CN105471584B - A kind of identity identifying method based on quantum key encryption - Google Patents

A kind of identity identifying method based on quantum key encryption Download PDF

Info

Publication number
CN105471584B
CN105471584B CN201510881727.XA CN201510881727A CN105471584B CN 105471584 B CN105471584 B CN 105471584B CN 201510881727 A CN201510881727 A CN 201510881727A CN 105471584 B CN105471584 B CN 105471584B
Authority
CN
China
Prior art keywords
authentication
authentication information
server
identity
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510881727.XA
Other languages
Chinese (zh)
Other versions
CN105471584A (en
Inventor
朱德新
韩家伟
刘志远
王薇
王士刚
肖治国
魏荣凯
吴佳楠
宋立军
徐崴娜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changchun Wenyin Technology Co Ltd
Original Assignee
Changchun University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changchun University filed Critical Changchun University
Priority to CN201510881727.XA priority Critical patent/CN105471584B/en
Publication of CN105471584A publication Critical patent/CN105471584A/en
Application granted granted Critical
Publication of CN105471584B publication Critical patent/CN105471584B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention belongs to quantum cryptography communication fields, and more particularly to a kind of identity identifying method based on quantum key encryption, applications client obtains authentication information, carry out authentication information encrypting and transmitting to authentication server;The integrality of crypto identity authentication information is detected by authentication policy module, authentication information is complete, crypto identity authentication information is decrypted in authentication server, and it is sent to data server, database server receiving and deciphering authentication information, and whether with pre-stored subscriber identity information consistent, and judging result is sent to application server if judging decryption identity authentication information;Application server is according to the judging result, if, identity information authenticates successfully, if not, authentication failure, waiting re-start authentication, and the method achieve combining closely for quantum cryptography communication and information security field, man-in-the-middle attack is prevented, ensure that the identity of the both sides of communication is true.

Description

A kind of identity identifying method based on quantum key encryption
Technical field
The invention belongs to quantum cryptography communication fields, more particularly to a kind of authentication side based on quantum key encryption Method, the method achieve combining closely for quantum cryptography communication and information security field.
Background technique
Past ten years, computer networking technology are quickly grown, and various network applications obtain people greatly The information resources and services of amount, what is all come therewith is information security issue.The development of internet promotes the continuous of information networking It deeply and extends, this increases the degree of opening of society further.Information, the enterprise of user are protected using information security technology The safety of the applications such as information, the e-commerce of industry has become the critical issue of internet development.The development of information security is substantially It is divided into three phases: data safety, network security, transaction security.The basic fundamental that data safety relies on is cryptographic technique, network The basic fundamental relied on safely is guard technology, and transaction security is the most basic safety in network trading epoch, it is desirable that is credible Property, trusted computation environment, trustable network connection, the credible proof of transaction are provided for transaction, the basic fundamental of transaction security is to recognize Card technology, it implements voluntary type security strategy based on credibility.Identity identifying technology is one of core technology of information security. In network world, it is ensured that transaction communications it is credible and reliable, it is necessary to correctly identify the identity of communicating pair, then identity The development degree of authentication techniques directly determines the development degree of IT industry.
Quanta cryptology technique is the product that cryptography is combined with quantum mechanics, and the safety warp of point-to-point mode may be implemented Allusion quotation communication.Here safety is mathematically to have obtained the safety of Strict Proof, is guaranteed by principle of quantum mechanics. " Heisenberg uncertainty principle " is quantum-mechanical basic principle, refer to synchronization with same precision measurement quantum position with Momentum be it is impossible, can only accurately measure one of both.Based on uncertainty principle, quantum cryptography be difficult in transmission process by Duplication, does not agree with replicating obtained duplication result by force with user's identity information completely.In addition, quantum cryptography body Even if the information of part certification is intercepted, interceptor also can not accurately break a code content aware user's identity information.Quantum is close Code identity identifying technology has powerful security feature that is not reproducible and can not decoding, can truly accomplish user's identity Information is perfectly safe.
Therefore, there is an urgent need for a kind of a kind of authentications based on quantum key encryption of new technical solution in the prior art Method, realization quantum cryptography communication and information security field are combined closely.
Summary of the invention
The technical problems to be solved by the invention: one kind is provided and is based on defect, the present invention in view of the deficiencies of the prior art The identity identifying method of quantum key encryption, the method achieve combining closely for quantum cryptography communication and information security field, Man-in-the-middle attack is prevented, ensure that the identity of the both sides of communication is true.
A kind of identity identifying method based on quantum key encryption, it is characterized in that: include the following steps,
Step 1: applications client obtains authentication information, dyad sub-key manages server application quantum key, Authentication information encryption is carried out, and crypto identity authentication information is sent to authentication server;
Step 2: authentication server receives the crypto identity authentication information that applications client is sent to it, start body The integrality of part certification policy module detection crypto identity authentication information,
Authentication information data are maliciously tampered or destroy, and authentication server feeds back authentication error message To application server, authentication failure, waiting re-starts authentication,
Authentication information is complete, and crypto identity authentication information is decrypted in authentication server, and is sent to number According to library server;
Step 3: database server receives the decryption identity authentication information that authentication server is sent to it, and sentence Whether disconnected decryption identity authentication information is consistent with pre-stored subscriber identity information, and judging result is sent to application service Device;
Step 4: application server judging result according to step 3, if so, identity information authenticates successfully, if it is not, Authentication failure, waiting re-start authentication.
The quantum key control server storage and control quantum key, dyad sub-key generating device are applied in real time Quantum key.
The authentication policy module includes that authentication information integrality unit, applications client quantum key and identity are recognized Demonstrate,prove server end quantum key comparison unit;The integrality of the authentication information integrality unit detection authentication information.
The public network is the channel quantum key Virtual Private Network VPN Ethernet.
Through the above design, the present invention can be brought the following benefits: a kind of body based on quantum key encryption Identity authentication method, applications client quantum key and authentication server looking somebody up and down sub-key comparing unit set quantum key Both sides guarantee that both sides use the consistency of quantum key sequence using mark, when encrypted authentication information reaches identity When certificate server, start authentication policy module, detect self integrality of authentication information, it is ensured that information not by Malice is distorted or is destroyed, and integrity verification success, authentication server sends the authentication information after decryption to number According to library server, database server compares the authentication information after decryption using the identity information of user's registration, will compare As a result it is sent to application server, application server indicates to answer according to the comparison result of database server if compared successfully It is authenticated successfully with client identity;Otherwise, authentication fails, and the method achieve quantum cryptography communications and information security field Combine closely, prevent man-in-the-middle attack, ensure that the identity of the both sides of communication is true.
Detailed description of the invention
The invention will be further described with specific embodiment for explanation with reference to the accompanying drawing:
Fig. 1 is a kind of implementation diagram of the identity identifying method based on quantum key encryption of the present invention.
Fig. 2 is a kind of work flow diagram of the identity identifying method based on quantum key encryption of the present invention.
Specific embodiment
As shown in Figure 1, a kind of identity identifying method use device based on quantum key encryption, including quantum key control Server, applications client, authentication server, database server, application server, authentication policy module,
Quantum key manages server: quantum key control server is for storing and managing from quantum key generating device The quantum key of acquisition, while also having during applications client application key, according to the length and amount of application key Sub-key manages the capacity of size of key in server, in real time to the function of quantum key generating device application quantum key.
Applications client: applications client is user program, the code that can be executed comprising one section.It is loaded with and obtains in code Local terminal quantum key, encryption, inquiry, management algorithm and program are taken, for reinforcing implementing secrecy policy and executing task.Using visitor Family end can not pass through authentication server, browse application server related content;Authentication server can also be passed through Verify identity information, after being proved to be successful, the related content of Management Application Server.
Authentication server: authentication server, which loads, obtains local terminal quantum key, decipherment algorithm and program, is used for The authentication encryption information that applications client is sent in classic network is obtained and decrypted, the identity information after decryption is sent to Database server.
Database server: database server is used to manage the individual privacy attribute of user, such as: user name, password, body The information such as part card number, telephone number, user right.In verification process, database server is obtained from authentication server Then the decryption identity authentication information sended over compares the information that the user is stored in database, comparison result is fed back to Application server.
Application server: application server is used according to the comparison result of database server if identity information authenticates successfully It family can be with the related content of Management Application Server;Otherwise, authentication is re-started.
Authentication policy module is arranged inside authentication server, and authentication policy module includes authentication information Integrality unit, applications client quantum key and authentication server look sub-key comparison unit up and down;Authentication information is complete Property unit detection authentication information integrality.The plan that authentication policy module can also be added according to user's application demand Slightly reinforce authentication information.Wherein, self integrality of authentication information integrality unit detection authentication information, it is ensured that information does not have It is maliciously tampered or destroys.When authentication information reaches authentication server, applications client quantum key and body Part certificate server looking somebody up and down sub-key comparing unit sets key both sides using mark, guarantees that both sides use quantum key sequence Consistency.
Shown in the identity identifying method work flow diagram encrypted referring to Fig. 2 based on quantum key, one kind being based on quantum key The identity identifying method of encryption, it is characterized in that: include the following steps,
Step 1: applications client obtains authentication information, dyad sub-key manages server application quantum key, Authentication information encryption is carried out, and crypto identity authentication information is sent to authentication server;
Step 2: authentication server receives the crypto identity authentication information that applications client is sent to it, start body The integrality of part certification policy module detection crypto identity authentication information,
Authentication information data are maliciously tampered or destroy, and authentication server feeds back authentication error message To application server, authentication failure, waiting re-starts authentication,
Authentication information is complete, and crypto identity authentication information is decrypted in authentication server, and is sent to number According to library server;
Step 3: database server receives the decryption identity authentication information that authentication server is sent to it, and sentence Whether disconnected decryption identity authentication information is consistent with pre-stored subscriber identity information, and judging result is sent to application service Device;
Step 4: application server judging result according to step 3, if so, identity information authenticates successfully, if it is not, Authentication failure, waiting re-start authentication.
The quantum key control server storage and control quantum key, dyad sub-key generating device are applied in real time Quantum key.
The authentication policy module includes that authentication information integrality unit, applications client quantum key and identity are recognized Demonstrate,prove server end quantum key comparison unit;The integrality of the authentication information integrality unit detection authentication information.
The public network is the channel quantum key Virtual Private Network VPN Ethernet.
The specific protocol steps of the application method are as follows:
1) if user's only related content in browse application server, does not need input authentication information;If user Management Application Server related content is needed, needs to input authentication information in client.
2) it before applications client transmits authentication information in public network, needs to manage server to local quantum key Application encryption quantum key.Managing server when quantum key has enough quantum keys, adds then applications client utilizes Close algorithm directly encrypts authentication information.Else if quantum key control server does not have enough quantum close Key, then cryptographic operation is at wait state, until with enough size of keys.
3) authentication server obtains the crypto identity authentication information that client is sent, and verifies the complete of encryption data Property, if data are maliciously tampered, authentication server is without close to the control server application decryption of local terminal quantum key Error message is directly fed back to application server by key;Otherwise, authentication server needs to manage to local quantum key Server application decruption key.When quantum key control server has enough quantum keys, then authentication server According to applications client quantum cryptography key identification, the corresponding decruption key of local terminal is obtained, using decipherment algorithm directly to body Part authentication information is decrypted.Else if quantum key control server does not have enough quantum keys, then decryption oprerations It is at wait state, until with enough size of keys.
4) authentication server sends the authentication information after decryption to database server, database server The authentication information after decryption is compared using the identity information of user's registration, comparison result is sent to application server.
5) application server indicates that client identity is recognized if compared successfully according to the comparison result of database server It demonstrate,proves successfully;Otherwise, authentication fails.

Claims (1)

1. a kind of identity identifying method based on quantum key encryption, it is characterized in that: include the following steps,
Step 1: applications client obtains authentication information, before transmitting authentication information in public network, to quantum key pipe Server application quantum key is controlled, carries out authentication information encryption, and crypto identity authentication information is sent to authentication Server, the public network are the channel quantum key Virtual Private Network VPN Ethernet;
Step 2: authentication server receives the crypto identity authentication information that applications client is sent to it, starting identity is recognized The integrality of policy module detection crypto identity authentication information is demonstrate,proved,
Authentication information data are maliciously tampered or destroy, and authentication server, which feeds back to authentication error message, answers With server, authentication failure, waiting re-starts authentication,
Authentication information is complete, and crypto identity authentication information is decrypted in authentication server, and is sent to database Server;
Step 3: database server receives the decryption identity authentication information that authentication server is sent to it, and judge to solve Whether close authentication information is consistent with pre-stored subscriber identity information, and judging result is sent to application server;
Step 4: application server judging result according to step 3, if so, identity information authenticates successfully, if it is not, identity Authentification failure, waiting re-start authentication;
The quantum key control server storage and control quantum key, dyad sub-key generating device apply for quantum in real time Key;
The authentication policy module includes authentication information integrality unit, applications client quantum key and authentication clothes Business device looks sub-key comparison unit up and down;The integrality of the authentication information integrality unit detection authentication information.
CN201510881727.XA 2015-12-04 2015-12-04 A kind of identity identifying method based on quantum key encryption Active CN105471584B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510881727.XA CN105471584B (en) 2015-12-04 2015-12-04 A kind of identity identifying method based on quantum key encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510881727.XA CN105471584B (en) 2015-12-04 2015-12-04 A kind of identity identifying method based on quantum key encryption

Publications (2)

Publication Number Publication Date
CN105471584A CN105471584A (en) 2016-04-06
CN105471584B true CN105471584B (en) 2019-02-22

Family

ID=55608913

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510881727.XA Active CN105471584B (en) 2015-12-04 2015-12-04 A kind of identity identifying method based on quantum key encryption

Country Status (1)

Country Link
CN (1) CN105471584B (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107769913B (en) * 2016-08-16 2020-12-29 广东国盾量子科技有限公司 Quantum UKey-based communication method and system
CN111541728B (en) * 2016-09-20 2023-10-10 徐蔚 Payment method and device using payment mark and mobile terminal
CN106452739A (en) * 2016-09-23 2017-02-22 浙江神州量子网络科技有限公司 Quantum network service station and quantum communication network
CN108282329B (en) * 2017-01-06 2021-01-15 中国移动通信有限公司研究院 Bidirectional identity authentication method and device
CN107257283B (en) * 2017-04-26 2019-11-08 中南大学 Fingerprint verification method based on quantum figure state
CN107800537B (en) * 2017-11-27 2022-11-08 安徽问天量子科技股份有限公司 Encryption database system and method based on quantum key distribution technology, storage method and query method
CN113726734A (en) * 2018-03-09 2021-11-30 山东量子科学技术研究院有限公司 Quantum key distribution network, wearable device and target server
CN110493162A (en) * 2018-03-09 2019-11-22 山东量子科学技术研究院有限公司 Identity identifying method and system based on wearable device
CN110490051A (en) * 2019-07-03 2019-11-22 武汉虹识技术有限公司 Iris authentication system and method
CN110572265B (en) * 2019-10-24 2022-04-05 国网山东省电力公司信息通信公司 Terminal security access gateway method, device and system based on quantum communication
CN111865922B (en) * 2020-06-23 2022-09-23 国汽(北京)智能网联汽车研究院有限公司 Communication method, device, equipment and storage medium
CN112865966A (en) * 2021-02-05 2021-05-28 安徽华典大数据科技有限公司 Identity authentication method based on quantum key encryption
CN113242238B (en) * 2021-05-10 2022-05-27 中国建设银行股份有限公司 Secure communication method, device and system
CN113438074B (en) * 2021-06-24 2022-11-11 中电信量子科技有限公司 Decryption method of received mail based on quantum security key
CN113572784A (en) * 2021-08-04 2021-10-29 神州数码系统集成服务有限公司 VPN user identity authentication method and device
CN114071461B (en) * 2021-11-12 2023-11-03 江苏亨通问天量子信息研究院有限公司 5G communication module based on quantum key encryption
CN114089674A (en) * 2021-11-22 2022-02-25 安徽健坤通信股份有限公司 Cloud terminal management and control system based on quantum identity authentication
CN114448629A (en) * 2022-03-25 2022-05-06 中国电信股份有限公司 Identity authentication method and device, storage medium and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011059306A3 (en) * 2009-11-13 2011-08-11 Mimos Berhad A secure key distribution protocol based on hash functions utilizing quantum authentication channel (kdp-6dp)
CN103095461A (en) * 2013-01-23 2013-05-08 山东量子科学技术研究院有限公司 Authentication method for network signaling between quantum safety network equipment
CN103338448A (en) * 2013-06-07 2013-10-02 国家电网公司 Wireless local area network security communication method based on quantum key distribution
CN104821874A (en) * 2015-05-15 2015-08-05 长春大学 Method employing quantum secret key for IOT (Internet of Things) data encryption transmission

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011059306A3 (en) * 2009-11-13 2011-08-11 Mimos Berhad A secure key distribution protocol based on hash functions utilizing quantum authentication channel (kdp-6dp)
CN103095461A (en) * 2013-01-23 2013-05-08 山东量子科学技术研究院有限公司 Authentication method for network signaling between quantum safety network equipment
CN103338448A (en) * 2013-06-07 2013-10-02 国家电网公司 Wireless local area network security communication method based on quantum key distribution
CN104821874A (en) * 2015-05-15 2015-08-05 长春大学 Method employing quantum secret key for IOT (Internet of Things) data encryption transmission

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
量子身份认证研究;童虎;《基础科学辑》;20120831;正文第30-33页第4节

Also Published As

Publication number Publication date
CN105471584A (en) 2016-04-06

Similar Documents

Publication Publication Date Title
CN105471584B (en) A kind of identity identifying method based on quantum key encryption
US11799656B2 (en) Security authentication method and device
CN110069918B (en) Efficient double-factor cross-domain authentication method based on block chain technology
CN108418691B (en) Dynamic network identity authentication method based on SGX
EP2304636B1 (en) Mobile device assisted secure computer network communications
TWI536790B (en) Communication method using fingerprint information authentication
WO2018127081A1 (en) Method and system for obtaining encryption key
CN104243494B (en) A kind of data processing method
US10263782B2 (en) Soft-token authentication system
CN108809633B (en) Identity authentication method, device and system
CN107920052B (en) Encryption method and intelligent device
KR100860573B1 (en) Method for User Authentication
CN101695038A (en) Method and device for detecting SSL enciphered data safety
JPH07325785A (en) Network user identifying method, ciphering communication method, application client and server
CN103560892A (en) Secret key generation method and secret key generation device
CN113114668A (en) Information transmission method, mobile terminal, storage medium and electronic equipment
EP3000216B1 (en) Secured data channel authentication implying a shared secret
CN112351037A (en) Information processing method and device for secure communication
CN109272314A (en) A kind of safety communicating method and system cooperateing with signature calculation based on two sides
CN112989320B (en) User state management system and method for password equipment
US20130166911A1 (en) Implementation process for the use of cryptographic data of a user stored in a data base
CN106230840B (en) A kind of command identifying method of high security
CN116244750A (en) Secret-related information maintenance method, device, equipment and storage medium
CN114282189A (en) Data security storage method, system, client and server
CN105049433B (en) Markization card number information transmits verification method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220817

Address after: Room 906-1, Building 1, Huizheng University Cube Building, the intersection of Nanhuancheng Road and Herong Road, Jingyue Development Zone, Changchun City, Jilin Province 130000

Patentee after: Changchun Wenyin Technology Co., Ltd.

Address before: 130022 Changchun University, 6543 Satellite Road, Jilin, Changchun

Patentee before: CHANGCHUN University

TR01 Transfer of patent right