一种安全高效的智能卡口令认证方案

J4 ›› 2014, Vol. 36 ›› Issue (09): 1711-1715.

一种安全高效的智能卡口令认证方案

黄朝阳，吴正英，罗少兰

(厦门海洋学院信息技术系，福建厦门 361100)

收稿日期:2013-08-13 修回日期:2013-12-19 出版日期:2014-09-25 发布日期:2014-09-25
基金资助:
福建省中青年教师教育科研资助项目（JA13409）

An secure and efficient dynamic password
authentication protocol based on smart card and fingerprint

HUANG Chaoyang,WU Zhengying,LUO Shaolan

(Department of Information and Technology,Xiamen Ocean College,Xiamen 361100,China)

Received:2013-08-13 Revised:2013-12-19 Online:2014-09-25 Published:2014-09-25

摘要/Abstract

摘要：

针对Khan M K方案存在的缺陷进行分析，详细阐述可能的攻击方法及步骤，总结提出一种改良的基于生物特征和智能卡的口令身份认证方案。改良方案延用简单高效的杂凑和异或操作，但填补了原方案中的诸多漏洞，不失为一个高效可行的远程身份认证协议。

关键词: 身份认证, 动态口令, 智能卡, 指纹, Hash函数

Abstract:

The shortages existing in Khan et al’s scheme are analyzed carefully and its possible attack methods and steps are expounded.Then,an improved remote authentication scheme is introduced,which is based on biologic character and smart card.The new scheme ueses simple and effective hash and exclusiveor operations and can fill the many loopholes in the original scheme.Therefore,the proposal is an efficient and feasible remote authentication protocol.

Key words: Identity authentication;dynamic password;smart card;fingerprint;Hash function

黄朝阳，吴正英，罗少兰. 一种安全高效的智能卡口令认证方案[J]. J4, 2014, 36(09): 1711-1715.

HUANG Chaoyang,WU Zhengying,LUO Shaolan. An secure and efficient dynamic password
authentication protocol based on smart card and fingerprint [J]. J4, 2014, 36(09): 1711-1715.

参考文献［12］

［1］	Lee J K, Ryu S R, Yoo K Y. Fingerprint based remote user authentication scheme using smart cards［J］. Electronics Letters, 2002, 38(12):554555.
［2］	Hsieh B T, Yeh H T, Sun H M, et al. Cryptanalysis of a fingerprintbased remote user authentication scheme using smart cards［C］∥Proc of the 37th Annual International Carnahan Conference on Security Technology, 2003:349350.
［3］	Lin C H, Lai Y Y. A flexible biometrics remote user authentication scheme［J］. Computer Standards and Interfaces, 2004, 27(1):1923.
［4］	Ku W C, Chang S T, Chiang M H. Further cryptanalysis of fingerprintbased remote user authentication scheme using smartcards［J］. Electronics Letters, 2005, 41(5):12.
［5］	Khan M K, Zhang J S. An efficient and practical fingerprintbased remote user authentication scheme with smart cards［C］∥Proc of the 2nd International Conference on ISPEC, 2006:260268.
［6］	Khan M K, Zhang J S. Improving the security of ’a flexible biometrics remote user authentication scheme’［J］. Computer Standards & Interfaces, 2007, 29(1):8285.
［7］	Khan M K, Zhang J S, Wang X M. Chaotic hashbased fingerprint biometric remote user authentication scheme on mobile devices［J］. Chaos, Solitons & Fractals, 2006, 35(3):519524.
［8］	Zhou Wei, Zhao Lixin. New dynamic password authentication based on smart card and fingerprint［J］.Microcomputer Information, 2011, 27(2):197199.(in Chinese)
［9］	Wen Xiaohua, Wang Xiangjin, Shen Zhonghua. A remote user authentication scheme based on bilinear pairings and smart card［J］. Journal of Hangzhou Normal University, 2011, 10(5):403406.(in Chinese)
［10］	Yang J Z,Wang Y J,Zhou Y.New remote user authentication scheme using smart card［J］. Transactions of Nanjing University of Aeronautics ＆ Astronautics, 2012, 29(2):187192.
［11］	Yoon EJ, Yoo KY. A secure chaotic hashbased biometric remote user authentication scheme using mobile devices［C］∥Proc of 2007 International Workshops on APWeb/WAIM,2007:612623.
［12］	Wang Songbo.An improved remote user authentication scheme［J］. Computer Engineering & Science, 2011, 33(1):5155.(in Chinese)
［13］	Song R. Advanced smatr card based password authentication protocol［J］. Computer Standards and Interfaces, 2010, 32:321325.
	附中文参考文献:
［8］	周伟,赵立新. 新的基于智能卡和指纹动态口令鉴别方案［J］. 微计算机信息, 2011, 27(2):197199.
［9］	文小华,王相金,沈忠华. 基于双线性对和智能卡的远程用户认证方案［J］. 杭州师范大学学报, 2011, 10(5):403406.
［12］	王松波. 一种改进的远程用户身份认证方法［J］. 计算机工程与科学, 2011, 33(1):5155.

[1]	苏赋, 罗海波. 改进Stacking集成学习的指纹识别算法[J]. 计算机工程与科学, 2022, 44(12): 2153-2161.
[2]	曹守启, 何鑫, 刘婉荣. 一种改进的远程用户身份认证方案[J]. 计算机工程与科学, 2021, 43(11): 1960-1965.
[3]	刘颜星, 郝占军, 田冉. 基于CSI信号的被动式室内指纹定位算法研究[J]. 计算机工程与科学, 2021, 43(08): 1398-1404.
[4]	陈孟东，原昊，谢向辉，吴东. 一种基于分布式平台的规则处理架构[J]. 计算机工程与科学, 2020, 42(01): 18-24.
[5]	曹守启，孙青，曹莉凌. 动态ID多因素远程用户身份认证方案的改进[J]. 计算机工程与科学, 2019, 41(04): 633-640.
[6]	孙子文，李富，庞永春. 最小风险贝叶斯决策融合的多点触摸身份认证[J]. 计算机工程与科学, 2018, 40(09): 1579-1584.
[7]	廖山河，赵钦佩，李江峰，饶卫雄. 基于电信数据的室外定位技术研究[J]. 计算机工程与科学, 2018, 40(04): 649-659.
[8]	段旭良，杨洋，王曼韬，穆炯. 一种扩展Winnowing剽窃检测算法[J]. 计算机工程与科学, 2017, 39(12): 2245-2251.
[9]	侯振寰，马永涛，姜启登，窦智. 基于多指纹联合匹配的混合定位算法[J]. 计算机工程与科学, 2017, 39(04): 678-683.
[10]	刘润杰，刘恒超，申金媛. 一种改进的智能卡远程用户匿名认证方案[J]. J4, 2016, 38(03): 465-470.
[11]	刘玉军，汪明辉，蔡猛，陈坤. 降低Ad hoc网络信息泄露的路由算法[J]. J4, 2015, 37(06): 1087-1092.
[12]	李美剑，王勇军，解培岱，黄志坚. 基于协议偏离的程序协议指纹提取与识别[J]. J4, 2015, 37(04): 682-691.
[13]	王淦，张文英. SHA-3轮函数中χ及θ变换的性质研究[J]. J4, 2015, 37(02): 281-287.
[14]	朱黎，胡涛，罗锋，毛雷，纪忠原. 基于自适应LBP人脸识别的身份验证[J]. J4, 2014, 36(11): 2217-2222.
[15]	付青琴1,昂正全2,袁艳芳1. 一种改进的智能卡数据传输安全策略[J]. J4, 2014, 36(11): 2229-2233.