计算机工程 ›› 2008, Vol. 34 ›› Issue (12): 149-151.doi: 10.3969/j.issn.1000-3428.2008.12.052

• 安全技术 • 上一篇    下一篇

基于身份的远程用户认证方案

张少武1,李 毅1,曾立君1,2,韩继红1   

  1. (1. 解放军信息工程大学电子技术学院,郑州 450004;2. 公安海警高等专科学校,宁波 315801)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-06-20 发布日期:2008-06-20

Identity-based Remote User Authentication Schemes

ZHANG Shao-wu1, LI Yi1, ZENG Li-jun1,2, HAN Ji-hong1   

  1. (1. Institute of Electronic Technology, PLA Information Engineering University, Zhengzhou 450004;2. Public Security Marine Police Academy, Ningbo 315801)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-06-20 Published:2008-06-20

摘要: 研究近期提出的2个远程用户认证方案,对其进行伪造攻击。利用基于身份的签名思想提出一个基于身份的远程用户认证方案,在实现动态认证的同时无须用户与远程服务器端交互,通信量小,远端服务器无须保存或维护任何口令或验证表,存储代价低,可以避免口令攻击、重放攻击、伪造攻击、中间人攻击等,安全性高。

关键词: 认证, 双线性对, 智能卡, 口令, 时戳

Abstract: Two remote user authentication schemes proposed recently are studied, they are both vulnerable to forgery attacks. Identity-based remote user authentication scheme using identity-based signature system is presented. It obtains low communicational cost and dynamic authentication service without interaction between the user and the remote server, achieves little storage in the remote server because it does not need reserve or maintain any password or any table for verification. Its security is high for the reason that it can avoid some familiar attacks such that password attacks, replay attacks, forgery attacks, man-in-the-middle attacks and so on.

Key words: authentication, bilinear parings, smart card, password, timestamp

中图分类号: