CN107948189B

CN107948189B - Asymmetric password identity authentication method and device, computer equipment and storage medium

Info

Publication number: CN107948189B
Application number: CN201711375611.4A
Authority: CN
Inventors: 张永强
Original assignee: Guangdong Xinjian Information Technology Co ltd; Shuan Times Technology Co ltd
Current assignee: Guangdong Xinjian Information Technology Co ltd; Shuan Times Technology Co ltd
Priority date: 2017-12-19
Filing date: 2017-12-19
Publication date: 2020-10-30
Anticipated expiration: 2037-12-19
Also published as: CN107948189A

Abstract

The invention relates to an identity authentication method, an identity authentication device, an identity authentication medium and computer equipment of asymmetric passwords, wherein the method of one embodiment comprises the following steps: initiating an identity authentication request to a server, wherein the identity authentication request comprises a client digital certificate; receiving an identity authentication response returned by the server, wherein the identity authentication response at least comprises an encryption result obtained by encrypting the first random number by a user public key of the server based on the client digital certificate; processing the identity authentication response according to the client private key component to obtain a processing result; and sending an identity authentication request to a server based on the processing result, wherein the identity authentication request is used for indicating the server to carry out identity authentication processing. The client digital certificate is used for carrying a user public key and a first random number of the server to perform identity authentication processing, and when the client and the server respectively hold private key components, the client and the server can realize cooperative decryption between the client and the server through the user public key and the private key components held by the client and the server respectively to realize client identity authentication.

Description

Asymmetric password identity authentication method and device, computer equipment and storage medium

Technical Field

The present invention relates to the field of cryptography, and in particular, to an identity authentication method and apparatus for asymmetric cryptography, a computer device, and a computer storage medium.

Background

Zero-knowledge Proof (Zero-knowledge Proof) was proposed by s.goldwasser, s.micali and c.rackoff in the beginning of the 80 th century, meaning that the alleged person was able to convince the verifier that some conclusion was correct without providing the verifier with any useful information, which is essentially a protocol involving two or more parties, i.e. a series of steps that two or more parties need to take to complete a task. In this protocol, the allester certifies and convinces the verifier that he or she knows or owns a certain message, but the attestation process cannot reveal any information about the certified message to the verifier.

National standard GB/T15843.5-2005 information technology Security technical entity authentication part 5: mechanism using zero knowledge technology "defines a certificate-based entity authentication mechanism using an asymmetric cryptographic system that involves the exchange of information between the above-described zero knowledge proof allegger and verifier, which enables the verifier to verify the identity of the allegger. In this conventional authentication mechanism, the verifier can encrypt a random message using the public key of the allester and ask the allester to return the decrypted message. The authentication mechanism requires a claimant to hold a complete user private key, and when the user private key is divided into a plurality of components and held by a plurality of participants, the traditional technology cannot provide an identity authentication protocol based on asymmetric passwords under the condition of adopting a collaborative signature and encryption and decryption mechanism.

Disclosure of Invention

Therefore, it is necessary to provide an identity authentication method and apparatus, a computer device, and a computer storage medium for asymmetric cryptography, aiming at the problem that the conventional technology cannot perform identity authentication under the condition of adopting a collaborative signature and encryption/decryption mechanism.

An identity authentication method of asymmetric passwords comprises the following steps:

initiating an identity authentication request to a server, wherein the identity authentication request comprises a client digital certificate;

receiving an identity authentication response returned by the server, wherein the identity authentication response at least comprises an encryption result obtained by encrypting the first random number by the server based on the user public key of the client digital certificate;

processing the identity authentication response according to the client private key component to obtain a processing result;

and sending an identity authentication request to the server based on the processing result, wherein the identity authentication request is used for indicating the server to carry out identity authentication processing.

receiving an identity authentication request sent by a client, wherein the identity authentication request comprises a client digital certificate;

after the client digital certificate is verified to be valid, encrypting a first random number based on a user public key of the client digital certificate to obtain an encryption result, and returning an identity authentication response to the client, wherein the identity authentication response at least comprises the encryption result;

receiving an identity verification request returned by the client based on a processing result obtained by processing the identity authentication response according to a client private key component;

and performing identity authentication processing according to the identity authentication request to obtain an identity authentication result.

An apparatus for authenticating an asymmetric password, comprising:

the authentication request sending module is used for initiating an identity authentication request to a server, wherein the identity authentication request comprises a client digital certificate;

the response receiving module is used for receiving an identity authentication response returned by the server, wherein the identity authentication response at least comprises an encryption result obtained by encrypting the first random number by the server based on the user public key of the client digital certificate;

the response processing module is used for processing the identity authentication response according to the client private key component to obtain a processing result;

and the authentication request sending module is used for sending an authentication request to the server based on the processing result, wherein the authentication request is used for indicating the server to perform authentication processing.

An apparatus for authenticating an asymmetric password, comprising:

the authentication request receiving module is used for receiving an identity authentication request sent by a client, wherein the identity authentication request comprises a client digital certificate;

the authentication request response module is used for encrypting the first random number based on the user public key of the client digital certificate to obtain an encryption result after verifying that the client digital certificate is valid, and returning an authentication response to the client, wherein the authentication response at least comprises the encryption result;

the authentication request receiving module is used for receiving an authentication request returned by the client based on a processing result obtained by processing the authentication response according to the private key component of the client;

and the authentication processing module is used for performing authentication processing according to the authentication request to obtain an authentication result.

A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method when executing the program.

A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.

According to the identity authentication method, the identity authentication device, the computer equipment and the identity authentication medium of the asymmetric passwords, the client side digital certificate is used for carrying the user public key and the first random number of the server side to perform identity authentication processing, when the client side and the server side respectively hold private key components, the client side and the server side can finish cooperative decryption between the client side and the server side through the user public key and the private key components respectively held by the client side and the server side, and therefore identity authentication of the client side is achieved.

Drawings

FIG. 1 is a schematic diagram of an application environment of the embodiment;

FIG. 2 is a flow diagram illustrating a method for authenticating an asymmetric password in one embodiment;

FIG. 3 is a flow chart of a method for authenticating an asymmetric password in another embodiment;

FIG. 4 is a flow chart of an identity authentication method using asymmetric cryptography according to still another embodiment;

FIG. 5 is a flow chart of an authentication method using asymmetric cryptography according to another embodiment;

FIG. 6 is a schematic structural diagram of an apparatus for authenticating an asymmetric password in one embodiment;

FIG. 7 is a schematic structural diagram of an asymmetric-password authentication apparatus according to another embodiment;

FIG. 8 is an interaction flow diagram of an identity authentication process in one particular example;

FIG. 9 is an interaction flow diagram of another specific example of an authentication process;

FIG. 10 is an interaction flow diagram of another specific example of an authentication process;

FIG. 11 is an interaction flow diagram of an authentication process in accordance with yet another specific example;

FIG. 12 is an interaction flow diagram of an identity authentication process in accordance with yet another specific example;

fig. 13 is an interaction flow diagram illustrating an authentication process according to yet another specific example.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.

Fig. 1 is a diagram of an application environment of an authentication method for asymmetric cryptography in an embodiment. Referring to fig. 1, the method for authenticating an asymmetric password is applied to an authentication system for an asymmetric password. The asymmetric password identity system comprises a terminal 110 and a server 120. The terminal 110 and the server 120 are connected through a network. The terminal 110 may specifically be a desktop terminal, a mobile terminal, and other terminal devices that may or need asymmetric encryption, the mobile terminal may specifically be at least one of a mobile phone, a tablet computer, a notebook computer, and the like, and the server 120 may be implemented by an independent server or a server cluster formed by multiple servers. Terminal 110 holds client digital certificate and client private key D₁The server 120 holds a server digital certificate and a server private key D₂Client private key D₁And server private key D₂Together forming a user private key d_AI.e. d_A＝f(D₁,D₂). In one embodiment of the present application, the private key partition method is d_A＝D₁·D₂It will be appreciated that other private key divisions may be employed in other embodimentsAnd the cutting mode needs a corresponding adjustment step when other private key cutting modes are adopted. For example, the private key partition may be d_A＝D₁ ^-1·D₂ ^-1-1. The successful authentication of the server 120 to the terminal 110 may be specifically represented by that the terminal 110 can access the server 120, the terminal 110 can log in a system of the server 120, and the like.

Fig. 2 is a flowchart illustrating an identity authentication method using asymmetric cryptography in an embodiment, where the method is applied to the terminal 110 or the client provided on the terminal 110 in fig. 1. Referring to fig. 2, the method for authenticating an asymmetric password in this embodiment specifically includes the following steps S120 to S160.

Step S120, an identity authentication request is initiated to the server 120, where the identity authentication request includes a client digital certificate.

The terminal 110 initiates an identity authentication request to the server 120 when needing to access the server 120 or needing to log in the server 120 system. The authentication request includes a client digital certificate, which is a string of numbers that mark the identity information of each party in the internet communication obtained by the terminal 110. The authentication request may be received and responded to by the server 120.

Step S140, receiving an authentication response returned by the server 120, where the authentication response at least includes an encryption result obtained by the server 120 encrypting the first random number based on the user public key of the client digital certificate.

The user public key and the user private key form a key pair, wherein the user public key is a public part of the key pair, and the user private key is a non-public part of the key pair. The user public key is not generated in a unique manner, and in one embodiment, the user public key may be calculated based on the following formula:

P_A＝[d_A]G

wherein, P_AIs the user's public key, d_AG is an elliptic curve group generating element for a user private key.

The parameters of the elliptic curve system (including the elliptic curve group generator G) can be carried out by combining with the actual technical requirementsOptionally, in one embodiment, reference may be made to GMT0003.5-2012SM2 elliptic curve public key cryptography algorithm part 5: parameter definition specification. The relevant parameters include: finite field F_qScale q of (d), defining an elliptic curve equation E (F)_q) Two elements of (a), (b) E.F_q，E(F_q) Base point G ═ x_G,y_G) (G.noteq.O), wherein x_GAnd y_GIs F_qTwo elements of (1); order n of G and other options (e.g., a cofactor h for n, etc.).

After receiving the identity authentication request, the server 120 responds to the identity authentication request to obtain an identity authentication response. The identity authentication response obtained is different according to different processing modes of the response. For example, the authentication response at least includes an encryption result obtained by the server 120 encrypting the first random number based on the user public key of the client digital certificate. The encryption result refers to data obtained by processing the first random number by using an encryption algorithm, the encryption algorithm used for encryption is not unique, in one embodiment, an SM2 algorithm may be used for encryption, and the elliptic curve system parameters in the algorithm may refer to part 5 of the GM/T0003.1-2012 SM2 elliptic curve public key cryptographic algorithm: parameter definition' criteria are selected. The encryption result can be obtained based on the following formula:

wherein Challenge is the encryption result, r is the first random number, function

Representing the use of a public key P_SThe SM2 encryption operation is performed on the incoming message, in the above equation, the SM2 encryption operation is performed on the first random number r.

Step S160, the identity authentication response is processed according to the client private key component, and a processing result is obtained.

The terminal 110 processes the identity authentication response according to the client private key component, wherein the client private key component refers to the client private key held by the terminal 110Component D₁Which shares a server private key component D with the server 120₂Together forming a user private key d_AI.e. d_A＝f(D₁,D₂). It can be understood that, since the server may need to perform authentication for a plurality of different clients, the same or different private key partition manners may be adopted for different clients, taking the example of adopting different private key partition manners for the clients, at this time, the client private key component D is described above₁And a server private key component D₂May correspond to a client digital certificate held by the terminal 110.

The private key segmentation method adopted in one embodiment of the present application may be d_A＝D₁·D₂It is to be understood that other private key splitting manners may be adopted in other embodiments, and the correspondence adjustment step is required when other private key splitting manners are adopted. For example, the private key partition may be d_A＝D₁ ^-1·D₂ ^-1-1. It is understood that the processing result obtained is different according to the identity authentication response.

Step S180, sending an authentication request to the server 120 based on the processing result, where the authentication request is used to instruct the server to perform authentication processing.

The terminal 110 sends the authentication request to the server 120 based on the processing result, and it can be understood that the information contained in the authentication request may be different based on the processing result. In some embodiments, the authentication request may directly include the processing result, and in other embodiments, the processing result may be further processed (e.g., a message digest is calculated), and the further processed result (e.g., the message digest) may be included in the authentication request, as illustrated in the following examples. It is understood that, correspondingly, the authentication processing of the corresponding server side is correspondingly different based on the difference of the information contained in the authentication request.

According to the identity authentication method of the asymmetric password, the client side digital certificate carrying the user public key and the first random number of the server side is used for identity authentication processing, and when the client side and the server side respectively hold private key components, the client side and the server side can realize cooperative decryption between the client side and the server side through the user public key and the private key components held by the client side and the server side respectively to realize identity authentication of the client side.

In one embodiment, the collaborative decryption process may be initiated by the terminal. At this time, the manner of processing the authentication response according to the client private key component in step S160 includes: and generating a client decryption parameter according to the client private key component and the encryption result. At this time, the processing result includes the client decryption parameter, and the authentication request may include the processing result. The client decryption parameter refers to a parameter generated by the terminal 110 in the identity authentication process and used for collaborative decryption, and in this embodiment, is a parameter generated by the terminal 110 when the terminal 110 initiates collaborative decryption. The specific manner of obtaining the client decryption parameter is not unique, and in one embodiment, the client decryption parameter may be obtained based on the following formula:

wherein u is₁Decrypting parameters for the client, D₁A client private key component held for the terminal,

extracting a bit string C from the encryption result for terminal 110₁And finally, converting the data type of the bit string into elliptic curve group elements according to the method given by GM/T0003.1-2012 standards 4.2.4 and 4.2.10.

In this embodiment, the terminal 110 initiates the cooperative decryption process, and finally the server 120 obtains the decryption result and verifies the decryption result, which is different from the cooperative decryption process initiated by the server 120, and a method for realizing the identity authentication of the terminal 110 by realizing the cooperative decryption between the terminal 110 and the server 120 through the user public key and the user private key is also provided.

In one embodiment, the collaborative decryption process may be initiated by the server. In this embodiment, the authentication response further comprises: the server 120 determines a server decryption parameter based on the server private key component and the encryption result. The server decryption parameter refers to a parameter generated at the server 120 for cooperative decryption. In this embodiment, the server 120 initiates the cooperative decryption process, and it can be understood that when the terminal 110 initiates the cooperative decryption and the server 120 initiates the cooperative decryption, the obtained server decryption parameters are different, and a specific way of obtaining the server decryption parameters is not unique. Taking the example that the server 120 initiates the cooperative decryption in this embodiment as an example, the server decryption parameter may be obtained based on the following formula:

wherein u is₂Decrypting the parameters for the server, D₂A server private key component held for the server,

extracting a bit string C from the encrypted result for the server 120₁And finally, converting the data type into the elliptic curve group elements according to the methods given by GM/T0003.1-2012 standards 4.2.4 and 4.2.10.

Accordingly, in this embodiment, the method for processing the authentication response according to the client private key component in step S160 includes the following steps:

generating a client decryption parameter according to the client private key component and the server decryption parameter;

and decrypting the encrypted result according to the client decryption parameter to obtain a decrypted result, wherein the processing result comprises the decrypted result.

The terminal 110 generates the client decryption parameter according to the client private key component and the server decryption parameter, and a specific manner of obtaining the client decryption parameter is not unique, but in one embodiment, when the server 120 initiates the cooperative decryption, the client of the terminal 110 may obtain the client decryption parameter based on the following formula:

u₁＝[D₁]u₂

wherein u is₁Decrypt parameter, u, for client₂Server side decryption parameters, D, obtained when the server side 120 initiates the cooperative decryption₁A client private key component held for the client of terminal 110.

The terminal 110 decrypts the encrypted result according to the client decryption parameter to obtain a decrypted result, where the processing result includes the decrypted result, and the authentication request may include the decrypted result. The decryption result refers to data obtained by decrypting the encryption result with a decryption algorithm, the decryption algorithm used is not unique and corresponds to the encryption algorithm used in the embodiment of step S140, and the corresponding decryption algorithm obtains the encryption result based on the following formula:

wherein r' is the decryption result, Challenge is the encryption result,

representing the use of a user private key d_ATo perform SM2 decryption operations on the incoming message. It can be understood that the server decryption parameter sent by the server is based on the server key component D₂Obtaining, and client-generated client decryption parameters based on the client key component D₁Get, and the client key component D₁And a server side key component D₂Is given by the user's private key d_ADecomposed, so the client can be based on the user private key d_AThe decryption process is completed, and the specific decryption method is not limited in this embodiment.

In this embodiment, the server 120 initiates the cooperative decryption process, the terminal 110 generates the decryption result and sends the decryption result to the server 120, and the server 120 performs verification, which is different from the method for the terminal 110 to initiate the cooperative decryption process, and a method for implementing the identity authentication of the terminal 110 by implementing the cooperative decryption between the terminal 110 and the server 120 through the user public key and the user private key is also provided.

In one embodiment, a shared key may also be negotiated between the terminal and the server, so as to establish a secure channel between the terminal and the server, and implement secure transmission of communication data. Accordingly, in this embodiment, as shown in fig. 3, before step S120, step S110 may be further included.

Step S110, generating a second random number, and encrypting the second random number based on the user public key of the client digital certificate to obtain a first shared key parameter.

At this time, the identity authentication request further includes the first shared key parameter, and the identity authentication response further includes a second shared key parameter obtained by the server 120 encrypting the third random number based on the user public key of the client digital certificate.

In this embodiment, the terminal 110 generates a second random number, and encrypts the second random number based on the user public key to obtain the first shared key parameter. The first shared key parameter refers to an intermediate parameter obtained by encrypting the terminal 110 to generate the client shared key. The encryption algorithm used is not unique, and in one embodiment, the encryption algorithm used may be based on the following formula to obtain the first shared key parameter:

T₁＝[a]P_A

wherein, T₁Is a first shared key parameter, a is a second random number, P_AIs the user public key.

At this time, before the step S180 sends an authentication request to the server based on the processing result, a step S166 may be further included.

Step S166, a client shared key is obtained by calculation according to the second random number and the second shared key parameter.

The client shared key refers to a key used by the terminal 110 to establish a secure channel for information transmission with the server 120. The way in which the terminal 110 calculates the client shared key according to the second random number and the second shared key parameter is not unique, and in one embodiment, the client shared key may be obtained based on the following formula:

(x₁,y₁)＝[a]T₂

K₀＝KDF(x₁||y₁,klen)

wherein (x)₁,y₁) Is an elliptic curve group element, a is a second random number, T₂As a second shared key parameter, K₀And sharing a secret key for the client, wherein | | represents splicing, KDF () is a predefined secret key derivation function, and klen expresses the length of an output bit string.

In this embodiment, the terminal 110 and the server 120 execute an ECDH protocol based on an elliptic curve cryptosystem while completing identity authentication, and establish a secure channel between two parties of communication through a negotiated shared key, thereby implementing secure transmission of communication data and improving reliability of identity authentication.

In one embodiment, the server-side identity may also be authenticated to enable two-way authentication. In this embodiment, the identity authentication response may further include: a server digital certificate and a digital signature result. The server digital certificate is a string of numbers that mark identity information of each party in the internet communication obtained by the server 120, and the digital signature result is data generated by the server 120 and used for proving the identity of the server 120.

In this embodiment, after step S140 and before step S160, the method may further include: and verifying the server digital certificate and the server digital signature result.

The method for the terminal 110 to verify the server-side digital certificate and the server-side digital signature result is not unique, but in one embodiment, the terminal 110 verifies the validity of the server-side digital certificate and the certificate chain thereof, verifies the validity of the digital signature result through the public key corresponding to the server-side digital certificate, and when the verification results are both valid, step S160 is performed.

In this embodiment, by verifying the server-side digital certificate of the server 120, the terminal 110 can trust the identity of the server 120 by verifying the server-side digital certificate of the server 120, thereby avoiding man-in-the-middle attack and improving the reliability of identity authentication.

In one embodiment, privacy protection may also be accomplished by computing a message digest. Fig. 4 shows a flow chart of the identity authentication process in this embodiment. As shown in fig. 4, in this embodiment, after step S160 and before step S180, step S170 is further included.

Step S170, calculating the message abstract of the processing result to obtain the message abstract of the client.

At this time, the authentication request sent in step S180 includes the client message digest, that is, the terminal does not directly send the processing result to the server 120 through the authentication request, but sends the client message digest calculated according to the processing result to the server 120, so as to achieve the purpose of protecting the privacy of the user. The method for the terminal 110 to calculate the message digest of the processing result is not unique, and the message digest of the client can be obtained by performing hash operation on the processing result. In one specific example, when the processing result is a decryption result, the client message digest may be obtained based on the following formula:

R＝SM3_Hash(r′)

where R is the client message digest, SM3_ Hash (×) is a predefined Hash function, and R' is the decryption result.

In this embodiment, the terminal 110 does not directly send the processing result such as the decryption result to the server 120, but sends the message digest of the processing result to the server 120, and the server 120 determines whether the decryption result of the terminal 110 is correct by verifying the SM3 digest, thereby effectively preventing the dishonest server from using a cooperative decryption step in the identity authentication protocol to deceive the client to decrypt the sensitive data encrypted and stored by the user at the server, and improving the security of the protocol.

In one embodiment, privacy protection may also be accomplished by computing a message digest after the shared secret is negotiated. Accordingly, in this embodiment, as shown in fig. 3 and 4, before step S120, step S110 may be further included.

At this time, the identity authentication request further includes the first shared key parameter, where the first shared key parameter refers to an intermediate parameter obtained by the terminal 110 through encryption processing to generate the client shared key, and a manner of generating the first shared key parameter is not unique, and in an embodiment, the first shared key parameter may be obtained based on the following formula:

T₁＝[a]P_A

In this case, the authentication response further includes a second shared key parameter obtained by the server 120 encrypting the third random number based on the user public key of the client digital certificate.

At this time, before the step S180 sends an authentication request to the server based on the processing result, the method may further include the steps S166 and S170.

Step S166, calculating according to the second random number and the second shared key parameter to obtain a client shared key;

(x₁,y₁)＝[a]T₂

K₀＝KDF(x₁||y₁,klen)

Step S170, calculating the message digest based on the client shared key and the processing result, and obtaining the client message digest.

The method for the terminal 110 to compute the message digest is not unique, and the message digest of the client can be obtained by a hash operation. In one specific example, when the processing result is a decryption result, the client message digest may be obtained based on the following formula:

R＝SM3_Hash(r′||K₀)

wherein, R is the message digest of the client, SM3_ Hash (—) is a predefined Hash function, R' is the decryption result, K₀The key is shared for the client.

In this embodiment, when the terminal 110 and the server 120 complete identity authentication, not only the secure channel is established between the two parties of communication by negotiating the shared key, so as to achieve secure transmission of communication data, thereby improving the reliability of identity authentication, but also the processing results such as decryption results are not directly sent to the server 120, but the message digest of the processing results is calculated and sent to the server 120, thereby effectively preventing dishonest servers from using the cooperative decryption step in the identity authentication protocol to deceive clients to decrypt sensitive data encrypted and stored by the users at the server, and improving the security of the protocol.

Fig. 5 is a flowchart illustrating an identity authentication method using asymmetric cryptography in another embodiment, where the method in this embodiment is applied to the server 120 in fig. 1. Referring to fig. 5, the method for authenticating an asymmetric password in this embodiment specifically includes the following steps S220 to S280.

Step S220, receiving an identity authentication request sent by the client, where the identity authentication request includes a client digital certificate.

Step S240, after the client digital certificate is verified to be valid, the first random number is encrypted based on the user public key of the client digital certificate to obtain an encryption result, and an authentication response is returned to the client, wherein the authentication response at least comprises the encryption result.

After receiving the identity authentication request, the server 120 verifies whether the client digital certificate is valid, and when the client certificate is valid, responds to the identity authentication request to obtain an identity authentication response. The identity authentication response is correspondingly different according to different processing modes of the response. For example, the authentication response at least includes an encryption result obtained by the server 120 encrypting the first random number based on the user public key of the client digital certificate. The encryption result refers to data obtained by processing the first random number by using an encryption algorithm, the encryption algorithm used is not unique, and the encryption result can be obtained by using the encryption algorithm in one embodiment based on the following formula:

Representing the use of a public key P_ATo perform an SM2 encryption operation on the incoming message, i.e., an SM2 encryption operation on the first random number r in the above equation.

Step S260, receiving an authentication request returned by the client based on a processing result obtained by processing the authentication response according to the client private key component.

The server 120 receives the authentication request returned by the client, and the processing result is different according to the difference of the processing of the client on the authentication response. The information contained in the authentication request may vary depending on the processing result, and accordingly, the authentication processing may vary. In some embodiments, the authentication request may directly include the processing result, and in other embodiments, the processing result may be further processed (e.g., a message digest is calculated), and the further processed result (e.g., the message digest) may be included in the authentication request, as illustrated in the following examples.

Step S280, the identity authentication is processed according to the identity authentication request, and an identity authentication result is obtained.

The server 120 performs authentication processing according to the authentication request, and the corresponding authentication processing manner is different according to the difference of the information included in the authentication request.

In one embodiment, the collaborative decryption process may be initiated by the end client. At this time, the processing result may include a client decryption parameter generated by the client according to the client private key component and the encryption result, and the processing result may be included in the authentication request. In this embodiment, the manner of performing the authentication process according to the authentication request in step S280 to obtain the authentication result may include the following steps:

generating a server side decryption parameter according to the client side decryption parameter and the server side private key component;

decrypting the encrypted result according to the server decryption parameter to obtain a decrypted result;

and comparing the consistency of the decryption result and the first random number to obtain an identity verification result.

The server decryption parameter refers to a parameter generated at the server 110 for cooperative decryption. The server decryption parameters obtained by the terminal 110 initiating the cooperative decryption and the server 120 initiating the cooperative decryption are different, and the specific way of obtaining the server decryption parameters is not unique, in the embodiment where the terminal 110 initiates the cooperative decryption, the server may obtain the server decryption parameters based on the following formula:

u₂＝[D₂]u₁

wherein u is₂Decrypting the parameter u for the server₁Sending the client decryption parameters in the authentication request to the client, D₂And the server side private key component is held by the server side.

The decryption result refers to data obtained by decrypting the encryption result with a decryption algorithm, the decryption algorithm used is not unique and corresponds to the encryption algorithm used in the embodiment in step S240, and the corresponding decryption algorithm obtains the decryption result based on the following formula:

wherein r' is the decryption result, Challenge is the encryption result,

representing the use of a user private key d_ATo perform SM2 decryption operations on the incoming message. It can be understood that since the server decryption parameter sent by the server to the client is based on the server key component D₂Obtaining, and client-generated client decryption parameters based on the client key component D₁Get, and the client key component D₁And a server side key component D₂Is given by the user's private key d_ADecomposed, so the client can be based on the user private key d_AThe decryption process is completed, and the specific decryption method is not limited in this embodiment.

The server 120 compares the consistency of the decryption result with the first random number, and when the decryption result is consistent with the first random number, the identity verification result is identity authentication; and when the decryption result is inconsistent with the first random number, the identity verification result is that the identity authentication is not passed.

In one embodiment, the collaborative decryption process may be initiated by the server. In this embodiment, after obtaining the encryption result and before returning the authentication response in step S240, the method further includes: and determining a server decryption parameter based on the server private key component and the encryption result.

The server decryption parameter refers to a parameter generated at the server 120 for cooperative decryption. It is understood that the server decryption parameters obtained when the terminal 110 initiates the cooperative decryption may be different from the server 120 initiating the cooperative decryption, and the specific way of obtaining the server decryption parameters is not unique. Taking the example that the server 120 initiates the cooperative decryption process in this embodiment as an example, the server decryption parameter may be obtained based on the following formula:

At this time, in this embodiment, the identity authentication response further includes a server decryption parameter; the processing result comprises a decryption result obtained by decrypting the encryption result according to the client decryption parameter after the client obtains the client decryption parameter according to the client private key component and the server decryption parameter, and the authentication request comprises the processing result. The step S280 may specifically include: and comparing the consistency of the decryption result and the first random number to obtain an identity verification result.

In one embodiment, a shared key may also be negotiated between the terminal and the server, so as to establish a secure channel between the terminal and the server, and implement secure transmission of communication data. Accordingly, in this embodiment, the identity authentication request further includes a first shared key parameter obtained by the client encrypting the second random number based on the user public key of the client digital certificate.

In this embodiment, after obtaining the encryption result and before returning the authentication response in step S240, the method further includes: and encrypting the third random number based on the user public key to obtain a second shared key parameter.

At this time, the identity authentication response further includes a second shared key parameter, and the processing result includes a client shared key obtained by the client according to the first shared key parameter and the second shared key parameter. The second shared key parameter refers to an intermediate parameter obtained by the server 120 through encryption processing for generating the client shared key. The encryption algorithm used is not unique, and in one embodiment, the encryption algorithm used may be based on the following formula to obtain the second shared key parameter:

T₂＝[b]P_A

wherein, T₂Is a server side key parameter, b is a third random number, P_AIs the user public key.

In this embodiment, the authentication request may include the processing result, that is, the authentication request includes the client shared key. In this case, the step S280 may specifically include the following steps:

calculating to obtain a server-side shared key according to the third random number and the first shared key parameter;

and performing identity authentication according to the client shared key and the server shared key to obtain an identity authentication result. The server-side shared key refers to a key used by the server side 120 to establish a secure channel for information transmission with the terminal 110. The way for the server 120 to obtain the server shared key by calculating according to the third random number and the first shared key parameter is not unique, and in an embodiment, the server shared key may be obtained based on the following formula:

(x₂,y₂)＝[b]T₁

K＝KDF(x₂||y₂,klen)

wherein (x)₂,y₂) Is an elliptic curve group element, b is a second random number, T₁For the first key parameter, K is the server-side shared key, where | | represents concatenation, KDF (×) is a predefined key derivation function, and klen represents the length of the output bit string.

It can be understood that, under normal circumstances, the calculated client shared key and the server shared key should be the same, that is, the client and the server hold the same shared key, and the client shared key and the server shared key mentioned in this application are distinguished only in name based on the difference between the processing parties.

In one embodiment, the server-side identity may also be authenticated to enable two-way authentication. In this embodiment, after obtaining the encryption result and before returning the authentication response in step S240, the method further includes: and executing the digital signature according to a private key corresponding to the server-side digital certificate to obtain a digital signature result.

At this time, the authentication response further includes: a server digital certificate and a digital signature result. The server 120 executes the digital signature according to the private key corresponding to the server digital certificate, and the way of executing the digital signature is not unique, and in one embodiment, the digital signature result may be obtained based on the following formula:

wherein S is₁For digitally signed results, Challenge is the encrypted result, u₂To decrypt the parameters for the server, | | represents concatenation,

representing the use of the corresponding private key S of the server 120_SCCome to rightThe incoming message performs the SM2 signing operation.

In this embodiment, the signature is performed by the server digital certificate of the server 120, so that the terminal 110 can trust the identity of the server 120 by verifying the server digital certificate of the server 120, thereby avoiding man-in-the-middle attack and improving the reliability of identity authentication.

In one embodiment, privacy protection may also be accomplished by computing a message digest. At this time, the authentication request returned by the client based on the processing result includes not the processing result itself but a client message digest calculated according to the processing result, so as to achieve the purpose of protecting the privacy of the user. At this time, step S280 in this embodiment includes the steps of:

calculating and determining a message abstract of a server;

and comparing the consistency of the client message abstract and the server message abstract to obtain an identity verification result.

The server message digest is a digest obtained by the server 120 operating on data. The method for obtaining the message digest of the server by the server is not unique, and the message digest of the server can be obtained by performing hash operation. In one specific example, the server message digest may be obtained based on the following formula:

R′＝SM3_Hash(r)

where R' is the server message digest, SM3_ Hash (×) is a predefined Hash function, and R is the first random number.

In another embodiment, the server message digest may also be calculated based on the following formula:

R′＝SM3_Hash(r||K)

wherein, R' is a digest of the server message, SM3_ Hash (×) is a predefined Hash function, R is a first random number, and K is a server shared key.

Therefore, the shared key is negotiated between the terminal and the server so as to establish a secure channel between the terminal and the server, and privacy protection is completed by calculating the message digest.

The server 120 compares the consistency of the client message digest and the server message digest, and when the client message digest is consistent with the server message digest, the identity verification result is identity authentication; and when the client message digest is inconsistent with the server message digest, the identity verification result is that the identity authentication is not passed.

In this embodiment, the terminal 110 does not directly send the processing result such as the decryption result to the server 120, but sends the message digest (SM3 digest) that calculates the processing result to the server 120, and the server 120 determines whether the decryption result of the terminal 110 is correct by verifying the SM3 digest, thereby effectively preventing a dishonest server from using a cooperative decryption step in the identity authentication protocol to deceive the client to decrypt the sensitive data encrypted and stored by the user at the server, and improving the security of the protocol.

In one embodiment, as shown in fig. 6, an asymmetric-password authentication apparatus is provided. The present embodiment is mainly illustrated by applying the apparatus to the terminal 110 in fig. 1. Referring to fig. 6, the apparatus for authenticating an asymmetric password specifically includes the following:

an authentication request sending module 112, configured to initiate an identity authentication request to a server, where the identity authentication request includes a client digital certificate;

a response receiving module 114, configured to receive an identity authentication response returned by the server, where the identity authentication response at least includes an encryption result obtained by encrypting the first random number by the server based on the user public key of the client digital certificate;

the response processing module 116 is configured to process the identity authentication response according to the client-side private key component, and obtain a processing result;

and an authentication request sending module 118, configured to send, to the server, an authentication request based on the processing result, where the authentication request is used to instruct the server to perform authentication processing.

The device also comprises modules corresponding to the steps in the method taking the terminal as an example, the functions are written in the method, and are not described again.

In one embodiment, as shown in fig. 7, an asymmetric-password authentication apparatus is provided. The present embodiment is mainly illustrated by applying the apparatus to the server 120 in fig. 1. Referring to fig. 7, the apparatus for authenticating an asymmetric password specifically includes the following:

an authentication request receiving module 122, configured to receive an identity authentication request sent by a client, where the identity authentication request includes a client digital certificate;

the authentication request response module 124 is configured to, after verifying that the client-side digital certificate is valid, encrypt the first random number based on the user public key of the client-side digital certificate to obtain an encryption result, and return an authentication response to the client, where the authentication response at least includes the encryption result;

a verification request receiving module 126, configured to receive an identity verification request returned by the client based on a processing result obtained by processing the identity authentication response according to the client private key component;

and an authentication processing request block 128, configured to perform authentication processing according to the authentication request to obtain an authentication result.

The device also comprises modules corresponding to the steps in the method taking the server as an example, the functions are written in the method, and are not described again.

The identity authentication device of the asymmetric password carries the user public key and the first random number of the server side by using the client side digital certificate to carry out identity authentication processing, and when the client side and the server side respectively hold private key components, the client side and the server side can realize the cooperative decryption between the client side and the server side through the user public key and the private key components respectively held by the client side and the server side to realize the identity authentication of the client side.

For example, the following description is given with reference to an interaction flow of an identity authentication process in several specific examples, because a collaborative decryption process in the identity authentication process may be initiated by a client or a server, and when different initiators initiate collaborative decryption processes, decryption parameters obtained may be different, in the following description of each specific example, the following settings are made:

when the server initiates a collaborative decryption process, a server decryption parameter obtained by the server is called a server first decryption parameter, and a client decryption parameter obtained by the client is called a client first decryption parameter;

when the client initiates the collaborative decryption process, the server decryption parameter obtained by the server is called a server second decryption parameter, and the client decryption parameter obtained by the client is called a client second decryption parameter.

Fig. 8 shows an interaction flow diagram of an identity authentication process in a specific example, which is described by taking a server-initiated cooperative decryption process as an example. As shown in fig. 8, the interaction flow of the authentication process in this specific example is as follows.

The terminal 110 sends an identity authentication request to the server 120, where the identity authentication request includes a client digital certificate, and the client digital certificate carries the user public key.

The server 120 verifies the client digital certificate, and when the verification is passed, extracts the user public key; the server 120 selects the first random number, encrypts the first random number by using the user public key, and obtains an encryption result; and calculating based on the encryption result and the server private key component to obtain a first decryption parameter of the server, and returning an identity authentication response to the terminal 110, wherein the identity authentication response comprises the encryption result and the first decryption parameter of the server.

The terminal 110 generates a client-side first decryption parameter according to the client-side private key component and the server-side first decryption parameter; decrypting the encrypted result according to the first decryption parameter of the client to obtain a decrypted result; and initiates an authentication request to the server 120, the authentication request including the decryption result.

The server 120 compares the consistency of the first random number and the decryption result to obtain an identity authentication result; when the decryption result is consistent with the first random number, the identity verification result is identity authentication; and when the decryption result is inconsistent with the first random number, the identity verification result is that the identity authentication is not passed.

Fig. 9 shows an interaction flow diagram of the authentication process in another specific example, which is described by taking the example of the client initiating the cooperative decryption process. As shown in fig. 9, the interaction flow of the authentication process in this specific example is as follows.

The terminal 110 sends an identity authentication request to the server 120, where the identity authentication request includes a client digital certificate, and the certificate carries the user public key.

The server 120 verifies the client digital certificate, and when the verification is passed, extracts the user public key; the server 120 selects the first random number, encrypts the first random number by using the user public key, and obtains an encryption result; an authentication response is returned to the terminal 110, the authentication response including the encryption result.

The terminal 110 calculates based on the encryption result and the client private key component to obtain a client second decryption parameter; the terminal 110 initiates an authentication request to the server 120, where the authentication request includes the client-side second decryption parameter.

The server 120 calculates based on the second decryption parameter of the client and the private key component of the server to obtain a second decryption parameter of the server; decrypting the encrypted result according to the second decryption parameter of the server to obtain a decrypted result; and comparing the consistency of the first random number and the decryption result to obtain an identity authentication result; when the decryption result is consistent with the first random number, the identity verification result is identity authentication; and when the decryption result is inconsistent with the first random number, the identity verification result is that the identity authentication is not passed.

Fig. 10 is a schematic diagram illustrating an interaction flow of an authentication process in another specific example, which is described by taking an example in which a server initiates a cooperative decryption process and calculates a message digest. As shown in fig. 10, the interaction flow of the authentication process in this specific example is as follows.

The terminal 110 generates a client-side first decryption parameter according to the client-side private key component and the server-side first decryption parameter; decrypting the encrypted result according to the first decryption parameter of the client to obtain a decrypted result; calculating a client message digest according to the decryption result; the terminal 110 initiates an authentication request to the server 120, the authentication request including a client message digest.

The server 120 calculates a server message digest of the first random number; comparing the consistency of the message abstract of the server side and the message abstract of the client side to obtain an identity authentication result; when the message abstract of the server side is consistent with the message abstract of the client side, the identity verification result is identity authentication; and when the message digest of the server side is inconsistent with the message digest of the client side, the identity verification result is that the identity authentication is failed.

Fig. 11 is a schematic interaction flow diagram illustrating an identity authentication process in another specific example, which is described by taking an example in which a server initiates a cooperative decryption process and negotiates a shared key. As shown in fig. 11, the interaction flow of the authentication process in this specific example is as follows.

The terminal 110 generates a second random number, and encrypts the second random number by using the user public key to obtain a first shared key parameter; the terminal 110 sends an identity authentication request to the server 120, where the identity authentication request includes a first shared key parameter and a client digital certificate, and the certificate carries a user public key.

The server 120 verifies the client digital certificate, and when the verification is passed, extracts the user public key; the server 120 selects the first random number, encrypts the first random number by using the user public key, and obtains an encryption result; calculating based on the encryption result and the server private key component to obtain a first decryption parameter of the server; generating a third random number, and encrypting by using a user public key to obtain a second shared key parameter; and returning an identity authentication response to the terminal 110, wherein the identity authentication response comprises an encryption result, a first decryption parameter of the server side and a second shared key parameter.

The terminal 110 generates a client-side first decryption parameter according to the client-side private key component and the server-side first decryption parameter; decrypting the encrypted result according to the first decryption parameter of the client to obtain a decrypted result; calculating according to the second random number and the second shared key parameter to obtain a client shared key; calculating a client message digest according to the client shared key and the decryption result; the terminal 110 initiates an authentication request to the server 120, the authentication request including a client message digest.

The server 120 calculates a server shared key according to the third random number and the first shared key parameter; calculating a server message digest according to the server shared key and the first random number; comparing the consistency of the message abstract of the server side and the message abstract of the client side to obtain an identity authentication result; when the message abstract of the server side is consistent with the message abstract of the client side, the identity verification result is identity authentication; and when the message abstract of the server side is inconsistent with the message abstract of the client side, the identity verification result is that the identity authentication is not passed.

Fig. 12 is an interaction flow diagram illustrating an identity authentication process in another specific example, where a server initiates a cooperative decryption process, and the server performs a digital signature to verify the server. As shown in fig. 12, the interaction flow of the authentication process in this specific example is as follows.

The server 120 verifies the client digital certificate, and when the verification is passed, extracts the user public key; the server 120 selects the first random number, encrypts the first random number by using the user public key, and obtains an encryption result; calculating based on the encryption result and the server private key component to obtain a first decryption parameter of the server; executing signature operation on the encrypted result and the first decryption parameter of the server by using a private key corresponding to the digital certificate of the server to obtain a signature result; and returning an identity authentication response to the terminal 110, wherein the identity authentication response comprises an encryption result, a first decryption parameter of the server, a digital certificate of the server and a signature result.

The terminal 110 verifies the server digital certificate and the signature result; when the verification passes, generating a first decryption parameter of the client according to the private key component of the client and the first decryption parameter of the server; decrypting the encrypted result according to the first decryption parameter of the client to obtain a decrypted result; the terminal 110 initiates an authentication request to the server 120, where the authentication request includes the decryption result.

Fig. 13 is a schematic interaction flow diagram illustrating an identity authentication process in another specific example, which is described by taking an example in which a server initiates a cooperative decryption process, negotiates a shared key, calculates a message digest, and performs digital signature on the server to verify the server. As shown in fig. 13, the interaction flow of the authentication process in this specific example is as follows.

The server 120 verifies the client digital certificate, and when the verification is passed, extracts the user public key; the server 120 selects the first random number, encrypts the first random number by using the user public key, and obtains an encryption result; calculating based on the encryption result and the server private key component to obtain a first decryption parameter of the server; executing signature operation on the encrypted result and the first decryption parameter of the server by using a private key corresponding to the digital certificate of the server to obtain a signature result; generating a third random number, and encrypting by using a user public key to obtain a second shared key parameter; and returning an identity authentication response to the terminal 110, wherein the identity authentication response comprises an encryption result, a first decryption parameter of the server, a second shared key parameter, a digital certificate of the server and a signature result.

The terminal 110 verifies the server digital certificate and the signature result; when the verification passes, generating a first decryption parameter of the client according to the private key component of the client and the first decryption parameter of the server; decrypting the encrypted result according to the first decryption parameter of the client to obtain a decrypted result; calculating according to the second random number and the second shared key parameter to obtain a client shared key; calculating a client message digest according to the client shared key and the decryption result; the terminal 110 initiates an authentication request to the server 120, the authentication request including a client message digest.

With reference to the above embodiments, assuming that the user side is Bob and the service side is Alice, a specific cooperative decryption process between the two parties may be as follows.

Alice obtains the SM2 ciphertext (i.e., the encrypted result) C ═ C₁||C₃||C₂Extracting a bit string C from the ciphertext C₁And converting the data type according to the methods given by GM/T0003.1-2012 standards 4.2.4 and 4.2.10 to obtain elliptic curve group elements

Then verify

Whether it is an elliptic curve E (F)_q) If yes, prompting an error and exiting the decryption process.

If not, Alice uses the private key component D it holds₁Calculating the decryption parameters of Alice (if Alice is at the server, the server is the above-mentioned server)Decryption parameters)

And will T₁Sent to Bob.

After receiving T1, Bob bases on its own private key component D₂Calculating the decryption parameter T of Bob₂＝[D₂]T₁Then calculate

(x₂,y₂) Is an elliptic curve group element.

Bob calculates shared key t-KDF (x)₂||y₂Klen), where | | denotes concatenation, KDF (#) is a predefined key derivation function, and klen denotes the length of the output bit string. If t is all 0 bit string, error is reported and exit is performed.

If t is not all 0 bit strings, Bob extracts the bit string C from the ciphertext C₂And calculate

Wherein

Representing a bitwise exclusive-or operation.

Bob calculates the message digest u-Hash (x)₂||M′||y₂) Then extracting a bit string C from the ciphertext C₃If u ≠ C₃An error is reported and exit is performed.

If u ═ C₃Bob outputs the plaintext M'.

Based on the examples described above, there is also provided in one embodiment a computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements the method of any one of the embodiments described above.

It will be understood by those skilled in the art that all or part of the processes in the methods of the embodiments described above may be implemented by a computer program, which is stored in a non-volatile computer readable storage medium, and in the embodiments of the present invention, the program may be stored in the storage medium of a computer system and executed by at least one processor in the computer system to implement the processes of the embodiments including the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.

Accordingly, in an embodiment there is also provided a storage medium having a computer program stored thereon, wherein the program when executed by a processor implements the method of any of the embodiments described above.

The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims

1. An identity authentication method for asymmetric cryptography, the method comprising:

receiving an identity authentication response returned by the server, wherein the identity authentication response at least comprises an encryption result obtained by encrypting a first random number by the server based on a user public key of the client digital certificate, and the user public key and a user private key form a key pair;

processing the identity authentication response according to the client private key component to obtain a processing result; the client side private key component is a client side private key component held by a client side, and the client side private key component and a server side private key component held by a server side form the user private key together;

2. The method for authenticating an asymmetric password according to claim 1, wherein:

the method for processing the identity authentication response according to the client private key component comprises the following steps: generating a client decryption parameter according to the client private key component and the encryption result;

the processing result comprises the client decryption parameter.

3. The asymmetric-password authentication method as claimed in claim 1, wherein the authentication response further comprises: the server side determines a server side decryption parameter based on the server side private key component and the encryption result;

the method for processing the identity authentication response according to the client private key component comprises the following steps:

4. The method for authenticating an asymmetric password according to any one of claims 1 to 3, wherein:

before the identity authentication request is initiated to the server, the method further comprises the following steps: generating a second random number, and encrypting the second random number based on the user public key of the client digital certificate to obtain a first shared key parameter;

the identity authentication request further comprises the first shared key parameter, and the identity authentication response further comprises a second shared key parameter obtained by the server side encrypting a third random number based on the user public key of the client side digital certificate;

before sending an identity authentication request to the server based on the processing result, the method further comprises the following steps: and calculating to obtain the client shared key according to the second random number and the second shared key parameter.

5. The asymmetric-password authentication method as claimed in claim 1, wherein the authentication response further comprises: a server digital certificate and a digital signature result;

after receiving the identity authentication response returned by the server side, before processing the identity authentication response according to the client side private key component, the method further comprises the following steps: and verifying the server digital certificate and the server digital signature result.

6. The method for authenticating an asymmetric password according to any one of claims 1 to 3, wherein:

after the processing result is obtained, before an authentication request is sent to the server based on the processing result, the method further comprises the following steps: calculating the message abstract of the processing result to obtain a client message abstract;

the step of sending an authentication request to the server based on the processing result comprises: and sending an authentication request to the server, wherein the authentication request comprises the client message digest.

7. An identity authentication method for asymmetric cryptography, the method comprising:

after the client digital certificate is verified to be valid, encrypting a first random number based on a user public key of the client digital certificate to obtain an encryption result, and returning an identity authentication response to the client, wherein the identity authentication response at least comprises the encryption result, and the user public key and a user private key form a key pair;

receiving an identity verification request returned by the client based on a processing result obtained by processing the identity authentication response according to a client private key component; the client side private key component is a client side private key component held by a client side, and the client side private key component and a server side private key component held by a server side form the user private key together;

8. The method for authenticating an identity of an asymmetric password according to claim 7, wherein the processing result includes a client decryption parameter generated by the client according to the client private key component and the encryption result, and the authentication request includes the client decryption parameter;

performing authentication processing according to the authentication request, wherein the manner of obtaining the authentication result comprises the following steps:

decrypting the encrypted result according to the server side decryption parameter to obtain a decrypted result;

9. The method for authenticating an asymmetric password according to claim 7, wherein:

after obtaining the encryption result, before returning the identity authentication response, the method also comprises the following steps: determining a server decryption parameter based on the server private key component and the encryption result;

the identity authentication response also comprises the server side decryption parameter; the processing result comprises a decryption result obtained by decrypting the encryption result according to the client decryption parameter after the client obtains the client decryption parameter according to the client private key component and the server decryption parameter; the authentication request comprises the decryption result;

performing authentication processing according to the authentication request, wherein the manner of obtaining the authentication result comprises the following steps: and comparing the consistency of the decryption result and the first random number to obtain an identity verification result.

10. The method for authenticating an asymmetric password according to claim 7, wherein the authentication request further includes a first shared key parameter obtained by the client encrypting a second random number based on a user public key of the client digital certificate;

after obtaining the encryption result, before returning the identity authentication response, the method also comprises the following steps: encrypting a third random number based on the user public key of the client digital certificate to obtain a second shared key parameter;

the identity authentication response further comprises the second shared key parameter;

performing authentication processing according to the authentication request, wherein the manner of obtaining the authentication result comprises the following steps: and calculating to obtain a server-side shared key according to the third random number and the first shared key parameter.

11. The method for authenticating an asymmetric password according to claim 7, wherein:

after obtaining the encryption result, before returning the identity authentication response, the method also comprises the following steps: executing digital signature according to a private key corresponding to the server-side digital certificate to obtain a digital signature result;

the authentication response further comprises: the server side digital certificate and the digital signature result.

12. The method for authenticating an asymmetric password according to any one of claims 7 to 11, wherein the authentication request includes a client message digest calculated by the client for the processing result;

calculating and determining a message abstract of a server;

13. An apparatus for asymmetric password authentication, the apparatus comprising:

the response receiving module is used for receiving an identity authentication response returned by the server, wherein the identity authentication response at least comprises an encryption result obtained by encrypting a first random number by the server based on a user public key of the client digital certificate, and the user public key and a user private key form a key pair;

the response processing module is used for processing the identity authentication response according to the client private key component to obtain a processing result; the client side private key component is a client side private key component held by a client side, and the client side private key component and a server side private key component held by a server side form the user private key together;

14. An apparatus for asymmetric password authentication, the apparatus comprising:

the authentication request response module is used for encrypting the first random number based on the user public key of the client digital certificate to obtain an encryption result after verifying that the client digital certificate is valid, and returning an authentication response to the client, wherein the authentication response at least comprises the encryption result, and the user public key and a user private key form a key pair;

the authentication request receiving module is used for receiving an authentication request returned by the client based on a processing result obtained by processing the authentication response according to the private key component of the client; the client side private key component is a client side private key component held by a client side, and the client side private key component and a server side private key component held by a server side form the user private key together;

15. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 12 are implemented when the program is executed by the processor.

16. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 12.