CN105471584B - A kind of identity identifying method based on quantum key encryption - Google Patents
A kind of identity identifying method based on quantum key encryption Download PDFInfo
- Publication number
- CN105471584B CN105471584B CN201510881727.XA CN201510881727A CN105471584B CN 105471584 B CN105471584 B CN 105471584B CN 201510881727 A CN201510881727 A CN 201510881727A CN 105471584 B CN105471584 B CN 105471584B
- Authority
- CN
- China
- Prior art keywords
- authentication
- authentication information
- server
- identity
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention belongs to quantum cryptography communication fields, and more particularly to a kind of identity identifying method based on quantum key encryption, applications client obtains authentication information, carry out authentication information encrypting and transmitting to authentication server;The integrality of crypto identity authentication information is detected by authentication policy module, authentication information is complete, crypto identity authentication information is decrypted in authentication server, and it is sent to data server, database server receiving and deciphering authentication information, and whether with pre-stored subscriber identity information consistent, and judging result is sent to application server if judging decryption identity authentication information;Application server is according to the judging result, if, identity information authenticates successfully, if not, authentication failure, waiting re-start authentication, and the method achieve combining closely for quantum cryptography communication and information security field, man-in-the-middle attack is prevented, ensure that the identity of the both sides of communication is true.
Description
Technical field
The invention belongs to quantum cryptography communication fields, more particularly to a kind of authentication side based on quantum key encryption
Method, the method achieve combining closely for quantum cryptography communication and information security field.
Background technique
Past ten years, computer networking technology are quickly grown, and various network applications obtain people greatly
The information resources and services of amount, what is all come therewith is information security issue.The development of internet promotes the continuous of information networking
It deeply and extends, this increases the degree of opening of society further.Information, the enterprise of user are protected using information security technology
The safety of the applications such as information, the e-commerce of industry has become the critical issue of internet development.The development of information security is substantially
It is divided into three phases: data safety, network security, transaction security.The basic fundamental that data safety relies on is cryptographic technique, network
The basic fundamental relied on safely is guard technology, and transaction security is the most basic safety in network trading epoch, it is desirable that is credible
Property, trusted computation environment, trustable network connection, the credible proof of transaction are provided for transaction, the basic fundamental of transaction security is to recognize
Card technology, it implements voluntary type security strategy based on credibility.Identity identifying technology is one of core technology of information security.
In network world, it is ensured that transaction communications it is credible and reliable, it is necessary to correctly identify the identity of communicating pair, then identity
The development degree of authentication techniques directly determines the development degree of IT industry.
Quanta cryptology technique is the product that cryptography is combined with quantum mechanics, and the safety warp of point-to-point mode may be implemented
Allusion quotation communication.Here safety is mathematically to have obtained the safety of Strict Proof, is guaranteed by principle of quantum mechanics.
" Heisenberg uncertainty principle " is quantum-mechanical basic principle, refer to synchronization with same precision measurement quantum position with
Momentum be it is impossible, can only accurately measure one of both.Based on uncertainty principle, quantum cryptography be difficult in transmission process by
Duplication, does not agree with replicating obtained duplication result by force with user's identity information completely.In addition, quantum cryptography body
Even if the information of part certification is intercepted, interceptor also can not accurately break a code content aware user's identity information.Quantum is close
Code identity identifying technology has powerful security feature that is not reproducible and can not decoding, can truly accomplish user's identity
Information is perfectly safe.
Therefore, there is an urgent need for a kind of a kind of authentications based on quantum key encryption of new technical solution in the prior art
Method, realization quantum cryptography communication and information security field are combined closely.
Summary of the invention
The technical problems to be solved by the invention: one kind is provided and is based on defect, the present invention in view of the deficiencies of the prior art
The identity identifying method of quantum key encryption, the method achieve combining closely for quantum cryptography communication and information security field,
Man-in-the-middle attack is prevented, ensure that the identity of the both sides of communication is true.
A kind of identity identifying method based on quantum key encryption, it is characterized in that: include the following steps,
Step 1: applications client obtains authentication information, dyad sub-key manages server application quantum key,
Authentication information encryption is carried out, and crypto identity authentication information is sent to authentication server;
Step 2: authentication server receives the crypto identity authentication information that applications client is sent to it, start body
The integrality of part certification policy module detection crypto identity authentication information,
Authentication information data are maliciously tampered or destroy, and authentication server feeds back authentication error message
To application server, authentication failure, waiting re-starts authentication,
Authentication information is complete, and crypto identity authentication information is decrypted in authentication server, and is sent to number
According to library server;
Step 3: database server receives the decryption identity authentication information that authentication server is sent to it, and sentence
Whether disconnected decryption identity authentication information is consistent with pre-stored subscriber identity information, and judging result is sent to application service
Device;
Step 4: application server judging result according to step 3, if so, identity information authenticates successfully, if it is not,
Authentication failure, waiting re-start authentication.
The quantum key control server storage and control quantum key, dyad sub-key generating device are applied in real time
Quantum key.
The authentication policy module includes that authentication information integrality unit, applications client quantum key and identity are recognized
Demonstrate,prove server end quantum key comparison unit;The integrality of the authentication information integrality unit detection authentication information.
The public network is the channel quantum key Virtual Private Network VPN Ethernet.
Through the above design, the present invention can be brought the following benefits: a kind of body based on quantum key encryption
Identity authentication method, applications client quantum key and authentication server looking somebody up and down sub-key comparing unit set quantum key
Both sides guarantee that both sides use the consistency of quantum key sequence using mark, when encrypted authentication information reaches identity
When certificate server, start authentication policy module, detect self integrality of authentication information, it is ensured that information not by
Malice is distorted or is destroyed, and integrity verification success, authentication server sends the authentication information after decryption to number
According to library server, database server compares the authentication information after decryption using the identity information of user's registration, will compare
As a result it is sent to application server, application server indicates to answer according to the comparison result of database server if compared successfully
It is authenticated successfully with client identity;Otherwise, authentication fails, and the method achieve quantum cryptography communications and information security field
Combine closely, prevent man-in-the-middle attack, ensure that the identity of the both sides of communication is true.
Detailed description of the invention
The invention will be further described with specific embodiment for explanation with reference to the accompanying drawing:
Fig. 1 is a kind of implementation diagram of the identity identifying method based on quantum key encryption of the present invention.
Fig. 2 is a kind of work flow diagram of the identity identifying method based on quantum key encryption of the present invention.
Specific embodiment
As shown in Figure 1, a kind of identity identifying method use device based on quantum key encryption, including quantum key control
Server, applications client, authentication server, database server, application server, authentication policy module,
Quantum key manages server: quantum key control server is for storing and managing from quantum key generating device
The quantum key of acquisition, while also having during applications client application key, according to the length and amount of application key
Sub-key manages the capacity of size of key in server, in real time to the function of quantum key generating device application quantum key.
Applications client: applications client is user program, the code that can be executed comprising one section.It is loaded with and obtains in code
Local terminal quantum key, encryption, inquiry, management algorithm and program are taken, for reinforcing implementing secrecy policy and executing task.Using visitor
Family end can not pass through authentication server, browse application server related content;Authentication server can also be passed through
Verify identity information, after being proved to be successful, the related content of Management Application Server.
Authentication server: authentication server, which loads, obtains local terminal quantum key, decipherment algorithm and program, is used for
The authentication encryption information that applications client is sent in classic network is obtained and decrypted, the identity information after decryption is sent to
Database server.
Database server: database server is used to manage the individual privacy attribute of user, such as: user name, password, body
The information such as part card number, telephone number, user right.In verification process, database server is obtained from authentication server
Then the decryption identity authentication information sended over compares the information that the user is stored in database, comparison result is fed back to
Application server.
Application server: application server is used according to the comparison result of database server if identity information authenticates successfully
It family can be with the related content of Management Application Server;Otherwise, authentication is re-started.
Authentication policy module is arranged inside authentication server, and authentication policy module includes authentication information
Integrality unit, applications client quantum key and authentication server look sub-key comparison unit up and down;Authentication information is complete
Property unit detection authentication information integrality.The plan that authentication policy module can also be added according to user's application demand
Slightly reinforce authentication information.Wherein, self integrality of authentication information integrality unit detection authentication information, it is ensured that information does not have
It is maliciously tampered or destroys.When authentication information reaches authentication server, applications client quantum key and body
Part certificate server looking somebody up and down sub-key comparing unit sets key both sides using mark, guarantees that both sides use quantum key sequence
Consistency.
Shown in the identity identifying method work flow diagram encrypted referring to Fig. 2 based on quantum key, one kind being based on quantum key
The identity identifying method of encryption, it is characterized in that: include the following steps,
Step 1: applications client obtains authentication information, dyad sub-key manages server application quantum key,
Authentication information encryption is carried out, and crypto identity authentication information is sent to authentication server;
Step 2: authentication server receives the crypto identity authentication information that applications client is sent to it, start body
The integrality of part certification policy module detection crypto identity authentication information,
Authentication information data are maliciously tampered or destroy, and authentication server feeds back authentication error message
To application server, authentication failure, waiting re-starts authentication,
Authentication information is complete, and crypto identity authentication information is decrypted in authentication server, and is sent to number
According to library server;
Step 3: database server receives the decryption identity authentication information that authentication server is sent to it, and sentence
Whether disconnected decryption identity authentication information is consistent with pre-stored subscriber identity information, and judging result is sent to application service
Device;
Step 4: application server judging result according to step 3, if so, identity information authenticates successfully, if it is not,
Authentication failure, waiting re-start authentication.
The quantum key control server storage and control quantum key, dyad sub-key generating device are applied in real time
Quantum key.
The authentication policy module includes that authentication information integrality unit, applications client quantum key and identity are recognized
Demonstrate,prove server end quantum key comparison unit;The integrality of the authentication information integrality unit detection authentication information.
The public network is the channel quantum key Virtual Private Network VPN Ethernet.
The specific protocol steps of the application method are as follows:
1) if user's only related content in browse application server, does not need input authentication information;If user
Management Application Server related content is needed, needs to input authentication information in client.
2) it before applications client transmits authentication information in public network, needs to manage server to local quantum key
Application encryption quantum key.Managing server when quantum key has enough quantum keys, adds then applications client utilizes
Close algorithm directly encrypts authentication information.Else if quantum key control server does not have enough quantum close
Key, then cryptographic operation is at wait state, until with enough size of keys.
3) authentication server obtains the crypto identity authentication information that client is sent, and verifies the complete of encryption data
Property, if data are maliciously tampered, authentication server is without close to the control server application decryption of local terminal quantum key
Error message is directly fed back to application server by key;Otherwise, authentication server needs to manage to local quantum key
Server application decruption key.When quantum key control server has enough quantum keys, then authentication server
According to applications client quantum cryptography key identification, the corresponding decruption key of local terminal is obtained, using decipherment algorithm directly to body
Part authentication information is decrypted.Else if quantum key control server does not have enough quantum keys, then decryption oprerations
It is at wait state, until with enough size of keys.
4) authentication server sends the authentication information after decryption to database server, database server
The authentication information after decryption is compared using the identity information of user's registration, comparison result is sent to application server.
5) application server indicates that client identity is recognized if compared successfully according to the comparison result of database server
It demonstrate,proves successfully;Otherwise, authentication fails.
Claims (1)
1. a kind of identity identifying method based on quantum key encryption, it is characterized in that: include the following steps,
Step 1: applications client obtains authentication information, before transmitting authentication information in public network, to quantum key pipe
Server application quantum key is controlled, carries out authentication information encryption, and crypto identity authentication information is sent to authentication
Server, the public network are the channel quantum key Virtual Private Network VPN Ethernet;
Step 2: authentication server receives the crypto identity authentication information that applications client is sent to it, starting identity is recognized
The integrality of policy module detection crypto identity authentication information is demonstrate,proved,
Authentication information data are maliciously tampered or destroy, and authentication server, which feeds back to authentication error message, answers
With server, authentication failure, waiting re-starts authentication,
Authentication information is complete, and crypto identity authentication information is decrypted in authentication server, and is sent to database
Server;
Step 3: database server receives the decryption identity authentication information that authentication server is sent to it, and judge to solve
Whether close authentication information is consistent with pre-stored subscriber identity information, and judging result is sent to application server;
Step 4: application server judging result according to step 3, if so, identity information authenticates successfully, if it is not, identity
Authentification failure, waiting re-start authentication;
The quantum key control server storage and control quantum key, dyad sub-key generating device apply for quantum in real time
Key;
The authentication policy module includes authentication information integrality unit, applications client quantum key and authentication clothes
Business device looks sub-key comparison unit up and down;The integrality of the authentication information integrality unit detection authentication information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510881727.XA CN105471584B (en) | 2015-12-04 | 2015-12-04 | A kind of identity identifying method based on quantum key encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510881727.XA CN105471584B (en) | 2015-12-04 | 2015-12-04 | A kind of identity identifying method based on quantum key encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105471584A CN105471584A (en) | 2016-04-06 |
CN105471584B true CN105471584B (en) | 2019-02-22 |
Family
ID=55608913
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510881727.XA Active CN105471584B (en) | 2015-12-04 | 2015-12-04 | A kind of identity identifying method based on quantum key encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105471584B (en) |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107769913B (en) * | 2016-08-16 | 2020-12-29 | 广东国盾量子科技有限公司 | Quantum UKey-based communication method and system |
CN111541728B (en) * | 2016-09-20 | 2023-10-10 | 徐蔚 | Payment method and device using payment mark and mobile terminal |
CN106452739A (en) * | 2016-09-23 | 2017-02-22 | 浙江神州量子网络科技有限公司 | Quantum network service station and quantum communication network |
CN108282329B (en) * | 2017-01-06 | 2021-01-15 | 中国移动通信有限公司研究院 | Bidirectional identity authentication method and device |
CN107257283B (en) * | 2017-04-26 | 2019-11-08 | 中南大学 | Fingerprint verification method based on quantum figure state |
CN107800537B (en) * | 2017-11-27 | 2022-11-08 | 安徽问天量子科技股份有限公司 | Encryption database system and method based on quantum key distribution technology, storage method and query method |
CN113726734A (en) * | 2018-03-09 | 2021-11-30 | 山东量子科学技术研究院有限公司 | Quantum key distribution network, wearable device and target server |
CN110493162A (en) * | 2018-03-09 | 2019-11-22 | 山东量子科学技术研究院有限公司 | Identity identifying method and system based on wearable device |
CN110490051A (en) * | 2019-07-03 | 2019-11-22 | 武汉虹识技术有限公司 | Iris authentication system and method |
CN110572265B (en) * | 2019-10-24 | 2022-04-05 | 国网山东省电力公司信息通信公司 | Terminal security access gateway method, device and system based on quantum communication |
CN111865922B (en) * | 2020-06-23 | 2022-09-23 | 国汽(北京)智能网联汽车研究院有限公司 | Communication method, device, equipment and storage medium |
CN112865966A (en) * | 2021-02-05 | 2021-05-28 | 安徽华典大数据科技有限公司 | Identity authentication method based on quantum key encryption |
CN113242238B (en) * | 2021-05-10 | 2022-05-27 | 中国建设银行股份有限公司 | Secure communication method, device and system |
CN113438074B (en) * | 2021-06-24 | 2022-11-11 | 中电信量子科技有限公司 | Decryption method of received mail based on quantum security key |
CN113572784A (en) * | 2021-08-04 | 2021-10-29 | 神州数码系统集成服务有限公司 | VPN user identity authentication method and device |
CN114071461B (en) * | 2021-11-12 | 2023-11-03 | 江苏亨通问天量子信息研究院有限公司 | 5G communication module based on quantum key encryption |
CN114089674A (en) * | 2021-11-22 | 2022-02-25 | 安徽健坤通信股份有限公司 | Cloud terminal management and control system based on quantum identity authentication |
CN114448629A (en) * | 2022-03-25 | 2022-05-06 | 中国电信股份有限公司 | Identity authentication method and device, storage medium and electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011059306A3 (en) * | 2009-11-13 | 2011-08-11 | Mimos Berhad | A secure key distribution protocol based on hash functions utilizing quantum authentication channel (kdp-6dp) |
CN103095461A (en) * | 2013-01-23 | 2013-05-08 | 山东量子科学技术研究院有限公司 | Authentication method for network signaling between quantum safety network equipment |
CN103338448A (en) * | 2013-06-07 | 2013-10-02 | 国家电网公司 | Wireless local area network security communication method based on quantum key distribution |
CN104821874A (en) * | 2015-05-15 | 2015-08-05 | 长春大学 | Method employing quantum secret key for IOT (Internet of Things) data encryption transmission |
-
2015
- 2015-12-04 CN CN201510881727.XA patent/CN105471584B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011059306A3 (en) * | 2009-11-13 | 2011-08-11 | Mimos Berhad | A secure key distribution protocol based on hash functions utilizing quantum authentication channel (kdp-6dp) |
CN103095461A (en) * | 2013-01-23 | 2013-05-08 | 山东量子科学技术研究院有限公司 | Authentication method for network signaling between quantum safety network equipment |
CN103338448A (en) * | 2013-06-07 | 2013-10-02 | 国家电网公司 | Wireless local area network security communication method based on quantum key distribution |
CN104821874A (en) * | 2015-05-15 | 2015-08-05 | 长春大学 | Method employing quantum secret key for IOT (Internet of Things) data encryption transmission |
Non-Patent Citations (1)
Title |
---|
量子身份认证研究;童虎;《基础科学辑》;20120831;正文第30-33页第4节 |
Also Published As
Publication number | Publication date |
---|---|
CN105471584A (en) | 2016-04-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105471584B (en) | A kind of identity identifying method based on quantum key encryption | |
US11799656B2 (en) | Security authentication method and device | |
CN110069918B (en) | Efficient double-factor cross-domain authentication method based on block chain technology | |
CN108418691B (en) | Dynamic network identity authentication method based on SGX | |
EP2304636B1 (en) | Mobile device assisted secure computer network communications | |
TWI536790B (en) | Communication method using fingerprint information authentication | |
WO2018127081A1 (en) | Method and system for obtaining encryption key | |
CN104243494B (en) | A kind of data processing method | |
US10263782B2 (en) | Soft-token authentication system | |
CN108809633B (en) | Identity authentication method, device and system | |
CN107920052B (en) | Encryption method and intelligent device | |
KR100860573B1 (en) | Method for User Authentication | |
CN101695038A (en) | Method and device for detecting SSL enciphered data safety | |
JPH07325785A (en) | Network user identifying method, ciphering communication method, application client and server | |
CN103560892A (en) | Secret key generation method and secret key generation device | |
CN113114668A (en) | Information transmission method, mobile terminal, storage medium and electronic equipment | |
EP3000216B1 (en) | Secured data channel authentication implying a shared secret | |
CN112351037A (en) | Information processing method and device for secure communication | |
CN109272314A (en) | A kind of safety communicating method and system cooperateing with signature calculation based on two sides | |
CN112989320B (en) | User state management system and method for password equipment | |
US20130166911A1 (en) | Implementation process for the use of cryptographic data of a user stored in a data base | |
CN106230840B (en) | A kind of command identifying method of high security | |
CN116244750A (en) | Secret-related information maintenance method, device, equipment and storage medium | |
CN114282189A (en) | Data security storage method, system, client and server | |
CN105049433B (en) | Markization card number information transmits verification method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220817 Address after: Room 906-1, Building 1, Huizheng University Cube Building, the intersection of Nanhuancheng Road and Herong Road, Jingyue Development Zone, Changchun City, Jilin Province 130000 Patentee after: Changchun Wenyin Technology Co., Ltd. Address before: 130022 Changchun University, 6543 Satellite Road, Jilin, Changchun Patentee before: CHANGCHUN University |
|
TR01 | Transfer of patent right |