GB/T 34953.1-2017 English PDF (GBT34953.1-2017)
GB/T 34953.1-2017 English PDF (GBT34953.1-2017)
GB/T 34953.1-2017: Information technology -- Security techniques -- Anonymous entity authentication -- Part 1: General
Information technology - Security techniques - Anonymous entity authentication - Part 1.General ICS 35.040
National Standards of People's Republic of China
Information technology security technology anonymous entity authentication Part 1.General
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Issued by China National Standardization Administration
Table of contents
1 Scope 1
2 Terms and definitions 1
3 Symbols and abbreviations 3
4 Anonymous entity identification model 3
5 General requirements and restrictions 4
6 Anonymous management 4
GB/T 34953 "Information Technology Security Technology Anonymous Entity Identification" is divided into four parts. ---Part 1.General Provisions;
---Part 2.Mechanism based on group public key signature;
---Part 3.Mechanism based on blind signature;
---Part 4.Mechanism based on weak secrets.
This part is Part 1 of GB/T 34953.
This section was drafted in accordance with the rules given in GB/T 1.1-2009. The translation method used in this part is equivalent to the ISO /IEC.20009-1.2013 "Information Technology Security Technology Anonymous Entity Authentication No. 1 Part. General Provisions.
Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents. This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). Drafting organizations of this section. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd., National Engineering Laboratory of Wireless Network Security Technology, WAPI Industry Alliance, Chongqing University of Posts and Telecommunications, Commercial Cryptographic Testing Center of State Cryptography Administration, Testing Center of National Radio Monitoring Center, China National Institute of Electronic Technology Standardization, Tianjin Radio Monitoring Station, Peking University Shenzhen Graduate School, Chinese People’s Liberation Army Information Security Survey Evaluation and Certification Center, Beijing Institute of Computer Technology and Application, Fujian Radio Monitoring Station, National Information Technology Security Research Center, Beijing Digital Word Certification Co., Ltd., Shanghai Research Institute of China Telecom Co., Ltd., Broadband Wireless IP Standard Working Group of the Ministry of Industry and Information Technology. The main drafters of this section. Du Zhiqiang, Cao Jun, Long Zhaohua, Huang Zhenhai, Li Dawei, Song Qizhu, Li Qin, Zhang Lulu, Li Ming, Tie Manxia, Zhang Bianling, Xu Yuna, Li Nan, Zhu Yuesheng, Li Guangsen, Yan Xiang, Zhang Guoqiang, Tong Weigang, Wan Hongtao, Wang Yuehui, Gao Delong, Zhu Zhengmei, Chen Zhiyu, Ge Peiqin, Hou Pengliang, Xu Fuming, Gao Bo, Zheng Li.
Verifying the legitimacy of communication participants is one of the most important cryptographic services. There are multiple encryption mechanisms to support this service, for example, The entity authentication mechanism specified by ISO /IEC 9798 and the digital signature mechanism specified by ISO /IEC 9796 and ISO /IEC 14888. Anonymous authentication communication includes hiding the identity of the authenticated entity from the correspondent and/or third party, while retaining the ability to enable the verifier to determine its identity. The communication peer is a legal attribute. An anonymous entity authentication mechanism is designed to support these anonymous communications. This mechanism is defined as inter-entity The exchange of information, when needed, these exchanges will involve a trusted third party. In the anonymous entity authentication mechanism, the authenticated entity (the claimant) provides evidence to the verifier, which proves that the claimant knows the secret and does not It will disclose the identity of the claimant to any unauthorized entity, that is, through the complete information exchanged between the claimant and the verifier, the The right entity cannot discover the identity of the entity to be verified (that is, the claimant). At the same time, the verifier can have certain attributes of the claimant (such as scheduled Group membership) to ensure the authenticity of the claimant. However, even an authorized verifier cannot be authorized to obtain The identity of other entities. The anonymous entity authentication mechanism allows the authorized party to perform the opening process, which enables the authorized party to obtain the generated signature. The identity of the entity of the name. The mechanism that allows it to be opened is called the partial anonymous entity authentication mechanism. Anonymous entity authentication can be applied in many scenarios, such as e-commerce, e-voting, and e-identity (e.g., e-driving license, e-health Certificates and e-passports), social networks, mobile payments, and trusted computing. In many such services, the customer’s personally identifiable information (PII) is disclosed to the service provider as part of the authentication process. As a result, service providers may use PII for other purposes, But not necessarily interested in PII itself. One way to restrict service providers from obtaining PII is to use an anonymous authentication mechanism. Anonymous entity authentication See ISO /IEC 29191 Appendix A for other use cases.
GB/T 34953 is composed of multiple parts, which respectively stipulate the general model and mechanism of anonymous entity authentication. This part mainly stipulates the secret The model of name entity authentication, the details of the anonymous entity authentication mechanism and the authentication interaction message are not within the scope of this part, and will be carried out by other parts specification.
Information technology security technology anonymous entity authentication Part 1.General
This part of GB/T 34953 specifies the model, requirements and agreement of an anonymous entity authentication mechanism used to verify the legitimacy of an entity. Bundle condition.
2 Terms and definitions
The following terms and definitions apply to this document.
An unauthorized entity can determine the probability of the true signer from a given signature. Note. The anonymity strength of n means that the probability that an unauthorized entity can correctly guess the real signer from a signature is 1/n. [ISO /IEC.20008-1.2013]
Anonymous entity authentication
Prove that an entity has certain properties, but not distinguish the entity from other entities that have the same properties come out.
Anonymous digital signature
It can be verified using a group public key or multiple public keys, and it is not chased by unauthorized entities including the verifier of the signature. The signature of the distinguishable identifier traced to the signer.
A data item randomly selected by the verifier and sent to the claimant, and the claimant uses this data item together with the secret information it possesses to generate it to The verifier's response.
[ISO /IEC 9798-1.2010]
4 Anonymous entity identification model
Figure 1 Anonymous entity identification model
Figure 1 shows the general model of the anonymous entity authentication mechanism. The entity and message interaction in this model is not for all authentication mechanisms. Both are required.
For the anonymous entity authentication mechanism described in other parts of GB/T 34953, such as one-way anonymous authentication, entity A is used as the claim Party, entity B is the verifier. In the two-way anonymous authentication mechanism, entity A and entity B simultaneously assume the roles of claimant and verifier. In the one-way anonymous two-way authentication mechanism, entity A and entity B assume the roles of claimant and verifier at the same time. The difference is that the authentication mechanism It is anonymous in one direction and non-anonymous in the other direction (for example, A verifies the valid identity of B, and B only verifies that A belongs to one Member of a predefined entity group.)
The role of TTP depends on the type of mechanism that uses it. Some mechanisms may not use trusted third parties. As an option, TTP Can participate in the authentication process in an offline manner, for example, before using a mechanism, provide one or both of A and B for authentication Information to support the use of this mechanism. As an optional third party, TTP may actively pass and identify one of the entities or The two parties exchange information to participate in the authentication mechanism. TTP may also participate in the opening process or linking process. If TTP participates, no matter Online or offline, both parties participating in the anonymous authentication mechanism must trust it. In order to achieve the purpose of anonymous entity identification, entities generate and exchange standardized messages, which are called tokens. One-way anonymous authentication At least one token needs to be exchanged, and at least two tokens need to be exchanged for two-way anonymous authentication. If a challenge must be used to initiate an anonymous entity authentication Otherwise, additional message interaction may be required. If a trusted third party participates in authentication, additional message interaction may also be required. In Figure 1, the arrows indicate the potential flow of information. Entity A and Entity B can interact directly, or they can use trusted third parties respectively. Information issued by the party.
The anonymous entity authentication mechanism is composed of a message exchange, and the verifier is based on the certain attributes (such as predefined (Group membership) as evidence to identify the authenticity of the claimant. The evidence is obtained by examining secret information that only real entities can possess. Obtained after changing the line password. In addition, some mechanisms also allow the claimant to indicate to the verifier that it possesses in addition to being owned by a truly authorized entity. Some attributes other than some attributes.
The specific details of the GB/T 34953 anonymous entity authentication mechanism will be regulated in the subsequent part. 5 General requirements and restrictions
In order for one entity (i.e. verifier) to anonymously identify another entity (i.e. claimant), both the claimant and the verifier should use Use a public collection of cryptographic techniques and parameters.
In the process of using the key, the value of all time-varying parameters cannot be repeated (such as timestamp, sequence number, and random number), or at least pressure The inverted probability will not repeat.
Assume that in the process of using the anonymous entity authentication mechanism, both entity A and entity B know the state that each other claims, that is, the sound Which group member the claimant is claiming, and whether the claimant’s additional characteristics are proven to be correct. The claimed state can be from two The interactive information of each entity (including the data string generated by the cryptographic operation) is obtained, or is derived from the environment used by the mechanism. The authenticity of the claimant's identity is only verified when the anonymous entity authenticates the message exchange. To ensure that the claimant and verifier subsequently interact The authenticity of the data, the information exchange process of the anonymous entity authentication mechanism should be carried out by means of secure communication (such as the use of digital signatures or Information authentication code to ensure the integrity of communication data, the key, public key/private key pair used are all generated from the anonymous entity authentication mechanism). If partial anonymous authentication is required, the claimant must provide sufficient data during the authentication exchange process to ensure subsequent authorization. The body performs the opening process.
6 Anonymous management
The anonymity of an entity is determined by the characteristics of the anonymous entity authentication mechanism it uses and the environment in which the mechanism is used. For example, such as If the entity has a property obtained from its use environment and the property is owned by only two entities, the degree of anonymity owned by the entity Is extremely limited. This gives rise to the concept of anonymity strength, which is used to represent the size of the collection to which an entity belongs. In the above example, a The anonymity strength of an entity with a unique attribute is 2.
In some cases, a mechanism can be used to revoke the anonymity of entities participating in an anonymous authentication session, and this revocation can be complete. Full or partial. Linking and opening are two specific measures to reduce anonymity. Linking is a process. Body execution. Through the linking process, two or more anonymous entity authentication entities will be proved to be performed by the same entity, which is obvious Reduced anonymity. The opening process is executed by an authorized entity called the opening party, which can obtain a specific anonymous authentication mechanism instance The identity of the participant, which shows that the anonymity of the entity has completely disappeared, at least for the opening party. What needs special explanation is, Not all mechanisms need to support linking and opening. An anonymous entity authentication mechanism that allows authorized entities to open is called partial hidden Name authentication mechanism. An anonymous entity authentication mechanism that allows an authorized entity to open but the opener does not have the link capability is called partial hidden Name, partly unlinkable authentication mechanism.