[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112231662A - Registration authentication method and system of two-dimensional code based on SM2 algorithm - Google Patents

Registration authentication method and system of two-dimensional code based on SM2 algorithm Download PDF

Info

Publication number
CN112231662A
CN112231662A CN202011123973.6A CN202011123973A CN112231662A CN 112231662 A CN112231662 A CN 112231662A CN 202011123973 A CN202011123973 A CN 202011123973A CN 112231662 A CN112231662 A CN 112231662A
Authority
CN
China
Prior art keywords
user
dimensional code
information
authentication
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011123973.6A
Other languages
Chinese (zh)
Other versions
CN112231662B (en
Inventor
郁兵斌
赵为强
刘胜平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD
Nanjing Zhongfu Information Technology Co Ltd
Zhongfu Information Co Ltd
Zhongfu Safety Technology Co Ltd
Original Assignee
BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD
Nanjing Zhongfu Information Technology Co Ltd
Zhongfu Information Co Ltd
Zhongfu Safety Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD, Nanjing Zhongfu Information Technology Co Ltd, Zhongfu Information Co Ltd, Zhongfu Safety Technology Co Ltd filed Critical BEIJING ZHONGFU TAIHE TECHNOLOGY DEVELOPMENT CO LTD
Priority to CN202011123973.6A priority Critical patent/CN112231662B/en
Publication of CN112231662A publication Critical patent/CN112231662A/en
Application granted granted Critical
Publication of CN112231662B publication Critical patent/CN112231662B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2117User registration
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a registration authentication method and a system of two-dimensional codes based on SM2 algorithm, the method comprises the following steps: s1, identity registration: the registration and verification of the user identity information are realized through mobile phone software, and the received public key and the user information are jointly generated into a two-dimensional code; s2, software signature: when the software is installed, the special machine uses the corresponding private key to decrypt and authenticate the two-dimensional code, and after the authentication is passed, the software can be signed; s3, login authentication: when logging in, the special machine scans and authenticates the two-dimensional code of the user, and after the authentication is passed, the special machine can log in and execute the corresponding authority on the special machine. Has the advantages that: compared with the traditional authentication mode of the hardware encryption key, the authentication mode of the traditional hardware encryption key is effectively abandoned by adopting the two-dimension code authentication mode, so that the cost of domestic adaptation is effectively reduced, and the efficiency of identity authentication management is also effectively improved.

Description

Registration authentication method and system of two-dimensional code based on SM2 algorithm
Technical Field
The invention relates to the technical field of communication, in particular to a registration authentication method and a registration authentication system of a two-dimensional code based on an SM2 algorithm.
Background
With the rapid development of internet technology and mobile devices, more and more computing devices are linked into the network and exchange a great deal of information and resources, and the security problem is increasingly highlighted. In order to prevent the information data from being accessed by illegal or unauthorized users, remote user identity authentication becomes an important security mechanism in the security core service.
At present, in the security industry, the signature of a domestic special machine on software and the authentication of user identity are realized by hardware encryption keys (keys), and the method needs to use a large number of hardware encryption keys which must be issued by a center, so that the cost of domestic adaptation is greatly increased, and the efficiency of identity authentication management is greatly influenced.
An effective solution to the problems in the related art has not been proposed yet.
Disclosure of Invention
Aiming at the problems in the related art, the invention provides a registration authentication method and a registration authentication system of a two-dimensional code based on an SM2 algorithm, so as to overcome the technical problems in the prior related art.
Therefore, the invention adopts the following specific technical scheme:
according to one aspect of the present invention, there is provided a registration authentication method for a two-dimensional code based on SM2 algorithm, the method comprising the following steps:
s1, identity registration: registering and verifying user identity information through mobile phone software, and generating a two-dimensional code by the received public key and the user information together;
s2, software signature: when the software is installed, the special machine uses the corresponding private key to decrypt and authenticate the two-dimensional code, and after the authentication is passed, the software can be signed;
s3, login authentication: and when logging in, the special machine scans and authenticates the two-dimensional code of the user, and after the authentication is passed, the special machine can log in and execute corresponding authority on the special machine.
Further, the step S1 of registering and verifying the user identity information through the mobile phone software, and generating the two-dimensional code by the received public key and the user information together includes the following steps:
s11, acquiring the identity information and the biological characteristic information of the user through mobile phone software, summarizing the identity information and the biological information of the user and sending the summarized identity information and the biological information to a registration center for registration and verification;
s12, after the registration center passes the audit, sending a public key to the user through an SM2 algorithm, and storing the user information passing the audit to a secret-related intranet database;
s13, the secret intranet database updates the user information to a database of a special machine required to be used by the user;
and S14, after the identity information of the user passes the verification, the mobile phone software generates the data with the public key information and the user identity information into a two-dimensional code.
Further, the biometric information in S11 includes, but is not limited to, at least one of a human face, a fingerprint, a voiceprint, an iris, a hand shape, and a palm print.
Further, the step S12 of encrypting the public key by using the SM2 algorithm further includes the following steps:
s121, generating a random number k belonging to [1, n-1] by using a random number generator;
s122, calculating an elliptic curve point C1 ═ k ] G ═ (x1, y1), and converting the data type of C1 into a bit string, where [ k ] G represents k × G, and G is a base point of the elliptic curve;
s123, calculating an elliptic curve point S ═ h ] PB, if the point S is an infinite point, reporting an error and exiting, wherein the PB is a public key of a user of the decryptor;
s124, calculating an elliptic curve point [ k ] PB as (x2, y2), and converting the data type of the coordinates x2 and y2 into a bit string;
s125, calculating t ═ KDF (x 2/y 2, klen), and if t is all 0 bit string, returning to S121, where klen is bit length of plaintext, KDF (Z, klen) is key derivation function, and x/is concatenation of x and y;
s126, calculating that M is ≦ C2, where M is an exclusive or operation of two bit strings with equal length according to bits;
s127, calculating C3 ═ Hash (x 2/M/y 2), wherein the Hash is a cryptographic Hash function;
s128, output ciphertext C ═ C1/C2/C3.
Further, the corresponding private key in S2 is provided by the registry, and the private key is adapted to the public key received by the mobile phone software, where the private key is used to perform SM2 algorithm decryption on the two-dimensional code information, and authenticate the identity information and the authority of the user.
Further, the decrypting the two-dimensional code information by the SM2 algorithm in S2 specifically includes the following steps:
s201, taking out a bit string C1 from C, converting the data type of C1 into a point on an elliptic curve, verifying whether C1 meets an elliptic curve equation, and if not, reporting an error and exiting;
s202, calculating an elliptic curve point S ═ h ] C1, and if S is an infinite point, reporting an error and exiting; stringing;
s203, calculating t ═ KDF (x 2/y 2, klen), and if t is all 0 bit string, reporting an error and exiting;
s204, extracting the bit string C2 from C, and calculating M ═ C2 ≦ t;
s205, calculate u ═ Hash (x 2/M'/y 2), take out bit string C3 from C, if u! If not, C3, reporting an error and quitting;
s206, outputting a plaintext M'.
Further, the signing the software in S2 includes the following steps:
s211, analyzing an application program folder of the installation software to obtain a plurality of files to be signed;
s212, respectively signing the files to be signed to obtain a plurality of first digest values corresponding to the files to be signed, and forming a digest value combination by the first digest values;
s213, carrying out signature processing on the abstract value combination again to obtain a second abstract value;
s214, encrypting and compressing the second digest value to obtain an application program signature file of the installation software.
Further, the login authentication in S3 includes two types, i.e., an administrator user login authentication and a general user login authentication, where after the administrator user login authentication, the corresponding administrator authority may be executed on the dedicated machine, and after the general user login authentication, the corresponding general user authority may be executed on the dedicated machine.
According to another aspect of the present invention, there is provided a registration authentication system of two-dimensional code based on SM2 algorithm, the system comprising a mobile terminal, a special machine and a website server;
the mobile terminal is used for collecting the identity information and the biological characteristic information of the user and generating two-dimensional code information;
the special machine is used for scanning and decrypting the two-dimensional code generated by the mobile terminal and is also used for executing the user authority;
the website server is used for receiving the collected information of the mobile terminal, registering and auditing, generating a corresponding public key according to the collected information, sending the public key to the mobile terminal of the user, storing the user information passing the auditing into a secret-related intranet database, and updating the user information into a database of a special machine required by the user.
Further, the mobile terminal sends a registration authentication request to the website server through the mobile internet, and the registration authentication request includes the user identity information and the biometric information of the user.
The invention has the beneficial effects that: the invention has the advantages that the authority management of the center to the user is more flexible, convenient and efficient, compared with the traditional authentication mode of the hardware encryption key, the invention not only effectively reduces the cost of domestic adaptation, but also effectively improves the efficiency of identity authentication management.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
Fig. 1 is a flowchart of a registration authentication method of a two-dimensional code based on the SM2 algorithm according to an embodiment of the present invention.
Detailed Description
For further explanation of the various embodiments, the drawings which form a part of the disclosure and which are incorporated in and constitute a part of this specification, illustrate embodiments and, together with the description, serve to explain the principles of operation of the embodiments, and to enable others of ordinary skill in the art to understand the various embodiments and advantages of the invention, and, by reference to these figures, reference is made to the accompanying drawings, which are not to scale and wherein like reference numerals generally refer to like elements.
According to the embodiment of the invention, a registration authentication method and a registration authentication system of a two-dimensional code based on an SM2 algorithm are provided.
Referring to the drawings and the detailed description, the invention is further explained, as shown in fig. 1, according to an embodiment of the invention, there is provided a registration authentication method of a two-dimensional code based on an SM2 algorithm, the method including the following steps:
s1, identity registration: registering and verifying user identity information through mobile phone software, and generating a two-dimensional code by the received public key and the user information together;
wherein, the S1 specifically includes the following steps:
s11, acquiring the identity information and the biological characteristic information of the user through mobile phone software, summarizing the identity information and the biological information of the user and sending the summarized identity information and the biological information to a registration center for registration and verification;
specifically, the biometric information in S11 includes, but is not limited to, at least one of a human face, a fingerprint, a voiceprint, an iris, a hand shape, and a palm print.
S12, after the registration center passes the audit, sending a public key to the user through an SM2 algorithm, and storing the user information passing the audit to a secret-related intranet database;
specifically, the step S12 further includes encrypting the public key by using an SM2 algorithm, and specifically includes the following steps:
s121, generating a random number k belonging to [1, n-1] by using a random number generator;
s122, calculating an elliptic curve point C1 ═ k ] G ═ (x1, y1), and converting the data type of C1 into a bit string, where [ k ] G represents k × G, and G is a base point of the elliptic curve;
s123, calculating an elliptic curve point S ═ h ] PB, if the point S is an infinite point, reporting an error and exiting, wherein the PB is a public key of a user of the decryptor;
s124, calculating an elliptic curve point [ k ] PB as (x2, y2), and converting the data type of the coordinates x2 and y2 into a bit string;
s125, calculating t ═ KDF (x 2/y 2, klen), and if t is all 0 bit string, returning to S121, where klen is bit length of plaintext, KDF (Z, klen) is key derivation function, and x/is concatenation of x and y;
s126, calculating that M is ≦ C2, where M is an exclusive or operation of two bit strings with equal length according to bits;
s127, calculating C3 ═ Hash (x 2/M/y 2), wherein the Hash is a cryptographic Hash function;
s128, output ciphertext C ═ C1/C2/C3.
S13, the secret intranet database updates the user information to a database of a special machine required to be used by the user;
and S14, after the identity information of the user passes the verification, the mobile phone software generates the data with the public key information and the user identity information into a two-dimensional code.
S2, software signature: when the software is installed, the special machine uses the corresponding private key to decrypt and authenticate the two-dimensional code, and after the authentication is passed, the software can be signed; specifically, when a user needs to install software on a special machine, the user needs to sign the software and install the software;
the corresponding private key in the S2 is provided by the registry, and the private key is adapted to the public key received by the mobile phone software, wherein the private key is used for performing SM2 algorithm decryption on the two-dimensional code information, and authenticating the identity information and the authority of the user.
Specifically, the SM2 algorithm decryption of the two-dimensional code information in S2 specifically includes the following steps:
s201, taking out a bit string C1 from C, converting the data type of C1 into a point on an elliptic curve, verifying whether C1 meets an elliptic curve equation, and if not, reporting an error and exiting;
s202, calculating an elliptic curve point S ═ h ] C1, and if S is an infinite point, reporting an error and exiting; stringing;
s203, calculating t ═ KDF (x 2/y 2, klen), and if t is all 0 bit string, reporting an error and exiting;
s204, extracting the bit string C2 from C, and calculating M ═ C2 ≦ t;
s205, calculate u ═ Hash (x 2/M'/y 2), take out bit string C3 from C, if u! If not, C3, reporting an error and quitting;
s206, outputting a plaintext M'.
Specifically, the signing the software in S2 includes the following steps:
s211, analyzing an application program folder of the installation software to obtain a plurality of files to be signed;
s212, respectively signing the files to be signed to obtain a plurality of first digest values corresponding to the files to be signed, and forming a digest value combination by the first digest values;
s213, carrying out signature processing on the abstract value combination again to obtain a second abstract value;
s214, encrypting and compressing the second digest value to obtain an application program signature file of the installation software.
S3, login authentication: and when logging in, the special machine scans and authenticates the two-dimensional code of the user, and after the authentication is passed, the special machine can log in and execute corresponding authority on the special machine.
The login authentication in S3 includes two types, i.e., administrator user login authentication and normal user login authentication, where after the administrator user login authentication, the corresponding administrator permission may be executed on the dedicated machine, and after the normal user login authentication, the corresponding normal user permission may be executed on the dedicated machine.
According to another embodiment of the invention, a registration authentication system of a two-dimensional code based on an SM2 algorithm is provided, which comprises a mobile terminal, a special machine and a website server;
the mobile terminal is used for collecting the identity information and the biological characteristic information of the user and generating two-dimensional code information;
the special machine is used for scanning and decrypting the two-dimensional code generated by the mobile terminal and is also used for executing the user authority;
the website server is used for receiving the collected information of the mobile terminal, registering and auditing, generating a corresponding public key according to the collected information, sending the public key to the mobile terminal of the user, storing the user information passing the auditing into a secret-related intranet database, and updating the user information into a database of a special machine required by the user.
In one embodiment, the mobile terminal sends a registration authentication request to the website server through the mobile internet, and the registration authentication request comprises the user identity information and the biometric information of the user.
In summary, by means of the technical scheme of the invention, the authentication mode of the traditional hardware encryption key is effectively abandoned by adopting the two-dimension code authentication mode, so that the hardware cost is effectively saved, in addition, the hardware encryption key is issued by the center for management, so that the user use and the center management are inconvenient, the invention fully utilizes the advantages of a network big data environment, so that the authority management of the center to the user is more flexible, convenient and efficient, compared with the authentication mode of the traditional hardware encryption key, the invention not only effectively reduces the cost of localization adaptation, but also effectively improves the efficiency of identity authentication management.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (10)

1. A registration authentication method of two-dimensional codes based on SM2 algorithm is characterized by comprising the following steps:
s1, identity registration: registering and verifying user identity information through mobile phone software, and generating a two-dimensional code by the received public key and the user information together;
s2, software signature: when the software is installed, the special machine uses the corresponding private key to decrypt and authenticate the two-dimensional code, and after the authentication is passed, the software can be signed;
s3, login authentication: and when logging in, the special machine scans and authenticates the two-dimensional code of the user, and after the authentication is passed, the special machine can log in and execute corresponding authority on the special machine.
2. The method for registering and authenticating the two-dimensional code based on the SM2 algorithm, according to claim 1, wherein the S1 implements registration and verification of user identity information through mobile phone software, and the step of generating the two-dimensional code by using the received public key and the user information together includes the following steps:
s11, acquiring the identity information and the biological characteristic information of the user through mobile phone software, summarizing the identity information and the biological information of the user and sending the summarized identity information and the biological information to a registration center for registration and verification;
s12, after the registration center passes the audit, sending a public key to the user through an SM2 algorithm, and storing the user information passing the audit to a secret-related intranet database;
s13, the secret intranet database updates the user information to a database of a special machine required to be used by the user;
and S14, after the identity information of the user passes the verification, the mobile phone software generates the data with the public key information and the user identity information into a two-dimensional code.
3. The SM2 algorithm-based two-dimensional code registration authentication method according to claim 2, wherein the biometric information in S11 includes but is not limited to at least one of a human face, a fingerprint, a voiceprint, an iris, a hand shape, and a palm print.
4. The method for registration and authentication of two-dimensional codes based on SM2 algorithm according to claim 2, wherein the step of S12 further includes encrypting the public key by SM2 algorithm, specifically including the steps of:
s121, generating a random number k belonging to [1, n-1] by using a random number generator;
s122, calculating an elliptic curve point C1 ═ k ] G ═ (x1, y1), and converting the data type of C1 into a bit string, where [ k ] G represents k × G, and G is a base point of the elliptic curve;
s123, calculating an elliptic curve point S ═ h ] PB, if the point S is an infinite point, reporting an error and exiting, wherein the PB is a public key of a user of the decryptor;
s124, calculating an elliptic curve point [ k ] PB as (x2, y2), and converting the data type of the coordinates x2 and y2 into a bit string;
s125, calculating t ═ KDF (x 2/y 2, klen), and if t is all 0 bit string, returning to S121, where klen is bit length of plaintext, KDF (Z, klen) is key derivation function, and x/is concatenation of x and y;
s126, calculating that M is ≦ C2, where M is an exclusive or operation of two bit strings with equal length according to bits;
s127, calculating C3 ═ Hash (x 2/M/y 2), wherein the Hash is a cryptographic Hash function;
s128, output ciphertext C ═ C1/C2/C3.
5. The method for registration and authentication of two-dimensional codes based on SM2 algorithm as claimed in claim 1, wherein the corresponding private key in S2 is provided by the registry and is adapted to the public key received by the mobile phone software, wherein the private key is used for SM2 algorithm decryption of the two-dimensional code information to authenticate the identity information and authority of the user.
6. The method of claim 5, wherein the SM2 algorithm-based two-dimensional code registration authentication method specifically includes the following steps of, in the S2, performing SM2 algorithm decryption on the two-dimensional code information:
s201, taking out a bit string C1 from C, converting the data type of C1 into a point on an elliptic curve, verifying whether C1 meets an elliptic curve equation, and if not, reporting an error and exiting;
s202, calculating an elliptic curve point S ═ h ] C1, and if S is an infinite point, reporting an error and exiting; stringing;
s203, calculating t ═ KDF (x 2/y 2, klen), and if t is all 0 bit string, reporting an error and exiting;
s204, extracting the bit string C2 from C, and calculating M ═ C2 ≦ t;
s205, calculate u ═ Hash (x 2/M'/y 2), take out bit string C3 from C, if u! If not, C3, reporting an error and quitting;
s206, outputting a plaintext M'.
7. The SM2 algorithm-based two-dimensional code registration authentication method according to claim 1, wherein the signing of software in S2 comprises the following steps:
s211, analyzing an application program folder of the installation software to obtain a plurality of files to be signed;
s212, respectively signing the files to be signed to obtain a plurality of first digest values corresponding to the files to be signed, and forming a digest value combination by the first digest values;
s213, carrying out signature processing on the abstract value combination again to obtain a second abstract value;
s214, encrypting and compressing the second digest value to obtain an application program signature file of the installation software.
8. The SM2 algorithm-based two-dimensional code registration authentication method according to claim 1, wherein the login authentication in S3 includes both administrator user login authentication and general user login authentication, wherein after the administrator user login authentication, corresponding administrator privileges can be executed on the special machine, and after the general user login authentication, corresponding general user privileges can be executed on the special machine.
9. A registration authentication system of two-dimensional code based on SM2 algorithm to realize the steps of the registration authentication method of two-dimensional code based on SM2 algorithm in any one of claims 1-8, characterized in that the system comprises a mobile terminal, a special machine and a website server;
the mobile terminal is used for collecting the identity information and the biological characteristic information of the user and generating two-dimensional code information;
the special machine is used for scanning and decrypting the two-dimensional code generated by the mobile terminal and is also used for executing the user authority;
the website server is used for receiving the collected information of the mobile terminal, registering and auditing, generating a corresponding public key according to the collected information, sending the public key to the mobile terminal of the user, storing the user information passing the auditing into a secret-related intranet database, and updating the user information into a database of a special machine required by the user.
10. The SM2 algorithm-based two-dimensional code registration authentication system according to claim 9, wherein the mobile terminal sends a registration authentication request to the website server via a mobile internet, and the registration authentication request includes the user identity information and the biometric information of the user.
CN202011123973.6A 2020-10-20 2020-10-20 SM2 algorithm-based two-dimensional code registration authentication method and system Active CN112231662B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011123973.6A CN112231662B (en) 2020-10-20 2020-10-20 SM2 algorithm-based two-dimensional code registration authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011123973.6A CN112231662B (en) 2020-10-20 2020-10-20 SM2 algorithm-based two-dimensional code registration authentication method and system

Publications (2)

Publication Number Publication Date
CN112231662A true CN112231662A (en) 2021-01-15
CN112231662B CN112231662B (en) 2024-02-27

Family

ID=74118069

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011123973.6A Active CN112231662B (en) 2020-10-20 2020-10-20 SM2 algorithm-based two-dimensional code registration authentication method and system

Country Status (1)

Country Link
CN (1) CN112231662B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114266265A (en) * 2021-12-30 2022-04-01 广东中科凯泽信息科技有限公司 Exercise system based on 3D cartoon figure interaction

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878017A (en) * 2015-12-14 2017-06-20 中国电信股份有限公司 Method, user terminal, Website server and system for network ID authentication
CN107612680A (en) * 2017-09-14 2018-01-19 哈尔滨理工大学 A kind of national secret algorithm in mobile network's payment
CN109214146A (en) * 2018-08-10 2019-01-15 北京邮电大学 The endorsement method of application software, sign test method and apparatus
CN111355582A (en) * 2020-03-03 2020-06-30 成都天瑞芯安科技有限公司 Two-party combined signature and decryption method and system based on SM2 algorithm

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878017A (en) * 2015-12-14 2017-06-20 中国电信股份有限公司 Method, user terminal, Website server and system for network ID authentication
CN107612680A (en) * 2017-09-14 2018-01-19 哈尔滨理工大学 A kind of national secret algorithm in mobile network's payment
CN109214146A (en) * 2018-08-10 2019-01-15 北京邮电大学 The endorsement method of application software, sign test method and apparatus
CN111355582A (en) * 2020-03-03 2020-06-30 成都天瑞芯安科技有限公司 Two-party combined signature and decryption method and system based on SM2 algorithm

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114266265A (en) * 2021-12-30 2022-04-01 广东中科凯泽信息科技有限公司 Exercise system based on 3D cartoon figure interaction

Also Published As

Publication number Publication date
CN112231662B (en) 2024-02-27

Similar Documents

Publication Publication Date Title
CN111639361B (en) A block chain key management method, multi-person co-signature method and electronic device
CN110300112B (en) Block chain key hierarchical management method
Xi et al. A fingerprint based bio‐cryptographic security protocol designed for client/server authentication in mobile computing environment
CN104104517B (en) The method and system of disposal password checking
US6959394B1 (en) Splitting knowledge of a password
Zhao et al. A novel mutual authentication scheme for Internet of Things
Huang et al. A generic framework for three-factor authentication: Preserving security and privacy in distributed systems
CN104796265B (en) A kind of Internet of Things identity identifying method based on Bluetooth communication access
CN113067699B (en) Data sharing method and device based on quantum key and computer equipment
Lu et al. A biometrics and smart cards‐based authentication scheme for multi‐server environments
Lin et al. A new strong-password authentication scheme using one-way hash functions
US9325499B1 (en) Message encryption and decryption utilizing low-entropy keys
CN111447214A (en) Method for centralized service of public key and password based on fingerprint identification
CN1717896A (en) Long-term secure digital signatures
CN1808973A (en) USB MMI information security device and its control method
CN101399666A (en) Safety control method and system for digital certificate of file
JP2009529832A (en) Undiscoverable, ie secure data communication using black data
CN1340940A (en) Method for dealing inserted-requested message of business in groups
CN1925393A (en) Point-to-point network identity authenticating method
Giri et al. A novel and efficient session spanning biometric and password based three-factor authentication protocol for consumer USB mass storage devices
CN1922816B (en) One way authentication
US20050210247A1 (en) Method of virtual challenge response authentication
CN112231662B (en) SM2 algorithm-based two-dimensional code registration authentication method and system
Sharma et al. Nonce: Life cycle, issues and challenges in cryptography
CN118074905A (en) A post-quantum secure VOPRF protocol, anonymous token authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant