CN115834033A - Dynamic password authentication system based on quantum key - Google Patents
Dynamic password authentication system based on quantum key Download PDFInfo
- Publication number
- CN115834033A CN115834033A CN202211289429.8A CN202211289429A CN115834033A CN 115834033 A CN115834033 A CN 115834033A CN 202211289429 A CN202211289429 A CN 202211289429A CN 115834033 A CN115834033 A CN 115834033A
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- key
- password authentication
- authentication
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a dynamic password authentication system based on a quantum key, which comprises an external service layer, an internal logic layer and a basic function layer; the external pair service layer provides a service interface for Quantum Key Distribution (QKD), an application system and management, the internal logic layer aims at specific business or management logic processing of the dynamic password authentication system, and the basic function layer provides necessary bottom layer support for the dynamic password authentication system. The dynamic password authentication system effectively enhances the safety of the application of the dynamic password and is beneficial to the application popularization and the test of the quantum key.
Description
Technical Field
The invention relates to the field of quantum communication, in particular to a dynamic password authentication system based on a quantum key.
Background
The common dynamic password authentication technology mainly comprises three technologies, namely, the dynamic password authentication technology based on the message, the password authentication technology based on the hardware token and the password authentication technology based on the software token. The authentication principle of the hardware token is similar to that of the software token, and the difference is that the hardware token adopts a hardware security chip to ensure the storage security of the stored authentication key information, and the software token technology is not discussed here.
Based on the dynamic password of the message, firstly, a user registers and fills in data in a server system to provide a third-party communication tool number or an account (such as a mobile phone, an email and the like); when a user logs in the system, clicking a button for acquiring the verification code, generating a random password in the system in the cache by the background through the preset setting, and then calling a third-party communication interface to send the password to the user; the user receives the password from the third-party communication tool and submits the password to the server to be used as a login authentication certificate; the server-side passes comparison or algorithm support (such as using digest comparison) to confirm the consistency of the user password and the cached password, and finally confirm the user validity.
Based on the dynamic password of the token, firstly, a seed key is generated on the dynamic token and the dynamic password authentication server through a set of security scheme, so that the two parties can achieve the purpose of sharing the key. The client side calculates a dynamic password by using a seed key, a time value, an event count and challenge information of the dynamic token side during authentication; the server side uses the corresponding seeds, the similar time values, the same event counts and the same challenge information to calculate the password through the same algorithm, and finally identity validity is confirmed through password character comparison.
The random number in the message dynamic password technology is the user password, and the generation method is a safety key. The hardware physical random sequence of the true random number is a random sequence generated by objective methods such as thermal noise, and the actual physical noise is often limited by factors such as temperature, power supply, circuit characteristics, and the like. The objective environment is external and real, and an attacker can simulate or interfere with environmental information to reproduce and control the generation of random numbers, so that certain safety risk exists. 2.
Another security critical factor is how securely the generated password is delivered to the user's hand. The current authentication scheme is distributed by the server to the third party communication application service, and the third party application service forwards to the user end user and then sends back to the server for authentication, thereby forming a delivery loop. In fact, a server side often runs in a very safe production area, and a third-party communication application service is a public network application such as telecommunication or the internet, so that a layer-by-layer channel needs to be opened for the communication application in the production area to access the communication application in place, and the deployment mode not only increases the complexity, but also has certain potential safety hazard.
Dynamic token production is typically a batch generation of seed files by an application issuer and packaging of the seed files for production by a dynamic vendor. In the process of transmission, the seed file key is protected by using the manufacturer key, so that a certain safety effect is achieved, but the transmission link and the process are complex, and the risk of data stealing may exist in the middle. In addition, because the seed file is in batch and large data volume, the method for protecting the large number by adopting the fixed key has the possibility of being cracked by statistics.
Disclosure of Invention
In order to solve the above problems, the present invention provides a dynamic password authentication system based on a quantum key. In one embodiment, a dynamic password authentication system based on a quantum key is provided, and comprises an external service layer, an internal logic layer and a basic function layer; the external pair service layer provides a service interface for Quantum Key Distribution (QKD), an application system and management and serves as a window for communication and processing between the dynamic password authentication system and the outside; the internal logic layer aims at specific service or management logic processing of the dynamic password authentication system, the running environment of the internal logic layer cannot be directly accessed by an external interface, and the basic function layer provides basic function support of data access and safety processing for the internal logic layer; and the basic function layer provides necessary bottom layer support for the dynamic password authentication system and comprises basic components for providing data storage and safe operation.
In one embodiment, the external service layer comprises a quantum key interface module, a dynamic password authentication interface module and a management service interface module; the internal logic layer comprises a temporary password management module, a seed key management module, an encryption and authentication module and a system configuration module; and the basic function layer comprises a dynamic password cache pool, a token seed key library, a safe operation component and a system configuration library.
In one embodiment, the quantum key interface module is responsible for communication with a quantum key distribution device of a quantum network, adapts to different quantum key sub-devices and protocols, and obtains a quantum key from a quantum key system according to quantum key configuration, where the obtained key is stored in a dynamic password cache pool as a message password or stored in a token key repository as a seed key by the internal logic layer.
In one embodiment, the dynamic password authentication interface module is responsible for receiving and parsing dynamic password authentication requests of the application system.
In one embodiment, the management service interface module provides an administration portal through which an administrator performs dynamic password service configuration and system administration configuration.
In one embodiment, the temporary password management module processes a message-type dynamic password, receives a secret key acquired from the quantum secret key interface module as a dynamic password, stores the dynamic password as a dynamic password, caches the dynamic password in the dynamic password buffer pool according to specific service configuration, receives an authentication message of the dynamic password authentication module, and completes dynamic password authentication processing with the assistance of the authentication module.
In one embodiment, the seed key management module processes a token type dynamic password, receives a key acquired from the quantum key interface module as a seed key and securely stores the seed key in a token seed key library with the aid of an encryption and authentication module, receives an authentication message from the dynamic password authentication module, and completes dynamic password authentication processing with the aid of the encryption and authentication module.
In one embodiment, the encryption and authentication module processes encryption and dynamic password authentication functions, and the security of the encryption and authentication module is guaranteed by the secure operation component.
In one embodiment, the system configuration module processes the configuration requirements of the management interface module, and provides dynamic token service configuration management and system configuration management functions; and simultaneously, the access reading service of the configuration information is provided for the modules at the same layer.
In one embodiment, the dynamic password cache pool is used for temporarily storing the message type dynamic password, and the dynamic password is automatically cleared from the pool when the dynamic password is verified to pass or expired and expired, and the storage time and the storage mode are configured according to the service.
In one embodiment, the token seed keystore is configured to store a dynamic token seed key that is invalidated upon token invalidation, loss of notice, or human invalidation.
In one embodiment, the secure computing component provides encryption, authentication algorithms, and secures system encryption schemes for the dynamic password authentication system.
In one embodiment, the system configuration library is a static library for holding dynamic password service configuration information and system configuration information.
The quantum random number is generated by a quantum entropy source which utilizes the spontaneous radiation phase noise based on the quantum physical principle, and the randomness source of the quantum random number is free from environmental interference and has the advantage over the conventional randomness source. The quantum key is generated based on a quantum random number, and the quantum key ensures unconditional safety of a quantum distribution process by a quantum unclonable principle and a Heisenberg inaccuracy measuring principle.
The dynamic password security is the security of the random password in the generation, distribution and use processes. How to solve the problem of sensitive information distribution is a crucial factor for implementing password unconditional security. The existing dynamic password technology uses conventional key technology, relies on the security of physical noise sources and computational complexity, and theoretically has no unconditional security. Because the computing power of the computer is continuously improved and quantum computers appear, the probability of being cracked is very high, and the potential safety hazard is greater. At present, the development of quantum random number and key distribution technology uses a quantum key distribution technical scheme, and quantum distribution replaces a conventional password or seed distribution channel, so that an effective and safer solution can be theoretically provided.
The invention provides a dynamic password authentication system based on a quantum key, which effectively enhances the safety of dynamic password application. The scheme is based on a quantum key distribution technology, keys distributed by a quantum network are used as key information (dynamic passwords and seed keys) of dynamic password authentication, and unconditional safety guarantee and dynamic password key information safety are enhanced by quantum key distribution.
The message type dynamic password in the invention directly uses the quantum key as the dynamic password, and the dynamic password is transmitted in a two-place distribution manner in the transmission network, so that the message type dynamic password is safer than the message type dynamic password generated by a center in the traditional scheme, and the message type dynamic password is transmitted by the center in a unified manner and finally returns to the center for verification.
The token type dynamic password is produced by using the quantum key as the seed key and is directly distributed to a dynamic password authentication system and a token manufacturer through a subnet, so that the security of batch quantum key leakage in production and transmission is avoided.
The system of the invention is divided into three layers, an external service layer is provided with an input/output interface of an external system or a management platform, and the system is suitable for each system data stream associated with the external service layer and checks and analyzes the data; the middle internal logic layer processes main business logic, only receives data analyzed by the external service layer and is completely isolated from an external system and a network, so that the safety of internal data processing is ensured; the lowest basic functional layer provides functional support of data storage and safe operation capability for the upper layer. The three-layer structure layer and the interlayer low coupling design can process certain functions in a targeted manner when the system function is expanded or upgraded and maintained, and other functions are not influenced; the external service layer is encapsulated to realize the quantum network and the quantum key details, so that the quantum concept is completely transparent in the internal logic layer, and the system realization complexity is reduced; the basic function layer adopts an independent safe operation component to provide safe algorithm support for the upper layer, so that the safe module is upgraded and updated, and the use flexibility is increased.
The invention provides a dynamic password authentication system based on a quantum key, which is beneficial to application, popularization and test of the quantum key. The dynamic password technology is widely applied, and the popularization of the invention leads the systems which need to use the dynamic password to have the selection of the ready dynamic password scheme based on the quantum key, thereby promoting the application of the quantum key in the traditional key application.
The abbreviations, english and key terms of the present invention are listed as follows:
QKD: quantum Key Distribution (Quantum Key Distribution), which is based on the basic principle of Quantum mechanics, ensures that a string of identical random numbers, which cannot be used as a shared Key by an attacker, can be generated between two communication parties.
The quantum communication technology comprises the following steps: quantum communication is a communication technology for performing information interaction by using a quantum state as an information carrier, which is an important branch of quantum information science, and quantum key distribution is the quantum information technology that has been put into practical use at first, and is an important direction of quantum communication. Quantum key distribution may share keys between spatially separated users in an information theoretically secure manner.
A classical network: mainstream IP networks as opposed to quantum networks.
Dynamic password: dynamic Password (Dynamic Password), also known as One-Time Password (OTP), is a security method or generates an unpredictable random number combination according to a special algorithm, each Password can be used only once, and the method is widely applied to application fields of internet banking, internet games, telecom operators, e-commerce, enterprises and the like.
Dynamic password authentication technology: the dynamic password authentication technology is a method for authenticating the identity of a user by using a dynamic password, is a very convenient technical means for enhancing the current static password authentication, and is an important two-factor authentication technology.
Challenge code: the parameters generated by the dynamic password generally provide the authentication party with service key information or random unpredictable information.
Challenge information: the parameters of dynamic password generation include current affair information and challenge random code.
Dynamic token seed: is a key element stored in the dynamic token for dynamic password generation.
Dynamic token: the dynamic token is a hardware product, and the inside of the dynamic token can safely store a seed key, perform specific algorithm operation by using the seed key and output and display the dynamic password.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of the quantum key-based dynamic password authentication system of the present invention;
FIG. 2 is a flow diagram of an administrator configuration of the dynamic password authentication system of the present invention;
FIG. 3 is a message-based dynamic password authentication system of the present invention;
FIG. 4 is a flow chart of the dynamic token pool service of the dynamic password authentication system of the present invention;
FIG. 5 is a flow chart of a message-based dynamic password specific authentication of the dynamic password authentication system of the present invention;
FIG. 6 is a flow chart of the production of the dynamic token dynamic password for the dynamic password authentication system of the present invention;
FIG. 7 is a flowchart of the authentication of the dynamic token dynamic password of the dynamic password authentication system of the present invention;
FIG. 8 is a diagram of an application architecture of the dynamic password authentication system of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the present invention will be further described with reference to the following examples, and it is obvious that the described examples are only a part of the examples of the present application, and not all examples. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. The invention is further described with reference to the following figures and examples.
As shown in FIG. 1, the dynamic password authentication system based on the quantum key of the invention is composed of an external service layer, an internal logic layer and a basic function layer. The external pair service layer provides service interfaces for quantum key distribution QKD, application system, management and the like, and is used as a window for communication and processing between the system and the outside; the internal logic layer aims at specific service or management logic processing of the system, the running environment of the internal logic layer can not be directly accessed by an external interface, and the lower layer provides basic function support such as data access, safety processing and the like for the internal logic layer; the basic functional layer provides necessary bottom layer support for the system and comprises basic components such as data storage and a safe operation part.
In one embodiment, the external service layer comprises a quantum key interface module, a dynamic password authentication interface module and a management service interface module. The quantum key interface module is responsible for communicating with quantum key distribution equipment of a quantum network, adapts to different quantum key sub-equipment and protocols, acquires a quantum key from a quantum key system according to quantum key configuration, and stores the acquired key into a dynamic password cache pool as a message password or a token key library as a seed key by an internal logic layer. And the dynamic password authentication interface module is responsible for receiving and analyzing a dynamic password authentication request of the application system. The management service interface module provides a management entrance through which an administrator performs operations such as dynamic password service configuration and system management configuration.
In one embodiment, the internal logical layer includes a provisional password management module, a seed key management module, an encryption, authentication module, and a system configuration module. The temporary password management module processes a message type dynamic password and mainly comprises two main logics, wherein firstly, a secret key acquired from a quantum secret key interface module is received as a dynamic password and stored and cached in a dynamic password buffer pool according to specific service configuration; and secondly, receiving the authentication information of the dynamic password authentication module, and completing the dynamic password authentication processing with the assistance of the authentication module. The system comprises a seed key management module, a token type dynamic password processing module and a token type dynamic password processing module, wherein the seed key management module is used for processing a token type dynamic password and mainly comprises two main logics, namely, receiving a key acquired from a quantum key interface module as a seed key and safely storing the seed key into a token seed key library with the assistance of an encryption and authentication module; and secondly, receiving the authentication information of the dynamic password authentication module, and completing the dynamic password authentication processing under the assistance of the encryption and authentication module. And the encryption and authentication module processes encryption and dynamic password authentication functions, and the security of the encryption and authentication module is ensured by the security operation part. The system configuration module processes the configuration requirement of the management interface module and provides the functions of dynamic token service configuration management and system configuration management; and simultaneously, the access reading service of the configuration information is provided for the modules at the same layer.
In one embodiment, the basic functional layer includes a dynamic password cache pool, a token seed keystore, a secure operation component, and a system configuration library. The dynamic password cache pool is used for temporarily storing the message type dynamic password, and the dynamic password can be automatically cleared from the pool when the dynamic password is verified to pass or expired and failed, and the storage time and the storage mode are configured according to the service. The token seed keystore is used to store dynamic token seed keys that are invalidated when a token is invalidated, reported or manually voided. The safety operation component is a guarantee component for providing encryption and authentication algorithms for the system and guaranteeing the safety of the encryption scheme of the system. The system configuration library is a static library used for storing dynamic password service configuration information and system configuration information.
In one embodiment, the quantum key-based dynamic password authentication system process of the present invention includes an administrator configuration process, a message-based dynamic interface service process, and a dynamic token interface service process. As shown in fig. 2, the configuration process of the administrator is a process in which the administrator manages and configures system information and manages service configuration, and the process steps are as follows:
(1) The administrator operates and configures the system information or dynamic password service through a management service interface module;
(2) The system configuration module processes configuration information to form an internal storage format and synchronizes to a system configuration library;
(3) The 'management service interface module' responds the configuration result to the administrator
(4) And (6) ending.
As shown in fig. 3, the message-based dynamic password service is a password authentication function, and in the actual application process, the password authentication is divided into two steps, namely password generation and password authentication.
The first step is as follows: a messaging dynamic password is generated.
(1) Firstly, a dynamic password authentication interface module of an external service layer receives a dynamic password generation request;
(2) Applying for a quantum key by a quantum key interface module vector sub-network according to the dynamic password service configuration information obtained in the system configuration module;
(3) The quantum key returned by the quantum network is received by a quantum key interface module;
(4) The received quantum key is temporarily corresponding to the dynamic password to a dynamic password cache pool by a temporary password management module;
(5) The first step is finished.
The second step is that: the messaging dynamic password is verified.
(1) The dynamic password authentication interface module receives the dynamic password authentication request
(2) According to the dynamic password service configuration obtained from the system configuration module, the encryption and authentication module calls the temporary password management module to retrieve the corresponding dynamic password of the cache pool and verifies the correctness of the received dynamic password
(3) Dynamic password authentication interface module response verification result
(4) And the second step is finished.
As shown in fig. 4, the dynamic token operation flow includes two steps:
stage one: production dynamic token-dynamic token seed generation.
(1) Firstly, a management service interface module of an external service layer receives a dynamic token production configuration scheme formulated by an administrator;
(2) Obtaining the dynamic token production service configuration from a system configuration module according to the selected configuration scheme and applying for a quantum key by a quantum key interface module vector sub-network;
(3) The 'quantum key interface module' receives the distributed quantum key, (so that another token manufacturer is also distributed to the same quantum key at the same time, and the manufacturer performs seed perfusion writing on the dynamic token by using the distributed quantum key);
(4) The received quantum key is delivered to a seed key management module to be stored into a token seed key bank corresponding to the service;
(5) And ending the first stage.
And a second stage: dynamic token-dynamic token dynamic password authentication is used.
(1) The dynamic password authentication interface module receives a dynamic password authentication request;
(2) Obtaining corresponding dynamic password service configuration from a system configuration module, and using an encryption and authentication module to call a seed key management module to retrieve a related seed key and verify the received dynamic password by using a token password algorithm;
(3) The system uses an encryption and authentication module to call a seed key management module to retrieve a related seed key according to the dynamic password service configuration and uses a specific token password algorithm to verify the received dynamic password;
(4) The dynamic password authentication interface module responds to the verification result;
(5) And ending the second stage.
Fig. 5 shows a message-type dynamic password service flow of the quantum-key-based dynamic password authentication system of the present invention.
Based on a message dynamic password technology, a quantum key is used as a dynamic password, a key identification is used as a dynamic password serial number, the dynamic password and the serial number are respectively and simultaneously distributed to a dynamic password authentication system and a third-party communication tool/proxy server, and then are sent to a user hand through the third-party communication tool to be used by a user login application system. The specific authentication process comprises the following steps:
1. a user uses a client to request to log in an application server;
2. the application server applies for generating a dynamic password from the dynamic password authentication system;
3. the dynamic password authentication system vector sub-network applies for a dynamic password (quantum key);
4. the quantum system generates and distributes a subkey (dynamic password) to the dynamic password authentication system, and meanwhile, the same dynamic password is also distributed to a third-party communication tool/proxy server;
5. the dynamic password authentication system receives and temporarily stores the dynamic password, and the third-party communication tool/proxy server sends the dynamic password to the user through the communication tool;
6. the dynamic password authentication system responds the dynamic password serial number to the application server;
7. the application server forwards the dynamic password serial number to the logged-in client;
8. the user confirms that the serial number of the dynamic password is not mistaken and inputs the dynamic password, and requests login authentication again;
9. the application server receives the dynamic password of the client and requests the dynamic password authentication system for verification;
10. the dynamic password authentication system carries out the validity check and authentication of the password according to the relevant strategy and the temporarily stored dynamic password;
11. returning the verification result to the application server;
12. and the application server determines a login authentication result according to the verification result and returns the login authentication result to the client.
In one implementation mode, the token type dynamic password utilizes a quantum key distribution principle, a quantum key is used as a seed key of the dynamic token, a key dynamic password authentication system and a token manufacturer are distributed through a subnet, and a key of the dynamic password authentication system is used as a seed key of a user token and stored in the system for later dynamic password authentication; and the quantum key received by the token manufacturer is used as a seed key for producing the dynamic token, and the copy outside the token is destroyed after the token is burnt by the quantum key.
The dynamic token business flow is divided into two phases of production and use. Fig. 6 shows a production flow of the dynamic token dynamic password, which specifically comprises the following steps:
1. the production of the dynamic token is initiated by a token scheme configured by a dynamic token authentication system to generate a seed key of the token;
2. the quantum system receives the request to generate a quantum key and simultaneously distributes the quantum key to the dynamic password authentication system and the token manufacturer;
3. the dynamic password authentication system receives the quantum key and stores the quantum key as a token seed key inside the system.
4. At the same time, the token manufacturer writes the received quantum key as a token seed key into the token;
5. the token after production is issued to the user.
Fig. 7 shows the use phase of the dynamic token dynamic password, and the specific flow is as follows:
authentication process of dynamic token dynamic password:
1. a user logs in an application server through a client;
2. the application server appoints challenge information according to the key information requested by the user;
3. the application server sends the challenge information to the client;
4. the user receives the challenge information and inputs the dynamic token;
5. the dynamic token generates a dynamic password according to the input of the user;
6. the user inputs the generated dynamic password into the client to continue the authentication request;
7. the application server sends the client request dynamic password and the challenge information to a dynamic password authentication system to request dynamic password authentication;
8. and the dynamic password system finds the corresponding token seed according to the request information and generates and verifies the dynamic password.
9. And returning the verification result to the application server.
In one embodiment, as shown in FIG. 8, a quantum key based dynamic password authentication system supports both message-type and token-type dynamic password applications.
The password of the message type dynamic password corresponds to a quantum key distributed by a quantum network key, QKD quantum key distribution equipment (QKD-2 and QKD-3) is configured in a dynamic password authentication system and a third-party communication server/proxy server, the QKD is connected by a sub-network and is distributed to the dynamic password authentication system and the third-party communication server/proxy server by the sub-network quantum key (dynamic password), wherein the key distributed by the QKD-2 is stored as the dynamic password by the dynamic password authentication system, and the key distributed by the QKD-3 is received by the third-party communication server/proxy server and is sent to a user hand by a third-party tool.
The token type dynamic password is characterized in that a quantum key synchronously distributed by a quantum network is used as a seed key of a token, QKD quantum key distribution equipment (QKD-2 and QKD-1) is configured in a dynamic password authentication system and a token manufacturer configuration environment, the QKD quantum key distribution equipment is connected by a sub-network and is distributed to the dynamic password authentication system and the token manufacturer by the sub-network quantum key (token seed key) at the same time, wherein the key distributed by the QKD-2 is stored by the dynamic password authentication system as a token seed, and the key distributed by the QKD-1 is burnt into the token by the token manufacturer.
It is readily understood by a person skilled in the art that the advantageous ways described above can be freely combined, superimposed without conflict.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention. The above is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several improvements and modifications can be made without departing from the technical principle of the present invention, and these improvements and modifications should also be regarded as the protection scope of the present invention.
Claims (13)
1. The dynamic password authentication system based on the quantum key is characterized by comprising an external service layer, an internal logic layer and a basic function layer;
the external pair service layer provides a service interface for Quantum Key Distribution (QKD), an application system and management and serves as a window for communication and processing between the dynamic password authentication system and the outside;
the internal logic layer aims at specific service or management logic processing of the dynamic password authentication system, the running environment of the internal logic layer cannot be directly accessed by an external interface, and the basic function layer provides basic function support of data access and safety processing for the internal logic layer; and
the basic function layer provides necessary bottom layer support for the dynamic password authentication system, and comprises basic components for providing data storage and safe operation.
2. The dynamic password authentication system according to claim 1, wherein the external service layer comprises a quantum key interface module, a dynamic password authentication interface module and a management service interface module;
the internal logic layer comprises a temporary password management module, a seed key management module, an encryption and authentication module and a system configuration module;
the basic function layer comprises a dynamic password cache pool, a token seed key library, a safe operation component and a system configuration library.
3. The dynamic password authentication system of claim 2, wherein the quantum key interface module is responsible for communication with quantum key distribution devices of a quantum network, adapts to different quantum key sub-devices and protocols, obtains a quantum key from the quantum key system according to quantum key configuration, and stores the obtained key as a message password to the dynamic password cache pool or as a seed key to the token key pool by the internal logic layer.
4. The dynamic password authentication system of claim 2, wherein the dynamic password authentication interface module is responsible for receiving and parsing dynamic password authentication requests of the application system.
5. The dynamic password authentication system of claim 2, wherein the management service interface module provides an administration portal through which an administrator performs dynamic password service configuration and system administration configuration.
6. The dynamic password authentication system of claim 2, wherein the temporary password management module processes a message-type dynamic password, receives a key acquired from the quantum key interface module as a dynamic password and stores the dynamic password as a dynamic password to be cached in the dynamic password cache pool according to specific service configuration, receives an authentication message from the dynamic password authentication module, and completes dynamic password authentication processing with the assistance of the authentication module.
7. The dynamic password authentication system of claim 2, wherein the seed key management module processes the token-type dynamic password, receives the key obtained from the quantum key interface module as the seed key and securely stores the seed key in the token seed key library with the aid of the encryption and authentication module, receives the authentication message from the dynamic password authentication module, and completes the dynamic password authentication process with the aid of the encryption and authentication module.
8. The dynamic password authentication system of claim 2, wherein the encryption and authentication module processes encryption and dynamic password authentication functions, and the security of the encryption and authentication module is ensured by the security operation component.
9. The dynamic password authentication system of claim 2, wherein the system configuration module processes configuration requirements of the management interface module, providing dynamic token service configuration management and system configuration management functions; and meanwhile, the access reading service of the configuration information is provided for the modules on the same layer.
10. The dynamic password authentication system of claim 2, wherein the dynamic password cache pool is used for temporarily storing the message-type dynamic password, and the dynamic password is automatically cleared from the pool when being verified to pass or expired and invalidated, specifically according to the storage time and the storage mode of the service configuration.
11. The dynamic password authentication system of claim 2, wherein the token seed keystore is configured to store a dynamic token seed key that is invalidated upon token invalidation, loss of notice, or human invalidation.
12. The dynamic password authentication system of claim 2, wherein the security operation component provides encryption, authentication algorithms, and secure system encryption schemes for the dynamic password authentication system.
13. The dynamic password authentication system of claim 2, wherein the system configuration library is a static library for holding dynamic password service configuration information and system configuration information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211289429.8A CN115834033A (en) | 2022-10-20 | 2022-10-20 | Dynamic password authentication system based on quantum key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211289429.8A CN115834033A (en) | 2022-10-20 | 2022-10-20 | Dynamic password authentication system based on quantum key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115834033A true CN115834033A (en) | 2023-03-21 |
Family
ID=85525075
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211289429.8A Pending CN115834033A (en) | 2022-10-20 | 2022-10-20 | Dynamic password authentication system based on quantum key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115834033A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116707808A (en) * | 2023-08-10 | 2023-09-05 | 北京中科国光量子科技有限公司 | Frame synchronization method for passive continuous variable quantum key distribution system |
-
2022
- 2022-10-20 CN CN202211289429.8A patent/CN115834033A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116707808A (en) * | 2023-08-10 | 2023-09-05 | 北京中科国光量子科技有限公司 | Frame synchronization method for passive continuous variable quantum key distribution system |
| CN116707808B (en) * | 2023-08-10 | 2023-10-03 | 北京中科国光量子科技有限公司 | Frame synchronization method for passive continuous variable quantum key distribution system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11838324B2 (en) | Secure web container for a secure online user environment | |
| US20240106865A1 (en) | Secure Web Container for a Secure Online User Environment | |
| US8997192B2 (en) | System and method for securely provisioning and generating one-time-passwords in a remote device | |
| TWI470989B (en) | Method and apparatus for providing trusted single sing-on access to applications and internet-based services | |
| US7730523B1 (en) | Role-based access using combinatorial inheritance and randomized conjugates in an internet hosted environment | |
| CN109558721A (en) | The Secure Single Sign-on and conditional access of client application | |
| JP2021111412A (en) | Method and apparatus for verifying digital identity, electronic device, non-transitory computer-readable storage medium, and program | |
| CN110048848B (en) | Method, system and storage medium for sending session token through passive client | |
| CN111737366B (en) | Private data processing method, device, equipment and storage medium of block chain | |
| Wang et al. | EIDM: A ethereum-based cloud user identity management protocol | |
| JPH11317735A (en) | Centrarized certificate management system for two-way interactive communication device in data network | |
| US20030135734A1 (en) | Secure mutual authentication system | |
| CN108234509A (en) | FIDO authenticators, Verification System and method based on TEE and PKI certificates | |
| CN115834033A (en) | Dynamic password authentication system based on quantum key | |
| Homoliak et al. | An air-gapped 2-factor authentication for smart-contract wallets | |
| CN212519015U (en) | Local area network quantum communication center and system accessed to quantum secure communication network | |
| Chen et al. | Cloud service platform of electronic identity in cyberspace | |
| EP2530618B1 (en) | Sign-On system with distributed access | |
| Yilmaz et al. | Improving WebRTC Security via Blockchain Based Smart Contracts | |
| Gurav et al. | Remote client authentication using mobile phone generated OTP | |
| Raji et al. | Enhancing Public Cloud Security by Developing a Model For User Authentication and Data Integrity Checking | |
| Rozenblit et al. | Computer aided design system for VLSI interconnections | |
| CN114553410B (en) | API gateway safety protection method and system based on interface mapping | |
| US11750597B2 (en) | Unattended authentication in HTTP using time-based one-time passwords | |
| CN113676468B (en) | Three-party enhanced authentication system design method based on message verification technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |