CN101854347B - User ID authentication method and system based on quantum network - Google Patents

User ID authentication method and system based on quantum network Download PDF

Info

Publication number
CN101854347B
CN101854347B CN 201010129214 CN201010129214A CN101854347B CN 101854347 B CN101854347 B CN 101854347B CN 201010129214 CN201010129214 CN 201010129214 CN 201010129214 A CN201010129214 A CN 201010129214A CN 101854347 B CN101854347 B CN 101854347B
Authority
CN
China
Prior art keywords
user
authentication
data
code
authentication center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 201010129214
Other languages
Chinese (zh)
Other versions
CN101854347A (en
Inventor
朱律波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZHU LYUBO
Original Assignee
ZHU LYUBO
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZHU LYUBO filed Critical ZHU LYUBO
Priority to CN 201010129214 priority Critical patent/CN101854347B/en
Publication of CN101854347A publication Critical patent/CN101854347A/en
Application granted granted Critical
Publication of CN101854347B publication Critical patent/CN101854347B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Optical Communication System (AREA)

Abstract

The invention provides a user ID authentication method and system based on a quantum network, which comprises the following steps that: an authentication center issues an ID authentication card; a user sends an authentication request; a quantum communication protocol creates shared data; the user summates the shared data and calculates the bit error rate, and the authentication center selects part of the summated shared data as a polarization mode after determining that the bit error rate belongs to a preset threshold range; the authentication center sends a pseudo selection code and a correction code; the user calculates a selection code according to the pseudo selection code and the correction code so as to obtain an ID authentication code; the users mutually authenticate or the user authenticates with the authentication center; and the authentication center backups the authentication result. The user ID authentication method can effectively protect the private information of the user, and has the advantages of safety and reliability. The invention also provides a user ID authentication system based on the quantum network, which similarly can effectively protect the private information of the user, and has the advantages of safety and reliability.

Description

A kind of user ID authentication method and system based on quantum network
Technical field
The present invention relates to field of information security technology, particularly, relate to a kind of user ID authentication method based on quantum network and system.
Background technology
Along with the develop rapidly of computer and network technologies, the thing that people can realize by the Internet is more and more.Simultaneously, the information security issue in network has been subjected to the great attention of countries in the world owing to relate to a plurality of great fields such as military affairs, economy, politics.
Private information is unique important information that can prove user identity in cyberspace, ensure information security to accomplish can not leak user's private information when confirming user identity.Therefore, effectively protecting the fail safe of private information is the key that guarantees network security.At present, the safety measure taked of people mainly is to use some cryptographic algorithm to transmit after private information is encrypted again.These algorithms roughly can be divided three classes: hash function, MD5 (message-digest algorithm 5) challenge; Symmetry algorithm, fail safe are also lower and use less; Asymmetric arithmetic, PKI (Public Key Infrastructure).Nowadays, MD5 is decrypted, still has the possibility of being decoded again even add restrictive condition; In asymmetric arithmetic, RSA public key algorithm most widely used do not crack algorithm though find as yet at present, can crack by exhaustive mode (that is, getting all over all possibilities).Along with the continuous enhancing of Computing ability, it is more and more dangerous that above-mentioned cryptographic algorithm will become, if particularly the listener-in uses supercomputer or even quantum computer, these algorithms will be very fragile.In a word, the cryptographic algorithm based on computational complexity is not perfectly safe.For this reason, the technical staff proposes a series of safer quantum communications agreements, as BB84QKD, and Long-Liu 2002QKD, Ping-Pong QSDC etc., and on this basis, design a kind of quantum authentication public key method of not tangling.This method is introduced user's registration of believable authentication center CA and assistant authentification by the thought of public key cryptography infrastructure (PKI).A user A selects a PKI at random, issues private key of A by registering back CA.A issues CA after utilizing private key to the authentication message coding, and CA utilizes the secret value corresponding with PKI that the information that receives is applied the unitary operation, sends to authentication then, and authentication utilizes the identity of the public key verifications A of A.
Yet, there is following deficiency in such scheme: one, in order to guarantee the uniqueness of identity, authentication center and user must preserve user's private information, storage and checking for private information in the such scheme are all finished in computer, and computer is not safe environment, and therefore, the computing in computer of user's private information also is unsafe; They are two years old, the user is sending with quantum state in the process of information, the listener-in can intercept partial data and do not realized, and this quantum state information is to be produced by user's private key, therefore, the listener-in can steal the part private key, and the number of times of eavesdropping as the listener-in can obtain whole key information when abundant, therefore the method for above-mentioned quantum authentication public key and dangerous.
Summary of the invention
For addressing the above problem, the invention provides a kind of user ID authentication method based on quantum network, it can effectively strengthen the user in the authentication process safe, thereby avoids the leakage of user's personal information.
For addressing the above problem, the present invention also provides a kind of subscriber identity authentication system based on quantum network, and it can effectively strengthen the user equally in the authentication process safe, avoids the leakage of user's personal information.
For this reason, the invention provides a kind of user ID authentication method based on quantum network, be used for the authentication that the throughput sub-network realizes user and authentication center, it comprises the steps:
10) authentication center is made an authentication card for each user, and backs up this user's private information; 20) user sends the checking request to authentication center; 30) between authentication center and user, create a string shared data by quantum communication protocol; 40) user superposes to sharing data, and calculate the error rate of quantum channel in the shared data transmission process, after definite this error rate belonged to the preset threshold value scope, authentication center was chosen shared data after the stack of certain-length as polarization mode; 50) authentication center generates pseudo-option code and correcting code, and pseudo-option code is carried out being transferred to the user by polarization mode behind the data signature; 60) transmission course of determining pseudo-option code safety whether, and after definite transmission course safety, announce correcting code to the user; 70) user calculates option code according to pseudo-option code and correcting code, obtains authentication code according to option code again; 80) user sends to other users with self authentication code and verifies mutually, perhaps is sent to authentication center and verifies; After the end to be verified, authentication center is with user's checking result backup.
Wherein, step 40) specifically comprise: 401) authentication center selects the numerical value of k bit data and described k bit data identical in sharing data at random, informs the position of these k bit data of user in sharing data by classical channel, and wherein, k is positive integer; 402) user selects above-mentioned k bit data according to the position of these k bit data in sharing data from share data, then these k bit data is superimposed as 1 bit data according to getting most identical principles; 403) repeating step 401) and step 402) all superpose until sharing data, thereby the 1/k that stacked data adds as original length will be shared; 404) user record is in each additive process, and the number of the position different with other is last, with the sum of different positions divided by share data sum, namely obtain the error rate; 405) judge whether this error rate belongs to the preset threshold value scope, if then choose the data of certain-length as polarization mode in the shared data after stack.
Wherein, step 40) in, in the amount of calculation subchannel error rate, carry out error correction to sharing data.
Wherein, in step 50) in, authentication center generates initial selected sign indicating number and correcting code at random according to the user's who has backed up private information, then initial selected sign indicating number and correcting code is carried out XOR and obtains pseudo-option code.
Wherein, authentication card adopts a kind of USB Key, and this authentication card should satisfy one of them of following security requirement: a at least, authentication card can only be calculated the data identical with option code length; B, about the operation of private information, option code, authentication code with calculate and finish with chip piece; C, card authentication have PIN code; D, card authentication have fingerprint identification device; But the access times of e, card authentication are limited number of time.
Wherein, authentication card is stored user's private information with the form of data matrix, wherein, and the data element a in the data matrix InInterior data of storing are x i, data x iAt data element a InIn position relation Z iExpression; When reading authentication card, need be to data element a InWith data x iCarry out displacement and handle the data element a after the displacement InCorresponding data are x ' i, detailed process is as follows:
Introduce intermediate variable g i, make
Figure GSB00000966708800031
Calculate successively then:
x , 2 = x 2 ⊕ x 1 ;
x , i + 1 = x i + 1 ⊕ x , i ; g i=1;i=2,…,m-1;
x , i - 1 = x i - 1 ⊕ x , i ; gi=0;i=3,…,m;
x , 1 = x 1 ⊕ x , m ;
Check that whether all data are all by displacement, if not, then make the data x ' of not displacement i=x i
Wherein, m is the line number of data matrix, and n is the columns of data matrix.
Wherein, in step 70) in, the user calculates described authentication code according to described option code in described authentication card, and its process is as follows:
At first, calculate x ' i, i=1,2 ..., m;
Then, calculate: x Mj = x , 1 ⊕ x , 2 ⊕ · · · ⊕ x , m ; j=1,2,…,n;
Combination obtains: X ' M=x M1+ x M2+ ... + x Mn
Repeating said process obtains respectively: X ' NAnd X ' R
And then can calculate: X '=X ' M+ X ' N+ X ' R
Can obtain after the error correction:
Figure GSB00000966708800046
X is decomposed into X=M+N+R;
User's authentication code K=M+R;
Wherein, Y is error correcting code, and M is encrypted code, and N is deciphering, and R is the contrast sign indicating number.
In addition, the present invention also provides a kind of subscriber identity authentication system based on quantum network, be used for the authentication that the throughput sub-network realizes user and authentication center, it comprises: authentication center equipment, subscriber equipment, quantum channel and classical channel, wherein, quantum channel is used for carrying out the transmission of quantum information between authentication center equipment and subscriber equipment; Classical channel is used for carrying out the transmission of general data between authentication center equipment and subscriber equipment;
Authentication center equipment comprises: the authentication card generation module is used to each user to make an authentication card, and backs up this user's private information; Share data generation module, be used between authentication center and user, creating a string shared data by quantum communication protocol; Polarization mode is chosen module, is used for choosing shared data after the stack of certain-length as polarization mode; Pseudo-option code and correcting code generation module are used for generating pseudo-option code and correcting code, and pseudo-option code is carried out being transferred to the user by polarization mode behind the data signature; And after definite transmission course safety, announce correcting code to the user; The authentication center authentication module is used for according to user's authentication code this user being carried out authentication; Checking is backup module as a result, is used for backup user's checking result;
Subscriber equipment comprises: the checking request sending module is used for sending the checking request to authentication center; Share data reception module, be used for receiving the shared data from described shared data generation module; The error rate calculation module is used for superposeing to sharing data, and calculates the error rate of quantum channel in the shared data transmission process; The authentication code generation module is used for calculating option code according to pseudo-option code and correcting code, obtains authentication code according to option code again; The user side authentication module is used for exchanging authentication code with other users and verifying mutually, perhaps authentication code is sent to authentication center and verifies.
The present invention has following beneficial effect:
One, user ID authentication method provided by the present invention, between authentication center and user, create a string shared data by quantum communication protocol earlier, by the user these shared data are carried out at random k then and doubly superpose and calculate the error rate, authentication center is determining that shared data after the selected part stack under the normal situation of the error rate are used for operations such as the polarization mode of later step and correcting data error; Then, authentication center generates pseudo-option code and correcting code, and transmit pseudo-option code by the polarization mode of sharing with the user, whether announce correcting code to the user after the safety reaffirming quantum channel, the user obtains option code according to pseudo-option code and correcting code, and then obtains authentication code and finish checking.By above-mentioned proof procedure as can be known; user ID authentication method provided by the invention; all adopt the mode of quantum network communication for the transmission of significant data; and safety is with the safety of guaranteeing user profile and accurately all will to check transmission course after each transmission; thereby can in time find the listener-in, protection user's information security.
Its two, user ID authentication method provided by the present invention before transmitting pseudo-option code and correcting code to the user, is earlier set up a string shared data by quantum communication protocol; And the k that these shared data are carried out at random doubly superposes and error rate calculation, and the shared data after the safety of guaranteeing quantum channel after the selected part stack are used for polarization mode; Transmit pseudo-option code and correcting code by this polarization mode to the user then.Because it is safe being used for the polarization mode of the pseudo-option code of transmission and correcting code, this has just effectively improved efficiency of transmission and the transmission security of pseudo-option code and correcting code.
They are three years old, user ID authentication method provided by the present invention, relation between the pseudo-option code that authentication center sends to the user and correcting code and user's the private information is comparatively complicated, and the user still needs to carry out repeatedly computing in the above-mentioned pseudo-option code of acquisition and correcting code and could obtain authentication code.Therefore, proof procedure was eavesdropped, the listener-in also can't be known user's private information according to its information that obtains.And, the verification msg of determining 1 bit needs the option code of several times, and all have very high fail safe based on pseudo-option code and the correcting code of quantum channel transmission, the listener-in can only obtain very a spot of data, and in the accuracy of not knowing can't judge under the situation of polarization mode the information that obtains at all.Therefore, for user ID authentication method provided by the present invention, the listener-in can't obtain user's private information basically, thereby the personal information that guarantees the user all has very high fail safe in whole authentication process itself.
In addition, a kind of subscriber identity authentication system provided by the present invention comprises: authentication center equipment, subscriber equipment, quantum channel and classical channel.Wherein, authentication center equipment comprises: the authentication card generation module, share data generation module, and polarization mode is chosen module, and pseudo-option code and correcting code generation module, authentication center authentication module and checking be backup module as a result; Described subscriber equipment comprises: the checking request sending module, share data reception module, error rate calculation module, authentication code generation module and user side authentication module.Subscriber identity authentication system provided by the invention is in the process that user identity is verified, all adopt the mode of quantum network communication for the transmission of significant data, and the error rate of transmitting by error rate calculation module calculated data after transfer of data is to guarantee the fail safe of transmission course, thereby can in time find the listener-in, protection user's information security; And in the whole verification process, authentication center transmits to the user before pseudo-option code and the correcting code, utilizes the fail safe of quantum communications polarization mode and definite quantum channel earlier, thereby has effectively guaranteed the information safety of transmission; And the data such as pseudo-option code that proof procedure transmits need just can draw user's authorization information through complex calculations, therefore, communication process are eavesdropped, and the listener-in still can't obtain effective user profile.
In addition, another subscriber identity authentication system based on quantum network provided by the present invention, comprise: authentication center equipment, subscriber equipment, quantum channel and classical channel, and between authentication center equipment and subscriber equipment, use the user ID authentication method that the invention described above provides, and user identity is verified.Therefore, this system can prevent eavesdropping equally, effectively protects the fail safe of user's personal information.
Description of drawings
Fig. 1 is the flow chart of the user ID authentication method based on quantum network provided by the invention;
Fig. 2 is step 40 in the flow chart shown in Figure 1) detail flowchart;
Fig. 3 is the corresponding relation figure of polarization mode and pattern count;
Fig. 4 is the polarization direction and the schematic diagram of corresponding numerical value; And
Fig. 5 is the schematic flow sheet of the specific embodiment of user ID authentication method based on quantum network provided by the invention.
Embodiment
For making those skilled in the art understand technical scheme of the present invention better, below in conjunction with accompanying drawing the user ID authentication method based on quantum network provided by the invention and system are described in detail.
User ID authentication method based on quantum network provided by the present invention is used for the authentication that the throughput sub-network realizes user and authentication center.
See also Fig. 1, the user ID authentication method based on quantum network provided by the present invention comprises the steps:
Step 10), authentication center is made an authentication card for each user, and the corresponding private information of backup subscriber authentication card.This authentication card is stored user's private information with the form of data matrix, wherein, and the data element a in the data matrix InCan store (2^f) bit data, establishing its data of storing is x i, data x iAt data element a InIn position relation Z iExpression.In order to increase the fail safe of authentication card, when reading authentication card, need be to data element a InWith data x iCarry out displacement and handle the data element a after the displacement InCorresponding data are x ' i, detailed process is as follows:
Introduce intermediate variable g i, and make
Figure GSB00000966708800071
g iTruth table as shown in table 1.
Table 1. Truth table (be example with f=2)
Z i 00 01 10 11 00 01 10 11
x i 0 0 0 0 1 1 1 1
g i 0 1 1 0 1 0 0 1
Calculate successively then:
x , 2 = x 2 ⊕ x 1 ;
x , i + 1 = x i + 1 ⊕ x , i ; g i=1;i=2,…,m-1;
x , i - 1 = x i - 1 ⊕ x , i ; gi=0;i=3,…,m;
x , 1 = x 1 ⊕ x , m ;
Check that whether all data are all by displacement, if not, then make the data x ' of not displacement i=x i
Wherein, m is the line number of data matrix, and n is the columns of data matrix.
Certainly, if be not very high checking to security requirement, also can not carry out above-mentioned displacement and handle, and directly read x i
In actual applications, authentication card adopts a kind of USB Key as carrier, and this authentication card should satisfy one of them of following security requirement: a at least, authentication card can only be calculated the data identical with option code length; B, about the operation of private information, option code, authentication code etc. with calculate and finish with chip piece; C, card authentication have PIN code; D, card authentication have fingerprint identification device; But the access times of e, card authentication are limited number of time, for example should be inferior less than m^ (2^f), and here, m represents the line number of data matrix, (2^f) bit number of storing in data element of expression.
Step 20), the user sends the checking request to authentication center.
In the practical application, the user also can send an identity sequence number when sending the checking request to authentication center.
Step 30), between authentication center and user, create a string shared data by quantum communication protocol.For example, can adopt BB84 quantum communications agreement.Be that example describes with two communication party Alice1 and Bob below: 1. the side Alice that communicates by letter sends to the opposing party's Bob to a string single photon data at random, and notes these data values (that is the value of polarization mode value and the representative of signal own); 2.Bob select polarization mode that these signals are measured arbitrarily, and record its selected polarization mode and measurement result; 3.Bob by the open polarization mode of oneself selecting of classical channel, Alice is the pattern count of oneself and the pattern count of Bob relatively, remove the different signal value of pattern count, and tell with classical channel which signal Bob should remove, they have just shared one group of identical data in theory like this.Be applied to when of the present invention, communication one side Alice can be interpreted as authentication center, and the opposing party Bob that will communicate by letter be interpreted as the user.
Here, applied quantum channel is the polarization maintaining optical fibre that is specifically designed to the transmission single photon, and classical channel is exactly existing fiber optic network.Because the quantum communications transmission is accurate single photon, when the transmission signal, need use the polarisation of light pattern.As shown in Figure 3 and Figure 4, under normal conditions, be a kind of polarization mode with 0 degree and 90 degree, be another kind of polarization mode with 45 degree and 135 degree.Receiving side signal has only has determined polarization mode earlier, selects for use the detector of corresponding modes to measure signal value with 100% probability again, if polarization mode is not right, the result who measures will be equiprobable " 0 " and " 1 ".If there is the listener-in in the channel, and this listener-in and do not know the polarization mode that transmit leg is used, and his measurement behavior will change original signal, thus the error rate is increased on normal scope basis to some extent.
Step 40), the user superposes to sharing data, and calculate the error rate of quantum channel in the shared data transmission process, after definite this error rate belonged to the preset threshold value scope, authentication center was chosen polarization mode and the correcting data error that shared data after the stack of certain-length are used for later step.
See also Fig. 2, step 40) further comprise following detailed step:
Step 401), authentication center is selected the data of k bit numerical value identical (that is, all be 0 or all be 1) at random in sharing data, inform the position of these k bit data of user in sharing data by classical channel, and wherein, k is positive integer.
Step 402), the user selects the data of above-mentioned k bit according to the position of these k bit data in sharing data from share data, then these k bit data is superposeed according to getting most identical principles, finally is superimposed as the data of 1 bit.For example, the value that makes k is 8, the value of these 8 bit data all was " 1 " originally, in transmission course, owing to causing the received data of user, error code have 3bit to become " 0 ", so, the user superposes according to getting most identical principles, and this 8bit stacked data addition 1 bit is absolute the most at last " identical data " 1 ".
Step 403), repeating step 401) and step 402) all superpose until sharing data, and the most at last all shared stacked datas add as original length 1/k doubly.
Step 404), the number of user record position different with other in each additive process, last, with the sum of different positions divided by share data sum, namely obtain the error rate in the shared data transmission process.Here, the size of k value should be decided according to the error rate of every quantum channel itself, and the error rate that is calculated by the k value is the error rate of quantum channel itself and the error rate sum that listener-in's (if having the listener-in) produces.
In addition, can also be to sharing in the process that data superpose, it specifically is which has produced error code that record is shared in the data.Like this, can when calculating the error rate, carry out error correction to sharing data.
Step 405), determining step 404) whether the error rate of trying to achieve belongs to the preset threshold value scope, if then choose the data of certain-length as polarization mode in the shared data after stack; If not, illustrate that this data transfer may be eavesdropped, need carry out safety inspection to quantum channel.Here, the threshold values scope of the error rate is comprehensively determined by the error rate, the environment error rate and the detector error rate etc. of quantum channel itself.In addition, the shared data length after the selected stack should enough be used for all computational processes that later step comprise polarization mode and correcting data error etc.In the practical application, such situation can occur, that is: the error rate of whole section shared data meets the threshold value requirement, but in step 402) additive process in the BER excess of certain a bit of data.This situation might be eavesdropped due to, this moment these a bit of data all should be given up.Still with step 401) in add as example according to every 8bit stacked data, suppose that pre-set threshold is: the data that account for minority in the 8bit data can not be above 2, if and 5 " 1 " and 3 " 0 " appears when receiving these 8bit data in the user, stack result should be got " 1 ", but because the error code (that is, 3 " 0 " having occurred) in these group data is greater than 2 of threshold values, therefore, should give up this 8bit data, the 1bit data after the stack should not be used yet.
Step 50), in step 40) finish after, authentication center will generate pseudo-option code and correcting code at random, and pseudo-option code is carried out the processing of data signature, then by step 40) in selected polarization mode be transferred to the user.Particularly, authentication center generates the initial selected sign indicating number at random and calculates corresponding correcting code according to the user's that backed up private information, then initial selected sign indicating number and correcting code is carried out XOR and obtains pseudo-option code.Here, the operational example of described data signature realizes as the classical mode that can adopt Hash function and so on.
Step 60), whether the transmission course of determining pseudo-option code safety, and announce correcting code to the user after definite transmission course safety.Here, for determine transmission course whether the operation of safety be actually and in the transmission course of pseudo-option code, carry out simultaneously.Concrete, authentication center is divided into some groups with pseudo-option code, all adopt the Hash function signature to be sent to the user afterwards to each group, if the user finds that in receiving course certain group data is wrong then announce authentication center, authentication center is selected some in step 40) in shared data after the stack that obtains resend after falling these wrong data groups of substitution.Detailed process is, selecting part to share the data iteration goes in the wrong data group, fall simultaneously in the substitution polarization mode corresponding with wrong data group, disclose the position of employed shared data then to the user, the data group after the iteration is carried out being transferred to the user again after the signature operation.Each is organized pseudo-option code all adopt said process to transmit, all be transferred to the user safely, exactly up to pseudo-option code.Corresponding to the position that iteration in the pseudo-option code is shared data, authentication center will similarly fall used shared data in the correcting code of substitution relevant position.
Step 70), the user calculates option code according to pseudo-option code and the correcting code from authentication center, obtains authentication code according to option code again.Particularly, above-mentioned pseudo-option code and correcting code are carried out XOR and can obtain option code.
The length that it is pointed out that above-mentioned polarization mode, correcting code, option code and pseudo-option code should equate.
Step 80), the user sends to other users with self authentication code and verifies mutually, perhaps is sent to authentication center and verifies; After the end to be verified, authentication center is with user's checking result backup.In actual applications, it is comparatively commonly used that two users exchange the situation that authentication code verifies mutually, at this moment, in step 50) to consider two users' relevance when generating the initial selected sign indicating number, for the situation of a plurality of user's simultaneous verifications, can be considered as the combining form that per two users verify mutually and unique user is verified to authentication center.
See also Fig. 5, be the schematic flow sheet of a specific embodiment of the user ID authentication method based on quantum network provided by the present invention.In the present embodiment, be that example describes with Alice and two users of Bob and an authentication center Charlie.Among the figure, the single line arrow is represented classical channel, and double-lined arrow is represented quantum channel.
At first, authentication center Charlie is for Alice and Bob are provided with special authentication card, and backed up the private information of the two.Here, authentication center should satisfy following function and security requirement: the first, user's private information can only be kept at main authentication center place, when the branch authentication center occurring even quantum network enlarges gradually, can not be with dividing authentication center to back up user's private information; The second, choosing all of initial selected sign indicating number carried out at main authentication center, divide authentication center only to be responsible for the distribution option code, and both transfer of data also should adopt the secure communication mode such as quantum network; Three, the authentication center authentication code that can intercept the user is as required verified, communicates to prevent the name that the user uses other people.
Suppose that the data matrix in the authentication card of Alice and Bob is m * n matrix, as shown in table 2, and each data element a IjIn have the data of 2^f bit.If the selection of them sign indicating number is respectively C AAnd C B, pseudo-option code is respectively C ' AAnd C ' B, correcting code is F, and error correcting code is respectively Y AAnd Y B, Z AOr Z BIt is the part of carrying out data decimation in the option code.Be example with Alice, X ' ABe to utilize Z AThe data of the 3n bit that selects, X ' ABeing equally divided into length all is three groups of data M of n bit ' A, N ' A, R ' AWith Y ABeing divided into length all is the three part Y of n bit 1A, Y 2A, Y 3A, and respectively to M ' A, N ' A, R ' AError correction obtains M A, N AAnd R AWherein, M ABe encrypted code, N ABe deciphering, R AIt is the contrast sign indicating number.
Data matrix in table 2. authentication card
a 11 a 12 ... a 1n
a 21 a 22 ... a 2n
... ... ... ...
a m1 a m2 ... a mn
Concrete proof procedure is as follows:
At first, communication user Alice and Bob send the checking request by classical channel to authentication center C harlie respectively, and the identity sequence number of announcement oneself.
Then, between Charlie and Alice and Bob, create a string shared data respectively by the BB84 agreement, Alice and Bob superpose and calculate the error rate in the shared data transmission sharing data respectively, stop then verifying and checking whether the quantum channel between user and the authentication center is eavesdropped if be higher than threshold values; Then choose polarization mode and the correcting data error that shared data after the stack of sufficient length are used for the transfer of data of later step if be lower than threshold values.
Because in the present embodiment, authentication card is a mxn matrix, matrix element a IjIn total (2^f) bit data, and to from a matrix element, select the 1bit data to need the option code of f bit, from all matrix elements, respectively choose the option code that the 1bit data need fmn bit, and will choose the M ' of three groups of equal lengths A, N ' A, R ' A, need the option code of 3fmn bit, add 3n bit and be used for error correction, so the total length of option code should be (3fmn+3n) bit.
Accordingly, the length of polarization mode also should be (3fmn+3n) bit.In the present embodiment, the data of polarization mode can obtain like this: picked at random length is the data of 2fmn bit the shared data after above-mentioned stack earlier; Then, the 2fmn bit data of picked at random are equally divided into two parts, do XOR and obtain other fmn bit; At last, in the data of the front 6n bit from the fmn bit that XOR calculates, the value in every interval obtains remaining 3n bit.
Then, Charlie produces initial selected sign indicating number C at random according to the Alice of backup and the private information of Bob A0, C B0With correcting code F, and then generate pseudo-option code C ' AAnd C ' B, finish behind the data signature polarization mode transmission C ' by sharing respectively with Alice and Bob AAnd C ' B, and after confirming data transmission security, announce correcting code F.
Be specially, Charlie utilizes the Z of the 3fmn bit that produces at random A, Z B, from the authentication card of Alice and Bob, select X ' respectively AAnd X ' BThen with X ' AAnd X ' BBe decomposed into X ' A=M ' A+ N ' A+ R ' A, X ' B=M ' B+ N ' B+ R ' BThen, calculate Y 1 = M , A ⊕ N , B ; Y 2 = M , B ⊕ N , A ; R , A ⊕ R , B = Y 3 (Y 1, Y 2, Y 3In the position that comes to the same thing for " 0 ", different positions are " 1 ").Then, calculate Y AAnd Y B, can adopt two kinds of methods to obtain Y here AAnd Y B: 1. Y A=Y 1+ Y 2+ Y 3, Y B=∑ 0; 2. make Y=Y 1+ Y 2+ Y 3, Y ' is chosen in the position of " 1 " among the record Y in the scope of Y A(" 0 " invariant position is transformed to " 0 " to half " 1 "),
Figure GSB00000966708800135
Y ' has been given with regard to mean allocation in " 1 " among the Y like this AAnd Y ' BDecompose: Y ' A=Y 1A+ Y 2A+ Y 3A, Y ' B=Y 1B+ Y 2B+ Y 3BReorganization: Y A=Y 1A+ Y 2A+ Y 3A, Y B=Y 2B+ Y 1B+ Y 3BAfterwards, obtain initial selected sign indicating number C A0=Z A+ Y A, C B0=Z B+ Y BProduce correcting code F at random, obtain pseudo-option code C , A = C A 0 ⊕ F With C , B = C B 0 ⊕ F .
Afterwards, Alice and Bob are according to the pseudo-option code C from Charlie A, C BWith correcting code F, calculate option code respectively C A = C , A 0 ⊕ F , C B = C , B 0 ⊕ F , Then with C AAnd C BSubstitution authentication card separately is to calculate authentication code K AAnd K B
The user calculates authentication code according to option code in authentication card detailed process is as follows:
At first, to data element a InWith data x iCarry out displacement and handle, calculate x ' iI=1,2 ..., m;
Introduce intermediate variable g i, and make
Figure GSB000009667088001310
Calculate:
x , 2 = x 2 ⊕ x 1 ;
x , i + 1 = x i + 1 ⊕ x , i ; g i=1;i=2,…,m-1;
x , i - 1 = x i - 1 ⊕ x , i ; gi=0;i=3,…,m;
x , 1 = x 1 ⊕ x , m ;
Check that whether all data are all by displacement, if not, then make the data x ' of not displacement i=x iWhen calculating all x ' iAfterwards, calculate successively:
x Mj = x , 1 ⊕ x , 2 ⊕ · · · ⊕ x , m ; j=1,2,…,n;
X’ M=x M1+x M2+…+x Mn
X’ N=x N1+x N2+…+x Nn
X’ R=x R1+x R2+…+x Rn
X’=X’ M+X’ N+X’ R
X = X , ⊕ Y ;
X A=M A+N A+R A
X B=M B+N B+R B
So the authentication code that obtains Alice is The authentication code of Bob is K B = R B ⊕ M B .
At last, Alice and Bob select suitable transmission means (classical channel or quantum channel) to exchange authentication code according to actual needs, and checking the other side's identifying code K BAnd K A, to examine the other side's identity and announce the authentication center verification result, authentication center can be checking result backup.Concrete, if Alice is with K BObtain after importing oneself authentication card N A=R A, Bob is with K simultaneously AObtain after importing oneself authentication card Then the identity of the two obtains confirming.
It is pointed out that user ID authentication method provided by the present invention, every process that relates to quantum information transmission all is attended by the operation of the amount of calculation subchannel error rate.When the error rate that calculates was higher than preset threshold value, authentication center can stop checking as required, and checked quantum channel to determine whether to exist the listener-in, perhaps created again and shared data to re-execute verification operation.
In sum, user ID authentication method provided by the present invention, in whole verification process, all adopt the mode of quantum network communication for the transmission of significant data, and the information to each quantum communications is all calculated the error rate, and just proceeds the step of back when determining that the error rate is within default error rate scope; And in case find that the error rate is too high, then take corresponding measure or stop proof procedure and quantum channel is carried out fail safe detect.So just can in time find the listener-in, thereby effectively guarantee the fail safe of user's private information.Moreover, quantum channel was eavesdropped, the listener-in can not steal all information as ordinary optic fibre communication, but can only acquisition unit divide quantum information, and the listener-in can't judge the correctness of resultant information, therefore, under the not high situation of security requirement, still can continue verification operation.In addition, user ID authentication method provided by the present invention, can directly not transmit user's private information between authentication center and the user, the information that transmits just has necessarily with user's private information and contacts, the calculating and the processing procedure that relate to user's private information are all carried out in user's authentication card, and the verification msg that will obtain 1 bit need obtain the option code of a plurality of bits, this shows that user's personal information all has higher fail safe in whole authentication process itself.
It is to be noted, user ID authentication method provided by the present invention, except above-mentioned embodiment illustrated in fig. 5 in to two users by the mutual identity verification of authentication center, also can be used for the checking between unique user and the authentication center, and the checking that is used for a plurality of users.For example, when having only a user Alice to want checking by authentication center, its verification mode and embodiment illustrated in fig. 5 similar.At this moment, Charlie can be regarded as another user Bob, Charlie transmits Z to Alice respectively AAnd Y A, wherein make Y A=∑ 0, thus C obtained A=Z A+ Y A, Alice will again Sending Charlie to confirms.Certainly, can also allow Charlie confirm K ACorrectness after, the same authentication code of announcing oneself
Figure GSB00000966708800152
Figure GSB00000966708800153
Whether like this, Alice also can verify the identity of Charlie, pretended to be with the identity of confirming authentication center Charlie.And for the situation that a plurality of users ask authentication simultaneously, can namely, allow authentication center that each user is verified one by one with reference to the mode of a user rs authentication; Also a user's verification mode and the mode of two mutual checkings of user can be combined for a plurality of user's simultaneous verifications, namely, make any two among a part of user to make up and checking mutually, each among another part user all direct and authentication center is verified.Or, allow each user can both independently verify any one other user's identity, authentication center is distributed in user's the option code comprises more information, so that the user selects proprietary authorization information from the authentication card of self, the process that detailed process and above-mentioned two users verify mutually is similar.
As another kind of technical scheme, the present invention also provides a kind of subscriber identity authentication system based on quantum network, be used for the authentication that the throughput sub-network realizes user and authentication center, this system comprises: authentication center equipment, subscriber equipment, quantum channel and classical channel.
Wherein, quantum channel is used for carrying out the transmission of quantum information between authentication center equipment and subscriber equipment; Classical channel is used for carrying out the transmission of general data between authentication center equipment and subscriber equipment.
Authentication center equipment comprises: the authentication card generation module is used to each user to make an authentication card, and backs up this user's private information; Share data generation module, be used between authentication center and user, creating a string shared data by quantum communication protocol; Polarization mode is chosen module, is used for choosing shared data after the stack of certain-length as polarization mode; Pseudo-option code and correcting code generation module are used for generating pseudo-option code and correcting code, and pseudo-option code is carried out being transferred to the user by polarization mode behind the data signature; And after definite transmission course safety, announce correcting code to the user; The authentication center authentication module is used for according to user's authentication code this user being carried out authentication; Checking is backup module as a result, is used for backup user's checking result.
Subscriber equipment comprises: the checking request sending module is used for sending the checking request to authentication center; Share data reception module, be used for receiving the shared data from described shared data generation module; The error rate calculation module is used for superposeing to sharing data, and calculates the error rate of quantum channel in the shared data transmission process; The authentication code generation module is used for calculating option code according to pseudo-option code and correcting code, obtains authentication code according to option code again; The user side authentication module sends to other users for the authentication code with user self and verifies mutually, perhaps is sent to authentication center and verifies.
In addition, the present invention also provides a kind of subscriber identity authentication system based on quantum network, be used for the authentication that the throughput sub-network realizes user and authentication center, it comprises: authentication center equipment, subscriber equipment, quantum channel and classical channel, and between authentication center equipment and subscriber equipment, use the user ID authentication method that the invention described above provides, and user identity is verified.
Subscriber identity authentication system based on quantum network provided by the present invention, similar with the user ID authentication method based on quantum network that the invention described above provides, and have the advantage similar with said method, do not repeat them here.
Be understandable that above execution mode only is the illustrative embodiments that adopts for principle of the present invention is described, yet the present invention is not limited thereto.For those skilled in the art, without departing from the spirit and substance in the present invention, can make various modification and improvement, these modification and improvement also are considered as protection scope of the present invention.

Claims (9)

1. the user ID authentication method based on quantum network is used for the authentication that the throughput sub-network realizes user and authentication center, it is characterized in that, comprises the steps:
10) authentication center is made an authentication card for each user, and backs up this user's private information;
20) user sends the checking request to authentication center;
30) between authentication center and user, create a string shared data by quantum communication protocol;
40) user superposes to sharing data, and calculate the error rate of quantum channel in the shared data transmission process, after definite this error rate belongs to the preset threshold value scope, authentication center is chosen shared data after the stack of certain-length as polarization mode, wherein, the step that calculates the error rate of quantum channel in the shared data transmission process comprises: 401) authentication center selects the numerical value of k bit data and described k bit data identical in described shared data at random, inform the position of these k bit data of user in sharing data by classical channel, wherein, k is positive integer, 402) user is according to the position of these k bit data in sharing data, from share data, select above-mentioned k bit data, then these k bit data are superimposed as the 1bit data according to getting most identical principles, 403) repeating step 401) and step 402) until described shared data are all superposeed, thereby described shared stacked data is added as the 1/k of original length, and 404) number of user record position different with other in each additive process, at last, with the sum of the different positions sum divided by the position of sharing data, namely obtain the error rate;
50) authentication center generates pseudo-option code and correcting code, and described pseudo-option code is carried out being transferred to the user by described polarization mode behind the data signature;
60) transmission course of determining pseudo-option code safety whether, and after definite transmission course safety, announce correcting code to the user;
70) user calculates option code according to described pseudo-option code and correcting code, obtains authentication code according to described option code again;
80) user sends to other users with self authentication code and verifies mutually, perhaps is sent to authentication center and verifies; After the end to be verified, authentication center is with user's checking result backup.
2. the user ID authentication method based on quantum network according to claim 1 is characterized in that step 40) further comprise:
405) judge whether this error rate belongs to the preset threshold value scope, if then choose the data of certain-length as polarization mode in the shared data after stack.
3. the user ID authentication method based on quantum network according to claim 1 is characterized in that step 40) in, in the amount of calculation subchannel error rate, carry out error correction to sharing data.
4. the user ID authentication method based on quantum network according to claim 1 is characterized in that, the length of polarization mode and the equal in length of described option code.
5. the user ID authentication method based on quantum network according to claim 1, it is characterized in that, in described step 50) in, authentication center generates initial selected sign indicating number and correcting code at random according to the user's that backed up private information, then described initial selected sign indicating number and correcting code is carried out XOR and obtains described pseudo-option code.
6. the user ID authentication method based on quantum network according to claim 1 is characterized in that, described authentication card adopts a kind of USB Key, and this authentication card should satisfy one of them of following security requirement at least:
A, authentication card can only be calculated the data identical with option code length;
B, about the operation of private information, option code, authentication code with calculate and finish with chip piece;
C, card authentication have PIN code;
D, card authentication have fingerprint identification device;
But the access times of e, card authentication are limited number of time.
7. the user ID authentication method based on quantum network according to claim 1 is characterized in that, described authentication card is stored user's private information with the form of data matrix, wherein, and the data element a in the described data matrix InInterior data of storing are x i, data x iAt data element a InIn position relation Z iExpression;
When reading described authentication card, need be to data element a InWith data x iCarry out displacement and handle the data element a after the displacement InCorresponding data are x ' i, detailed process is as follows:
Introduce intermediate variable g i, make
Figure FSB00001087429700031
Calculate successively then:
x , 2 = x 2 ⊕ x 1 ;
x , i + 1 = x i + 1 ⊕ x , i ; g i=1;i=2,…,m-1;
x , i - 1 = x i - 1 ⊕ x , i ; gi=0;i=3,…,m;
x , 1 = x 1 ⊕ x , m ;
Check that whether all data are all by displacement, if not, then make the data x ' of not displacement i=x i
Wherein, m is the line number of data matrix, and n is the columns of data matrix.
8. the user ID authentication method based on quantum network according to claim 7 is characterized in that, in step 70) in, the user calculates described authentication code according to described option code in described authentication card, and its process is as follows:
At first, calculate x ' i, i=1,2 ..., m;
Then, calculate: x Mj = x , 1 ⊕ x , 2 ⊕ · · · ⊕ x , m ; j=1,2,…,n;
Combination obtains: X ' M=x M1+ x M2+ ... + x Mn
Repeating said process obtains respectively: X ' NAnd X ' R
And then can calculate: X '=X ' M+ X ' N+ X ' R
Can obtain after the error correction:
Figure FSB00001087429700037
X is decomposed into X=M+N+R;
User's authentication code K=M+R;
Wherein, Y is error correcting code, and M is encrypted code, and N is deciphering, and R is the contrast sign indicating number.
9. the subscriber identity authentication system based on quantum network is used for the authentication that the throughput sub-network realizes user and authentication center, it is characterized in that, comprising: authentication center equipment, subscriber equipment, quantum channel and classical channel,
Wherein, described quantum channel is used for carrying out the transmission of quantum information between authentication center equipment and subscriber equipment;
Described classical channel is used for carrying out the transmission of general data between authentication center equipment and subscriber equipment;
Described authentication center equipment comprises:
The authentication card generation module is used to each user to make an authentication card, and backs up this user's private information;
Share data generation module, be used between authentication center and user, creating a string shared data by quantum communication protocol;
Polarization mode is chosen module, is used for choosing shared data after the stack of certain-length as polarization mode;
Pseudo-option code and correcting code generation module are used for generating pseudo-option code and correcting code, and described pseudo-option code is carried out being transferred to the user by described polarization mode behind the data signature; And after definite transmission course safety, announce correcting code to the user;
The authentication center authentication module is used for according to user's authentication code this user being carried out authentication;
Checking is backup module as a result, is used for backup user's checking result;
Described subscriber equipment comprises:
The checking request sending module is used for sending the checking request to authentication center;
Share data reception module, be used for receiving the shared data from described shared data generation module;
The error rate calculation module, be used for superposeing to sharing data, and calculate the error rate of quantum channel in the shared data transmission process, wherein, obtain the error rate in the following manner: authentication center selects the numerical value of k bit data and described k bit data identical in described shared data at random, inform the position of these k bit data of user in sharing data by classical channel, wherein, k is positive integer, the user is according to the position of these k bit data in sharing data, from share data, select above-mentioned k bit data, then these k bit data are superimposed as the 1bit data according to getting most identical principles, repeat above-mentioned steps then, until described shared data are all superposeed, thereby described shared stacked data is added as the 1/k of original length, the number of user record position different with other in each additive process then, at last, with the sum of the different positions sum divided by the position of sharing data, namely obtain the error rate;
The authentication code generation module is used for calculating option code according to described pseudo-option code and correcting code, obtains authentication code according to described option code again;
The user side authentication module is used for exchanging authentication code with other users and verifying mutually, perhaps authentication code is sent to authentication center and verifies.
CN 201010129214 2010-03-17 2010-03-17 User ID authentication method and system based on quantum network Expired - Fee Related CN101854347B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201010129214 CN101854347B (en) 2010-03-17 2010-03-17 User ID authentication method and system based on quantum network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201010129214 CN101854347B (en) 2010-03-17 2010-03-17 User ID authentication method and system based on quantum network

Publications (2)

Publication Number Publication Date
CN101854347A CN101854347A (en) 2010-10-06
CN101854347B true CN101854347B (en) 2013-08-07

Family

ID=42805617

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201010129214 Expired - Fee Related CN101854347B (en) 2010-03-17 2010-03-17 User ID authentication method and system based on quantum network

Country Status (1)

Country Link
CN (1) CN101854347B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102946313B (en) * 2012-10-08 2016-04-06 北京邮电大学 A kind of user authentication model for quantum key distribution network and method
CN103117849B (en) * 2013-02-04 2016-01-20 南京信息工程大学 A kind of in many ways privately owned comparative approach based on quantum mechanical
CN109194421B (en) * 2018-08-21 2020-08-28 浙江大学 Security coding method based on limited long polarization code under Gaussian eavesdropping channel
CN109194469B (en) * 2018-09-04 2020-12-18 中南大学 Fingerprint authentication method based on continuous variable quantum key distribution
CN108965344B (en) * 2018-09-30 2020-12-08 国网江苏省电力有限公司南京供电分公司 System and method for safe backup of remote data
CN114710204B (en) * 2022-03-24 2023-07-07 中山大学 Single-polarization coherent detection system and method for avoiding polarization fading

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1458749A (en) * 2002-05-15 2003-11-26 深圳市中兴通讯股份有限公司 Safe quantum communication method
CN1564510A (en) * 2004-03-18 2005-01-12 上海交通大学 Quantum status authentication system based on polarization modulation

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5288087B2 (en) * 2007-06-11 2013-09-11 日本電気株式会社 Encryption key management method and apparatus in a secret communication network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1458749A (en) * 2002-05-15 2003-11-26 深圳市中兴通讯股份有限公司 Safe quantum communication method
CN1564510A (en) * 2004-03-18 2005-01-12 上海交通大学 Quantum status authentication system based on polarization modulation

Also Published As

Publication number Publication date
CN101854347A (en) 2010-10-06

Similar Documents

Publication Publication Date Title
TWI822693B (en) Computer-implemented method of generating a threshold vault
CN105939191B (en) The client secure De-weight method of ciphertext data in a kind of cloud storage
CN102904726B (en) Classical channel message authentication method and device for quantum key distribution system
US9887976B2 (en) Multi-factor authentication using quantum communication
KR101314210B1 (en) A method of User-authenticated Quantum Key Distribution
CN104412538B (en) Secure communication
CN101854347B (en) User ID authentication method and system based on quantum network
Yang et al. Arbitrated quantum signature of classical messages against collective amplitude damping noise
CN101296075B (en) Identity authentication system based on elliptic curve
Cortese et al. Efficient and practical authentication of PUF-based RFID tags in supply chains
CN102916806A (en) Cryptographic key distribution system
US10756889B2 (en) Certificated quantum cryptography system and method
JP2020530726A (en) NFC tag authentication to remote servers with applications that protect supply chain asset management
US10958439B2 (en) Apparatus and method for reliable quantum signature
US9635003B1 (en) Method of validating a private-public key pair
CN103684772A (en) Dynamic deficiency encryption system
GB2542751A (en) Future position commitment
Yu-Guang et al. Scalable arbitrated quantum signature of classical messages with multi-signers
CN106899413A (en) Digital signature authentication method and system
CN110855667A (en) Block chain encryption method, device and system
JP2014515125A (en) Method, computer program, and apparatus for data encryption
EP3309995B1 (en) Key exchange method, key exchange system, key distribution device, communication device, and program
Liu et al. A novel quantum voting scheme based on BB84-state
JP2007116216A (en) Quantum authentication method and system
CN101296077B (en) Identity authentication system based on bus type topological structure

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130807

Termination date: 20180317