Authentication method, system, server, and user node

US 8,510,556 B2
Filed: 07/06/2009
Issued: 08/13/2013
Est. Priority Date: 10/29/2007
Status: Active Grant

First Claim

Patent Images

1. An authentication method implemented at a server comprising:

receiving an identifier of a user node from the user node;

selecting a validity period;

calculating a hash value according to an equation v=h(K∥

ID∥

i), where v is the hash value, h is a hash function. K is a server key, ID is the identifier of the user node, and i is the validity period;

generating a user node password according to the identifier of the user node, the hash value, and the validity period, wherein the user node password is calculated using an equation pw=[v]^k, where pw is the user node password, v is the hash value, and k is a numerical exponent;

sending registration information comprising the user node password and the validity period to the user node, wherein the user node calculates a login information parameter according to a random number, the user node password, and a generator point of an algebraic curve, wherein the login information parameter is calculated using an equation R₁=(pw·

r₁)P, wherein R₁is the login information parameter, pw is the user node password, r₁is the random number, and P is the generator point of the algebraic curve, and wherein the user node sends the identifier, the login information parameter, and the validity period to the server as login information;

receiving the login information from the user node, wherein the login information comprises the identifier, the login parameter, and the validity period;

generating a server session key according to the identifier, the login information parameter, and the validity period;

generating at least one session key parameter of the user node according to the generator point of the algebraic curve;

sending the at least one session key parameter of the user node to the user node, wherein the at least one session key parameter of the user node is used by the user node for generating a user node session key after the user node receives the at least one session key parameter of the user node; and

performing mutual authentication with the user node according to the server session key and the user node session key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The embodiments of the present disclosure disclose an authentication method, a system, a server, and a user node are disclosed herein. The method includes: generating, by a server, a server session key according to the identity information, at least one login information parameter, and the validity period included in the login information, generating at least one session key parameter of a user node according to the generator point of the algebraic curve, and sending at least one session key parameter of the user node to the user node; generating, by the user node, a user node session key according to at least one session key parameter of the user node; performing, by the server and the user node, mutual authentication according to the session keys. The authentication solution under the present disclosure is simple and practicable, and is also applicable to authenticating the user node in a grid computing platform.

Citations

17 Claims

1. An authentication method implemented at a server comprising:
- receiving an identifier of a user node from the user node;
  
  selecting a validity period;
  
  calculating a hash value according to an equation v=h(K∥
  
  ID∥
  
  i), where v is the hash value, h is a hash function. K is a server key, ID is the identifier of the user node, and i is the validity period;
  
  generating a user node password according to the identifier of the user node, the hash value, and the validity period, wherein the user node password is calculated using an equation pw=[v]^k, where pw is the user node password, v is the hash value, and k is a numerical exponent;
  
  sending registration information comprising the user node password and the validity period to the user node, wherein the user node calculates a login information parameter according to a random number, the user node password, and a generator point of an algebraic curve, wherein the login information parameter is calculated using an equation R₁=(pw·
  
  r₁)P, wherein R₁is the login information parameter, pw is the user node password, r₁is the random number, and P is the generator point of the algebraic curve, and wherein the user node sends the identifier, the login information parameter, and the validity period to the server as login information;
  
  receiving the login information from the user node, wherein the login information comprises the identifier, the login parameter, and the validity period;
  
  generating a server session key according to the identifier, the login information parameter, and the validity period;
  
  generating at least one session key parameter of the user node according to the generator point of the algebraic curve;
  
  sending the at least one session key parameter of the user node to the user node, wherein the at least one session key parameter of the user node is used by the user node for generating a user node session key after the user node receives the at least one session key parameter of the user node; and
  
  performing mutual authentication with the user node according to the server session key and the user node session key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The authentication method of claim 1, wherein receiving the identifier of the user node, selecting the validity period, calculating the hash value, and generating the user node password comprise:
    - receiving the identifier submitted by the user node;
      
      checking validity of the received identifier;
      
      selecting the validity period;
      
      calculating the hash value according to the server key, the identifier, and the validity period; and
      
      generating the user node password according to a highest k bits of the hash value.
  - 3. The authentication method of claim 1, wherein the user node calculates the login information parameter by selecting the random number from a group, performing point multiplication operation for the generator point of the algebraic curve according to the random number and the user node password, and generating the login information parameter.
  - 4. The authentication method of claim 1, wherein generating the server session key and generating the at least one session key parameter comprise:
    - calculating a hash value according to the server key, the identifier, and the validity period;
      
      generating the user node password according to a highest k bits of the hash value;
      
      performing point multiplication operation according to the user node password and the login information;
      
      generating at least one server session key parameter;
      
      selecting a random number from a group;
      
      performing point multiplication operation according to the random number and the at least one server session key parameter;
      
      generating the server session key;
      
      performing point multiplication operation according to the random number and the generator point of the algebraic curve; and
      
      generating the at least one session key parameter of the user node.
  - 5. The authentication method of claim 1, wherein performing mutual authentication with the user node according to the server session key and the user node session key comprises:
    - calculating a first hash value according to the server session key and the at least one session key parameter of the user node;
      
      sending the first hash value to the user node;
      
      determining whether the first hash value is the same as a second hash value, wherein the second hash value is calculated by the user node according to the user node session key and the at least one session key parameter of the user node;
      
      determining that the server passes the authentication when the first hash value is the same as the second hash value;
      
      calculating a third hash value according to the user node session key and the identifier;
      
      receiving the third hash value at the server;
      
      calculating a fourth hash value according to the server session key and the identifier;
      
      determining whether the third hash value is the same as the fourth hash value; and
      
      determining that the user node passes the authentication when the third hash value is the same as the fourth hash value.
  - 6. The authentication method of claim 1, further comprising:
    - receiving, from the user node, the identifier, an old user node password, and the validity period through a secure channel which is set up after the user node is authenticated with the server;
      
      generating a user node password according to the server key, the identifier, and the validity period;
      
      determining whether the generated user node password is the same as the old user node password;
      
      selecting a new validity period and generating a new user node password according to the new server key, the identifier, and the new validity period when the generated password and the old user node password are the same; and
      
      sending the new user node password and the new validity period to the user node through the secure channel.
  - 7. The authentication method of claim 1, wherein the algebraic curve comprises an elliptic curve, a hyper elliptic curve, or a conic curve.
  - 8. The authentication method of claim 1, wherein the server is configured to store the server key and use the server key to authenticate multiple different user nodes.

9. A network system, comprising:
- a server configured to;
  
  receive an identifier of a user node from the user node;
  
  select a validity period;
  
  calculate a hash value according to an equation v=h(K∥
  
  ID∥
  
  i), where v is the hash value, h is a hash function, K is a server key, and i is the validity period;
  
  generate a user node password according to the identifier, the validity period, and the hash value, where the user node password is calculated using an equation pw=[v]^k, where pw is the user node password, v is the hash value, and k is a numerical exponent;
  
  send registration information comprising the user node password and the validity period to the user node;
  
  receive login information from the user node;
  
  generate a server session key according to the identifier, at least one login information parameter, and the validity period, wherein the at least one login information parameter is calculated by the user node using an equation R₁=(pw·
  
  r₁)P, where R₁is the at least one login information parameter, pw is the user node password, r₁is a random number, and P is a generator point of an algebraic curve;
  
  generate at least one session key parameter of the user node according to the generator point of the algebraic curve;
  
  send the at least one session key parameter of the user node to the user node; and
  
  authenticate the user node according to the server session key.
- View Dependent Claims (10, 11)
- - 10. The network system of claim 9, wherein the algebraic curve comprises an elliptic curve, a hyper elliptic curve, or a conic curve.
  - 11. The network system of claim 9, wherein the server is configured to store the server key and use the server key to authenticate multiple different user nodes.

12. A server, in a network system comprising the server and a user node, wherein the server comprises:
- a registering module configured to;
  
  receive an identifier of the user node from the user node, select a validity period, calculate a hash value according to an equation v=h(K∥
  
  ID∥
  
  i), where v is the hash value, h is a hash function, K is a server key, ID is the identifier of the user node, and i is the validity period, generate a user node password according to the identifier, the validity period, and the hash value, wherein the user node password is calculated using an equation pw=[v]^k, where pw is the user node password, v is the hash value, and k is a numerical exponent, and send registration information comprising the user node password and the validity period to the user node;
  
  a responding module configured to;
  
  generate a server session key according to the identifier, at least one login information parameter, and the validity period comprised in the login information after receiving the login information of the user node, wherein the at least one login information parameter is calculated by the user node according to an equation R₁=(pw·
  
  r₁)P, where R₁is the at least one login information parameter, pw is the user node password, r₁is a random number, and P is a generator point on an algebraic curve, generate at least one session key parameter of the user node according to the generator point of the algebraic curve, and send the at least one session key parameter of the user node to the user node; and
  
  an authenticating module configured to authenticate the user node according to the server session key.
- View Dependent Claims (13, 14)
- - 13. The server of claim 12, further comprising:
    - a receiving module configured to receive the identifier, an old password, and a validity period sent by the user node; and
      
      a password changing module configured to;
      
      generate a user node password according to the server key, the identifier, and the validity period received by the receiving module, determine whether the generated user node password is the same as the old user node password received by the receiving module;
      
      if they are the same, select a new validity period, generate a new user node password according to the new server key, the identifier, and the new validity period, and send the new user node password and the new validity period to the user node.
  - 14. The server of claim 12, wherein the server is configured to store the server key and use the server key to authenticate multiple different user nodes.

15. A user node, comprising:
- a registering module configured to;
  
  send an identifier of the user node to a server, and receive registration information comprising a user node password and a validity period from the server, wherein the user node password is calculated using an equation pw=[v]^k, where pw is the user node password, v is a hash value, and k is a numerical exponent, wherein the hash value is calculated using an equation v=h(K∥
  
  ID∥
  
  i), where v is the hash value, h is a hash function, K is a server key, ID is the identifier of the user node, and i is the validity period;
  
  a login module configured to;
  
  generate at least one login information parameter according to the user node password and a generator point of an algebraic curve, wherein the at least one login information parameter is calculated using an equation R₁=(pw·
  
  r₁)P, wherein R₁is the at least one login information parameter, pw is the user node password, r₁is a random number, and P is the generator point of the algebraic curve, and send the login information comprising the identifier, the at least one login information parameter, and the validity period to the server;
  
  a user node session key generating module configured to;
  
  receive the at least one session key parameter of the user node from the server, and generate a user node session key according to at least one received session key parameter of the user node; and
  
  an authenticating module configured to authenticate the server according to the user node session key.
- View Dependent Claims (16, 17)
- - 16. The user node of claim 15, wherein the login module comprises:
    - a generating unit configured to;
      
      select a random number, perform point multiplication operation for the generator point of the algebraic curve according to the random number and the user node password, and generate the at least one login information parameter; and
      
      a sending unit configured to send login information to the server, wherein the login information comprises;
      
      the identifier, the at least one login information parameter generated by the generating unit, and the validity period.
  - 17. The user node of claim 15, wherein the user node is configured to receive the server key from the server, and wherein the server key is used to authenticate the user node and also authenticate multiple different other user nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Wei, Jiwei, Cao, Zhenfu, Dong, Xiaolei, Lu, Rongxing
Primary Examiner(s)
HENNING, MATTHEW T

Application Number

US12/497,930
Publication Number

US 20090271624A1
Time in Patent Office

1,499 Days
Field of Search

713/169
US Class Current

713/169
CPC Class Codes

G06F 21/445   by mutual authentication, e...

H04L 9/0844   with user authentication or...

H04L 9/3242   involving keyed hash functi...

H04L 9/3273   for mutual authentication n...

Authentication method, system, server, and user node

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method, system, server, and user node

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links