is, the user's password is blinded by the OPRF to obtain the OPRF value, which is used to encrypt the user's signcryption private key, and the ciphertext is stored at the storage provider side. Before logging in, the user restores the OPRF value and decrypts the retrieved ciphertext to obtain the signcrypted private key, which realizes two-way authentication with the SP. The invention provides a security enhancement function against the threat of password leakage, the SP does not store the password or the password derivative value, the client accidentally leaks the password, and the adversary cannot pretend to be the SP to deceive the user. The invention can resist common attacks in the SSO authentication system and efficiently complete the two-way authentication.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a single sign-on authentication system and method based on an inadvertent pseudo-random function and signcryption. Background technique [0002] At present, new services emerge in an endless stream on the Internet, giving birth to a variety of service providers, providing rich network services in entertainment, business, transportation, medical and other fields. However, network attacks widely exist in open communication channels, so how to ensure the legitimacy of the identity of the communication entities, implement secure data access control, and at the same time ensure the availability of services, has become one of the severe challenges faced by the current multi-service provider network environment. . [0003] Lamport proposed a password-based authentication protocol suitable for client / server architecture to realize identity authentication between...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/06H04L9/08H04L9/40
CPCH04L9/0861H04L9/0838H04L9/0869H04L9/0894H04L9/0643H04L9/0866H04L63/0815H04L63/0869
Inventor 姜奇张玲王金花张欣马建峰马卓杨力马鑫迪张俊伟李兴华
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com