CN107911211B - Two-dimensional code authentication system based on quantum communication network - Google Patents

Two-dimensional code authentication system based on quantum communication network Download PDF

Info

Publication number
CN107911211B
CN107911211B CN201710993072.4A CN201710993072A CN107911211B CN 107911211 B CN107911211 B CN 107911211B CN 201710993072 A CN201710993072 A CN 201710993072A CN 107911211 B CN107911211 B CN 107911211B
Authority
CN
China
Prior art keywords
dimensional code
quantum
authentication
quantum communication
application server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710993072.4A
Other languages
Chinese (zh)
Other versions
CN107911211A (en
Inventor
富尧
钟一民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Shenzhou Liangzi Network Science & Technology Co ltd
Original Assignee
Zhejiang Shenzhou Liangzi Network Science & Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Shenzhou Liangzi Network Science & Technology Co ltd filed Critical Zhejiang Shenzhou Liangzi Network Science & Technology Co ltd
Priority to CN201710993072.4A priority Critical patent/CN107911211B/en
Publication of CN107911211A publication Critical patent/CN107911211A/en
Application granted granted Critical
Publication of CN107911211B publication Critical patent/CN107911211B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/06009Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking
    • G06K19/06037Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code with optically detectable marking multi-dimensional coding
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C1/00Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people
    • G07C1/10Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/33Individual registration on entry or exit not involving the use of a pass in combination with an identity check by means of a password
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Electromagnetism (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Optics & Photonics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a two-dimensional code authentication system based on a quantum communication network, which comprises an application server, an application terminal, a mobile terminal, a quantum communication service station and a quantum key fob matched with the mobile terminal, wherein a corresponding quantum key is stored between the quantum key fob and the quantum communication service station; after the mobile terminal obtains the two-dimensional code generated from the application server through the application terminal, a two-dimensional code response value is generated in the matched quantum key fob by using the stored quantum key, the two-dimensional code response value is sent to the quantum communication service station through the application server for authentication, the authentication result is sent to the mobile terminal and/or the application terminal through the application server, and related services are executed. The invention utilizes the mobile terminal to scan and authenticate the two-dimensional code quickly and conveniently, and the key for authentication is stored in the quantum key fob to further improve the security.

Description

Two-dimensional code authentication system based on quantum communication network
Technical Field
The invention relates to the field of network security communication, in particular to a two-dimensional code authentication system based on a quantum communication network.
Background
In identity authentication, static passwords are easily stolen by malicious software or are violently cracked because the static passwords are fixed and unchanged. In order to solve the security problem of static passwords, the dynamic token technology has been the way.
The dynamic token replaces the traditional static password with a one-time password generated based on three variables of time, event and key. Each dynamic token card has a unique key, the keys are simultaneously stored in a server side, and the dynamic token card and the server respectively calculate the dynamic token to be authenticated according to the same key, the same random parameters (time and event) and the same algorithm during each authentication, so that the consistency of passwords is ensured on two sides, and the identity authentication is realized. Because the random parameters in each authentication are different, the dynamic tokens generated in each authentication are also different, and the randomness of the parameters ensures the unpredictability of each password, thereby ensuring the safety of the system in the most basic and important password authentication link. The dynamic token is classified from the terminal to include a hardware token and a handset token. The mobile phone token is client software installed on the mobile phone and used for generating the dynamic token.
International dynamic tokens have 2 major algorithms, one is the SecurID (using AES symmetric algorithm) of RSA and one is the HMAC algorithm used by the OATH organization. The dynamic token algorithm used domestically uses national secrets SM1 and SM 3.
Two-dimensional codes, also known as quickresponsecodes, are a very popular encoding method in recent years. Compared with the traditional bar code, the bar code can store more information and represent more data types. After the two-dimensional code is swept a yard payment function and is used the habit and train through what believe a little and pay precious sweeping a yard payment function, has had extensive cognitive degree. At present, the two-dimensional code of each large platform application is generated by a background, and an application terminal user uses a mobile terminal APP to scan the two-dimensional code to perform safe identity authentication. Two-dimensional code technology may be combined with dynamic token technology, for example to carry challenge information for challenge-response dynamic tokens.
Quantum communication is an emerging cross-domain combining quantum theory and information theory, and people are increasingly concerned about the high-security information transmission capability of the quantum communication.
For example, chinese patent application 201510513004.4 discloses a mobile token identity authentication system based on a quantum cryptography network, in which dynamic token authentication of a quantum communication network is introduced. However, the security of the mobile terminal is not considered, and the dynamic password needs to be manually input in the application terminal, so that the operation is inconvenient.
Chinese patent application 201610843356.0 discloses a user identity authentication system and method, which introduces a quantum communication service station and quantum key fob and a method for implementing mutual authentication. However, only the authentication of the quantum communication user equipment equipped with the quantum key fob by the quantum communication service station is described, and the internal authentication of the application system in the quantum communication network, i.e., the authentication of the application terminal by the application server, is not described.
Problems in the prior art
1. In the prior art, in the process of identity authentication by using a dynamic token, an application terminal user needs to manually input the dynamic token, so that the operation is too complicated, and potential safety hazards exist.
2. In the prior art, a secret key of a mobile phone token is stored in a mobile phone memory and can be stolen by malicious software or malicious operation.
3. In the prior art, the seed key of the mobile token is not changed, and the security is not high enough.
4. In the prior art, the dynamic password system of each application server is independent, and a user needs to maintain a plurality of dynamic tokens or dynamic token software, so that the management is inconvenient.
Disclosure of Invention
The invention provides a two-dimensional code authentication system based on a quantum communication network, which utilizes a mobile terminal to scan and authenticate a two-dimensional code, so that a user can operate the two-dimensional code quickly and conveniently, the experience is superior to that of a dynamic password, more importantly, a secret key for authentication is stored in a quantum key fob, and the quantum key fob is isolation hardware and is difficult to be stolen by malicious software or malicious operation in the mobile terminal.
A two-dimensional code authentication system based on a quantum communication network comprises an application server, an application terminal, a mobile terminal, a quantum communication service station and a quantum key fob matched with the mobile terminal, wherein a corresponding quantum key is stored between the quantum key fob and the quantum communication service station;
when the two-dimension code authentication is carried out, the mobile terminal obtains the two-dimension code generated from the application server through the application terminal, then the two-dimension code response value is generated in the matched quantum key fob by using the stored quantum key, the two-dimension code response value is sent to the quantum communication service station through the application server for authentication, the authentication result is sent to the mobile terminal and/or the application terminal through the application server, and related services are executed.
The two-dimension code comprises a two-dimension code challenge value, the two-dimension code challenge value generates a two-dimension code response value through a pre-negotiation algorithm, the application server sends the two-dimension code challenge value when sending the two-dimension code response value to the quantum communication service station, and the quantum communication service station can calculate and generate an expected response value of the two-dimension code and compare the expected response value and the expected response value, wherein the expected response value is regarded as successful authentication if the quantum key card matched with the mobile terminal and the quantum communication service station store corresponding quantum keys.
The two-dimension code response value is generated in the quantum key fob matched with the mobile terminal by using the quantum key, and the key in the quantum key fob is variable, so that even one key can be authenticated at one time, and the security is higher than that of a dynamic password. The dynamic password systems of a plurality of application servers can be authenticated by the same quantum communication system, and the management of users is convenient. The security of the mobile terminal can be guaranteed by adopting quantum key encryption communication when data is transmitted between the mobile terminal and the quantum communication service station.
A plurality of application terminals can be configured under the same application server, the number of quantum communication service stations participating in the authentication process is not limited to one, when a plurality of quantum nodes are involved in mutual communication, the inter-station quantum key obtained in a QKD mode can be used for encrypting communication, or the quantum key card is adopted to encrypt communication with the affiliated quantum communication service station (namely the quantum key card is issued by the affiliated quantum communication service station, and a corresponding quantum key is stored between the quantum communication service station and the affiliated quantum key card).
The two-dimensional code authentication system can be applied to various systems needing identity authentication, multiple application servers and multiple application terminals can be configured according to needs and scenes, the application servers run business service programs, and the application terminals run business client programs.
Optionally, the application server is a background server of the access control system; an intelligent building background control center or an attendance system background server; the application terminal is correspondingly an access control device; controlled terminal of intelligent building or attendance machine terminal.
Optionally, the user of the mobile terminal applies for the two-dimensional code to the application server through the application terminal, and the application information carries or does not carry the identification number pre-assigned to the user by the application server.
Compared with the portable identification number, if the portable identification number is not carried, the user of the mobile terminal does not need to input any information to the application terminal, and the application terminal sends an empty user access request to the application server, so that the operation of the user is further facilitated.
Optionally, the application terminal outputs the two-dimensional code generated from the application server through a display screen; or outputting the two-dimensional code generated from the application server in a printing mode.
Optionally, the application server receives a response with the two-dimension code response value from the mobile terminal, extracts corresponding information from the response, judges the validity, and sends the two-dimension code response value to the quantum communication service station for authentication after judging the validity.
The mobile terminal calculates a two-dimension code response value and then sends a response to the application server, wherein the response not only comprises the two-dimension code response value, but also comprises a two-dimension code ID and an identity number of a quantum key card of the mobile terminal; according to the judgment mode, the biological information of the user, such as fingerprint information, iris information, face information, vein information, palm print information and the like, collected by the mobile terminal can be carried in the response.
Optionally, the validity judgment includes at least one of the following judgments:
whether the two-dimensional code is generated by the current application server;
whether the user and the quantum key fob used have a match in their identification numbers;
whether the biological characteristics of the user are matched with the reserved information in the application server or not;
whether the two-dimensional code authentication time is overdue or not.
Optionally, the application server is also configured with a corresponding quantum key fob, and a corresponding quantum key is stored between the quantum key fob and the quantum communication service station, so as to encrypt communication between the application server and the quantum communication service station.
During communication, if a plurality of quantum communication service stations participate, the quantum communication service stations communicate with each other by adopting an inter-station quantum key; and the mobile terminal and the affiliated quantum communication service station and the application server and the affiliated quantum communication service station adopt quantum keys issued by the affiliated quantum communication service station to carry out communication.
Optionally, the quantum key fob of the application server issues from a first quantum communication service station, the quantum key fob of the mobile terminal issues from a second quantum communication service station, and after receiving the two-dimensional code response value sent by the application server, the first quantum communication service station forwards the two-dimensional code response value to the second quantum communication service station for authentication, and forwards the authentication result from the second quantum communication service station to the application server.
The quantum key card of the application server issues from the first quantum communication service station, so that the two can carry out encrypted communication by using the quantum key, but the first quantum communication service station cannot authenticate the two-dimensional code response value, and the quantum key card needs to be forwarded to the second quantum communication service station by using the inter-station quantum key to carry out authentication.
In another mode, the quantum key fob of the application server issues from a first quantum communication service station, the quantum key fob of the mobile terminal issues from a second quantum communication service station, the first quantum communication service station requests a quantum key capable of implementing authentication to the second quantum communication service station after receiving the two-dimensional code response value sent by the application server, and then the first quantum communication service station performs authentication and forwards the authentication result to the application server.
Optionally, the quantum key fobs of the mobile terminal and the application server are issued from the same quantum communication service station, and the quantum communication service station stores quantum keys respectively corresponding to the quantum key fobs of the mobile terminal and the application server.
In this case, the quantum communication service station, on the one hand, may directly encrypt and communicate with the application server to receive the two-dimensional code response value by using the stored quantum key, and may also perform authentication and return an authentication result, which is relatively simplified in process.
The invention has the beneficial effects that:
1. the two-dimension code is adopted for verification, so that the problem that in the prior art, the operation is too complicated in the process of using the dynamic token for identity authentication is solved.
2. The quantum key card based on the independent hardware form solves the problem that in the prior art, the key of the mobile phone token is stored in a mobile phone memory and can be stolen by malicious software or malicious operation.
3. The quantum key in the quantum key card is variable, and the problem of low security caused by the fact that the seed key of the mobile phone token is not changed in the prior art is solved.
4. A plurality of application servers can be verified by adopting the same quantum communication system, and the problem of inconvenient management caused by mutual independence of dynamic password systems of all the application servers in the prior art is solved.
Drawings
FIG. 1 is a networking diagram of a two-dimensional code authentication system based on a quantum communication network;
FIG. 2 is a flowchart of example 1 of the present invention;
FIG. 3 is a flowchart of example 2 of the present invention;
FIG. 4 is a flowchart of example 3 of the present invention;
FIG. 5 is a flowchart of embodiment 4 of the present invention.
Detailed Description
Referring to fig. 1, in the two-dimensional code authentication system based on the quantum communication network, in the quantum communication network, a plurality of quantum communication metropolitan area networks are accessed to a quantum communication trunk, and each quantum communication metropolitan area network can be accessed by a plurality of quantum communication service stations.
The quantum communication service station is internally provided with a plurality of servers such as authentication service, quantum key distribution service, and quantum random number service.
The authentication service is used for authenticating the identity of the user equipment of the quantum communication service station.
The quantum key distribution service is used for quantum key distribution and generation of a pairwise key with another quantum communication service station through a quantum communication metropolitan area network and a quantum communication trunk, and the key distribution protocol is preferably BB 84.
The quantum random number service is used for issuing quantum key fobs and quantum communication service stations with paired quantum random number key sets, and the issuing process can refer to the issuing process of the quantum key fobs in chinese patent application 201610843210.6.
After the quantum random number service issues a quantum key fob and a quantum communication service station with paired quantum random number key sets, the quantum communication service station issues the quantum key fob to user equipment of the quantum communication service station, and during actual use, the quantum key fob and the user equipment of the quantum communication service station have a one-to-one correspondence relationship. The user equipment of the quantum communication service station can be accessed to the quantum communication service station in the form of fixed user equipment and mobile user equipment. The fixed user equipment can be a common PC/MAC computer, an embedded device, or various servers, such as the application server of the invention. The mobile user equipment can be various mobile terminals such as mobile phones/PADs and the like. No matter what kind of quantum communication service station's equipment, it leaves the interface to dock the quantum key card, and can communicate with it. When the user equipment is accessed to the quantum communication service station, the user equipment and a specific quantum key card are in one-to-one correspondence binding relation, otherwise, the user equipment cannot be accessed to the quantum communication service station.
Regarding the implementation of the quantum key fob, reference may be made to chinese patent application 201610843210.6, which discloses a quantum communication service station, a quantum key management apparatus, and a key configuration network and method, and also describes the issue of the quantum key fob.
The application system can be various systems needing identity authentication and comprises an application server and a plurality of application terminals, wherein the application server runs a service program, and the application terminals run a service client program. The application system of the invention can be but is not limited to: an access control system; an intelligent building control system; an attendance system; and so on. In the case of the aforementioned three application systems, the application servers are respectively: a background server of the access control system; an intelligent building background control center; a background server of the attendance system; the application terminals are respectively as follows: an access control device; an intelligent building controlled terminal; attendance machine terminal.
The application server is a user device of the quantum communication service station. The application end user must simultaneously own the mobile user devices of the quantum communication service station, and each mobile user device corresponds to one or more quantum key fobs.
The application terminal need not be, but may also be, a user equipment of the quantum communication service station. When the application terminal is a user device of the quantum communication service station, the application terminal and the application server are communicated through a quantum communication network. When the application terminal is not the user equipment of the quantum communication service station, a secure authentication and authorization network leading to the application terminal by the application server is arranged between the application terminal and the application server, namely the network for the application server to safely and effectively send the authentication result and the authorization information to the application terminal. The possibilities for secure authenticated authorized networks are: the communication network is ensured by keys such as a static key, a pre-distributed key, a dynamic token key, a mobile phone dynamic token key, a short message key and the like or CA certificates; a private secure communication network, etc.
Each application terminal has the capability of displaying the two-dimensional code image.
The mobile terminals needing to acquire and identify the two-dimensional codes are provided with cameras with enough resolution ratios for acquiring two-dimensional code images and functional modules for analyzing information contained in the two-dimensional codes from the two-dimensional code images, and the modules use technologies known by persons skilled in the art, so the implementation mode is not discussed in the invention.
Example 1
QRA _ FLOW two-dimensional code authentication process
The party directly involved in QRA _ FLOW includes a mobile terminal MT (the current quantum key fob is MTK, and the id thereof is MTKID), an application terminal AT, an application server AS (the current quantum key fob is ASK, and the id thereof is ASK), an authentication service module QMT (the id thereof is QMTID) of the quantum communication service station corresponding to the current key of MTK, and an authentication service module QAS (the id thereof is QASID) of the quantum communication service station corresponding to the current key of ASK. The AT user holds the MT, which is currently paired with the MTK, and thus the AT user holds the MTK.
The AT user registers the MTK with the AS. The ID number distributed by the AS to the AT user is UID; the identity number of the quantum key card bound by the quantum key card is MTKID. The AS stores the UID and its corresponding MTKID to an account database. The AS can also store the user biological characteristics corresponding to the UID into an account database, such AS fingerprint characteristics, iris characteristics, face characteristics, vein characteristics, palm print characteristics and the like.
See fig. 2, QRA _ FLOW is as follows:
3.1 AT sends user Access request to AS
The access request types are: displaying an AT related service interface; executing AT-controlled access switch operation; executing AT controlled electrical switch operation of the intelligent building; the attendance checking of the personnel AT the position of the AT is executed; and so on.
The AT user inputs the UID to the AT. The UID is carried in the user access request sent by AT to AS.
3.2 AS processing user Access requests
The AS judges whether the UID exists or not, if not, a failure message and an error code are returned to the AT, and the process is ended; otherwise, continuing.
And the AS generates and records the related information of the two-dimensional code to a two-dimensional code database of the AS.
The two-dimensional code related information includes two-dimensional code authentication information and two-dimensional code additional information, see the following table.
Figure RE-GDA0001491487540000081
The two-dimension code authentication information comprises a two-dimension code ID and a two-dimension code challenge value. The two-dimensional code ID is a number or a character string inside the AS representing the unique identity of the two-dimensional code. The challenge value of the two-dimension code is a true random number.
The two-dimension code additional information comprises two-dimension code generation time, a two-dimension code applicant ID and a two-dimension code applicant contact way. The two-dimensional code generation time is a time at which the two-dimensional code authentication information is generated. The two-dimensional code applicant ID is UID. The two-dimensional code applicant contact means is the IP address of the AT plus the port number.
The two-dimensional code related information recorded by the AS has a time range in which the authentication is valid, and the time range is called the maximum time difference of the two-dimensional code authentication. And after the time range of the authentication validity is exceeded, the two-dimensional code related information is regarded AS invalid information, and the two-dimensional code related information is deleted from the two-dimensional code database of the AS at irregular intervals. Preferably, the maximum time difference of the two-dimensional code authentication is 60 seconds. The maximum time difference of the two-dimensional code authentication can also be set to infinity.
3.3 AS sends two-dimensional code pictures to AT
And the AS generates a two-dimensional code picture by utilizing the two-dimensional code authentication information and the contact way of the two-dimensional code generator according to the two-dimensional code generation rule. The two-dimensional code generator contact address is the IP address of the AS plus the port number.
And the AS sends the two-dimension code picture to the AT according to the contact way of the two-dimension code applicant.
3.4 AT display two-dimensional code picture
The AT may display an electronic version of the two-dimensional code picture on a screen of the electronic device.
The AT can also print the two-dimensional code picture as a solid picture to be posted.
3.5 MT collects two-dimensional code picture and obtains related information
And the MT acquires the two-dimension code authentication information and the contact information of the two-dimension code generator. The two-dimension code authentication information comprises a two-dimension code ID and a two-dimension code challenge value.
3.6 MT generates two-dimension code response value
And the MT transmits the two-dimension code authentication information to the MTK, the MTK takes out the current authentication key, and the two-dimension code response value is calculated according to an agreed authentication algorithm by combining the two-dimension code challenge value in the two-dimension code authentication information. Preferably, the authentication algorithm is a challenge response algorithm, and the response mode is a keyed hash algorithm (e.g., HMAC).
3.7 the MT sends a response to the AS, including the two-dimension code ID, the MTKID and the two-dimension code response value
And the MT sends the information to the AS through the contact way of the two-dimension code generator.
Besides the above information, the user biological information collected by the MT, such as fingerprint information, iris information, face information, vein information, palm print information, etc., can be carried.
3.8 AS judges the validity of the answer
3.8.1 two-dimensional code validity judgment
The AS searches the related information of the two-dimensional code in a two-dimensional code database of the AS according to the ID of the two-dimensional code, if the related information of the two-dimensional code cannot be found, the related information is judged to be illegal, a failure message and an error code are returned to the MT, and the process is ended; otherwise, continuing.
3.8.2 identity information validity judgment
The AS finds out the UID from the related information of the two-dimensional code, judges whether the MTKID belongs to the UID according to the account database, if not, judges that the MTKID is illegal, returns a failure message and an error code to the MT, and finishes the process; otherwise, continuing.
If the information sent by the MT carries user biological information, the AS judges whether the biological information conforms to the user biological characteristics stored by the MT according to the account database, if not, the biological information is judged to be illegal, a failure message and an error code are returned to the MT, and the process is ended; otherwise, continuing.
3.8.3 time validity judgment
The AS records the current time, namely the two-dimension code authentication time. And the AS finds out the two-dimensional code generation time in the two-dimensional code related information. The two-dimensional code authentication time difference is equal to the difference between the two-dimensional code authentication time and the two-dimensional code generation time. If the two-dimension code authentication time difference is larger than the maximum two-dimension code authentication time difference, judging that the two-dimension code authentication time difference is illegal, returning a failure message and an error code to the MT, and ending the process; otherwise, continuing.
3.9 AS sends MTKID, two-dimension code challenge value and two-dimension code response value to QAS
3.10 QAS sends MTKID, two-dimension code challenge value and two-dimension code response value to QMT
The QAS finds its corresponding QMT according to the MTKID and then sends the information.
3.11 QMT verifying two-dimensional code answer value
QMT, searching a quantum random number key corresponding to the MTK according to the MTKID, and performing authentication algorithm calculation by combining the two-dimensional code challenge value to obtain the expected response value of the two-dimensional code. QMT, comparing the two-dimension code response value with the expected two-dimension code response value to obtain the two-dimension code authentication result. If the two-dimension code response value is equal to the expected two-dimension code response value, the authentication is successful; otherwise, the authentication fails.
3.12 QMT sending two-dimensional code authentication result to QAS
3.13 QAS sends two-dimension code authentication result to AS
In steps 3.9, 3.10, 3.12 and 3.13, data transmission between different quantum communication service stations and between the application server and the quantum communication service stations is involved, the different quantum communication service stations can perform encrypted transmission and mutual authentication of data by using quantum keys between the stations, the application server can perform encrypted transmission and mutual authentication of data between the quantum key card and the belonging quantum communication service station, the process can also refer to related contents of chinese patent application 201610845826.7 and 201610842873.6, and the security and reliability of data transmission are ensured by an encryption and decryption method and a message authentication method of a quantum communication network.
If the application server and the mobile terminal are matched with the quantum key fobs, the application server and the mobile terminal can utilize the respective quantum key fobs to perform data encryption transmission and mutual authentication between the quantum communication service stations respectively belonging to the application server and the mobile terminal.
3.14 AS executes the relevant service according to the two-dimension code authentication result
If the two-dimension code authentication result is successful, the related services of the AS may include, but are not limited to: displaying the successful authentication of the user and a related service interface; recording the successful authentication information to a log module; starting the exclusive service of the successful authentication person; and so on.
If the two-dimension code authentication result is failure, the related services of the AS may include, but are not limited to: displaying user authentication failure and a related service interface; recording authentication failure information to a log module; and so on.
3.15 AS sends two-dimension code authentication result to AT
The authentication result is sent through a quantum communication network or a secure authentication and authorization network.
3.16 AT executes related service according to two-dimension code authentication result
If the two-dimension code authentication result is successful, the related services of the AT may include, but are not limited to: displaying the successful authentication of the user and a related service interface; executing the door access switch operation; executing electrical switch operation of the intelligent building; the attendance checking success operation is executed; recording the successful authentication information to a log module; and so on.
If the two-dimension code authentication result is failure, the related services of the AT may include, but are not limited to: displaying user authentication failure and a related service interface; recording authentication failure information to a log module; and so on.
This completes QRA _ FLOW.
When the next round of QRA _ FLOW authentication starts, starting from 3.1, namely applying for a new two-dimensional code for authentication; authentication can also be performed from 3.5, namely by using the two-dimensional code applied for the previous time.
The MT can also get the authentication result, i.e. 3.15 and 3.16 are changed to:
3.15' AS sends the two-dimension code authentication result to MT, and the data transmission between AS and MT is ensured by quantum communication network
3.16' MT executes relevant service according to the two-dimension code authentication result, for example, executes operation of displaying authentication result and the like
It is also possible to let the AT and the MT simultaneously obtain the authentication result.
Example 2
Simplified two-dimensional code authentication process QRA _ SFLOW
The special case of QRA _ FLOW is that when the quantum communication service stations corresponding to the quantum key fobs used by the application server and the mobile terminal are the same, i.e. only QAS and no QMT exist, the FLOW is properly simplified. The specific process is similar to QRA _ FLOW of example 1, except that several steps of QAS and QMT communication are omitted.
See fig. 3, QRA _ SFLOW is as follows:
4.1 AT sends user access request to AS;
4.2 AS processes user access request;
4.3 AS sends the two-dimensional code picture to AT;
4.4 AT displays the two-dimensional code picture;
4.5 the MT acquires the two-dimensional code picture and acquires related information;
4.6 the MT generates a two-dimensional code response value;
4.7 the MT sends a response to the AS, wherein the response comprises the two-dimension code ID, the MTKID and the two-dimension code response value;
4.8 the AS judges the response validity;
4.8.1 judging the validity of the two-dimensional code;
4.8.2 judging the validity of the identity information;
4.8.3 time validity judgment;
4.9 the AS sends MTKID, two-dimension code challenge value and two-dimension code response value to the QAS;
4.10 QAS verifies the two-dimensional code response value;
4.11 QAS sends the two-dimension code authentication result to AS;
4.12 the AS executes the relevant service according to the two-dimension code authentication result;
4.13 AS sends the two-dimension code authentication result to AT;
4.14 AT executes relevant service according to the two-dimension code authentication result;
this completes QRA _ SFLOW.
When the next round of QRA _ SFLOW authentication starts, the authentication can be started from 4.1, namely, a new two-dimensional code is applied for authentication; the authentication can also be performed from 4.5, namely, by using the two-dimensional code applied for the previous time.
The MT can also obtain the authentication result; it is also possible to let the AT and the MT simultaneously obtain the authentication result.
Example 3
Two-dimensional code authentication FLOW SQRA _ FLOW for simplifying operation
The QRA _ FLOW and QRA _ SFLOW described above both require the UID to be input to the AT in the first step, and are inconvenient to operate if the UID is input more complicated. To further facilitate user operation, the following FLOW SQRA _ FLOW may be used without the AT user entering the UID.
The direct involved party of SQRA _ FLOW is the same as QRA _ FLOW.
The AT user registers MTK to AS, the AS records MTKID to an account database of the AS, and the situation is recorded AS SQRA _ FLOW _ REG; or not registered, this case is denoted as SQRA _ FLOW _ UNREG. In the case of SQRA _ FLOW _ REG, the AS may further store user biological characteristics corresponding to the MTKID in an account database, such AS fingerprint characteristics, iris characteristics, face characteristics, vein characteristics, palm print characteristics, and the like.
See fig. 4, SQRA _ FLOW is as follows:
5.1 AT sends user Access request to AS
The access request types are: displaying an AT related service interface; executing AT-controlled access switch operation; executing AT controlled electrical switch operation of the intelligent building; the attendance checking of the personnel AT the position of the AT is executed; and so on.
The AT user does not need to enter any information into the AT. The AT sends an empty user access request to the AS.
5.2 AS processing user Access requests
And the AS generates and records the related information of the two-dimensional code to a two-dimensional code database of the AS.
The two-dimensional code related information includes two-dimensional code authentication information and two-dimensional code additional information, see the following table.
Figure RE-GDA0001491487540000131
The two-dimension code authentication information comprises a two-dimension code ID and a two-dimension code challenge value. The two-dimensional code ID is a number or a character string inside the AS representing the unique identity of the two-dimensional code. The challenge value of the two-dimension code is a true random number.
The two-dimension code additional information comprises two-dimension code generation time and a two-dimension code applicant contact way. The two-dimensional code generation time is a time at which the two-dimensional code authentication information is generated. The two-dimensional code applicant contact means is the IP address of the AT plus the port number.
The two-dimensional code related information recorded by the AS has a time range in which the authentication is valid, and the time range is called the maximum time difference of the two-dimensional code authentication. And after the time range of the authentication validity is exceeded, the two-dimensional code related information is regarded AS invalid information, and the two-dimensional code related information is deleted from the two-dimensional code database of the AS at irregular intervals. Preferably, the maximum time difference of the two-dimensional code authentication is 60 seconds. The maximum time difference of the two-dimensional code authentication can also be set to infinity.
5.3 AS sends two-dimensional code picture to AT
And the AS generates a two-dimensional code picture by utilizing the two-dimensional code authentication information and the contact way of the two-dimensional code generator according to the two-dimensional code generation rule. The two-dimensional code generator contact address is the IP address of the AS plus the port number.
And the AS sends the two-dimension code picture to the AT according to the contact way of the two-dimension code applicant.
5.4 AT display two-dimensional code picture
The AT may display an electronic version of the two-dimensional code picture on a screen of the electronic device.
The AT can also print the two-dimensional code picture as a solid picture to be posted.
5.5 MT collects two-dimensional code picture and obtains related information
And the MT acquires the two-dimension code authentication information and the contact information of the two-dimension code generator. The two-dimension code authentication information comprises a two-dimension code ID and a two-dimension code challenge value.
5.6 MT generates two-dimension code response value
And the MT transmits the two-dimension code authentication information to the MTK, the MTK takes out the current authentication key, and the two-dimension code response value is calculated according to an agreed authentication algorithm by combining the two-dimension code challenge value in the two-dimension code authentication information. Preferably, the authentication algorithm is a challenge response algorithm, and the response mode is a keyed hash algorithm (e.g., HMAC).
5.7 the MT sends a response to the AS, including the two-dimension code ID, the MTKID and the two-dimension code response value
And the MT sends the information to the AS through the contact way of the two-dimension code generator.
Besides the above information, the user biological information collected by the MT, such as fingerprint information, iris information, face information, vein information, palm print information, etc., can be carried.
5.8 AS judges the validity of the answer
5.8.1 two-dimensional code validity judgment
The AS searches the related information of the two-dimensional code in a two-dimensional code database of the AS according to the ID of the two-dimensional code, if the related information of the two-dimensional code cannot be found, the related information is judged to be illegal, a failure message and an error code are returned to the MT, and the process is ended; otherwise, continuing.
5.8.2 (in the case of SQRA _ FLOW _ REG only) identity information legitimacy determination
The AS searches in an account database, judges whether the MTKID belongs to the AS according to the account database, if not, judges the MTKID to be illegal, returns a failure message and an error code to the MT, and finishes the process; otherwise, continuing.
If the information sent by the MT carries user biological information, the AS judges whether the biological information conforms to the user biological characteristics stored by the MT according to the account database, if not, the biological information is judged to be illegal, a failure message and an error code are returned to the MT, and the process is ended; otherwise, continuing.
5.8.3 time validity judgment
The AS records the current time, namely the two-dimension code authentication time. And the AS finds out the two-dimensional code generation time in the two-dimensional code related information. The two-dimensional code authentication time difference is equal to the difference between the two-dimensional code authentication time and the two-dimensional code generation time. If the two-dimension code authentication time difference is larger than the maximum two-dimension code authentication time difference, judging that the two-dimension code authentication time difference is illegal, returning a failure message and an error code to the MT, and ending the process; otherwise, continuing.
5.9 AS sends MTKID, two-dimension code challenge value and two-dimension code response value to QAS
5.10 QAS sends the MTKID, the two-dimension code challenge value and the two-dimension code response value to QMT
The QAS finds its corresponding QMT according to the MTKID and then sends the information.
5.11 QMT verifying two-dimensional code answer value
QMT, searching a quantum random number key corresponding to the MTK according to the MTKID, and performing authentication algorithm calculation by combining the two-dimensional code challenge value to obtain the expected response value of the two-dimensional code. QMT, comparing the two-dimension code response value with the expected two-dimension code response value to obtain the two-dimension code authentication result. If the two-dimension code response value is equal to the expected two-dimension code response value, the authentication is successful; otherwise, the authentication fails.
5.12 QMT sending two-dimensional code authentication result to QAS
5.13 QAS sends two-dimension code authentication result to AS
In steps 5.9, 5.10, 5.12 and 5.13, data transmission between different quantum communication service stations and between the application server and the quantum communication service stations is involved, the different quantum communication service stations can perform encrypted transmission and mutual authentication of data by using quantum keys between the stations, the application server can perform encrypted transmission and mutual authentication of data between the quantum key card and the belonging quantum communication service station, the process can also refer to related contents of chinese patent application 201610845826.7 and 201610842873.6, and the security and reliability of data transmission are ensured by an encryption and decryption method and a message authentication method of a quantum communication network.
If the application server and the mobile terminal are matched with the quantum key fobs, the application server and the mobile terminal can utilize the respective quantum key fobs to perform data encryption transmission and mutual authentication between the quantum communication service stations respectively belonging to the application server and the mobile terminal.
5.14 AS executes the relevant service according to the two-dimension code authentication result
If the two-dimension code authentication result is successful, the related services of the AS may include, but are not limited to: displaying the successful authentication of the user and a related service interface; recording the successful authentication information to a log module; starting the exclusive service of the successful authentication person; and so on.
If the two-dimension code authentication result is failure, the related services of the AS may include, but are not limited to: displaying user authentication failure and a related service interface; recording authentication failure information to a log module; and so on.
5.15 AS sends two-dimension code authentication result to AT
The authentication result is sent through a quantum communication network or a secure authentication and authorization network.
5.16 AT executes relevant service according to two-dimension code authentication result
If the two-dimension code authentication result is successful, the related services of the AT may include, but are not limited to: displaying the successful authentication of the user and a related service interface; executing the door access switch operation; executing electrical switch operation of the intelligent building; the attendance checking success operation is executed; recording the successful authentication information to a log module; and so on.
If the two-dimension code authentication result is failure, the related services of the AT may include, but are not limited to: displaying user authentication failure and a related service interface; recording authentication failure information to a log module; and so on.
This completes SQRA _ FLOW.
When the next round of SQRA _ FLOW authentication starts, the authentication can be started from 5.1, that is, a new two-dimensional code is applied for authentication; the authentication can also be performed from 5.5, namely, by using the two-dimensional code applied for the previous time.
The MT can also get the authentication result, i.e. 5.15 and 5.16 are changed to:
5.15' AS sends the two-dimension code authentication result to MT, and the data transmission between AS and MT is ensured by quantum communication network
5.16' MT executes related service according to the two-dimension code authentication result, for example, executes operation of displaying authentication result and the like
It is also possible to let the AT and the MT simultaneously obtain the authentication result.
Example 4
Two-dimensional code authentication simplified flow SQRA _ SFLOW with simplified operation
The special case of SQRA _ FLOW is that the FLOW is properly simplified when the quantum communication service stations corresponding to the quantum key fobs used by the application server and the mobile terminal are the same, i.e. only QAS and not QMT are present. The specific process is similar to SQRA _ FLOW of example 3, except that several steps of QAS and QMT communication are omitted.
See fig. 5, SQRA _ SFLOW is as follows:
6.1 AT sends user access request to AS;
6.2 AS processes user access request;
6.3 AS sends the two-dimensional code picture to AT;
6.4 AT displays the two-dimensional code picture;
6.5 the MT acquires the two-dimensional code picture and acquires related information;
6.6 the MT generates a two-dimensional code response value;
6.7 the MT sends a response to the AS, wherein the response comprises the two-dimension code ID, the MTKID and the two-dimension code response value;
6.8 the AS judges the response validity;
6.8.1 judging the validity of the two-dimensional code;
6.8.2 (in case of SQRA _ FLOW _ REG only) identity information validity judgment;
6.8.3 time validity judgment;
6.9 the AS sends MTKID, two-dimension code challenge value and two-dimension code response value to the QAS;
6.10 QMT verifying the two-dimension code response value;
6.11 QAS sends the two-dimension code authentication result to AS;
6.12 the AS executes the relevant service according to the two-dimension code authentication result;
6.13 AS sends the two-dimension code authentication result to AT;
6.14 AT executes relevant service according to the two-dimension code authentication result;
this completes SQRA _ SFLOW.
When the next round of SQRA _ SFLOW authentication starts, the method can start from 6.1, namely, a new two-dimensional code is applied for authentication; the authentication can also be carried out from 6.5, namely by using the two-dimensional code applied for the previous time.
The MT can also obtain the authentication result; it is also possible to let the AT and the MT simultaneously obtain the authentication result.
The above disclosure is only for the specific embodiments of the present invention, but the present invention is not limited thereto, and those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. For example, the step of scanning and transmitting data by the two-dimensional code may be replaced by any other short-distance communication technology, such as bluetooth, WIFI, infrared, NFC, ZigBee, UWB, and the like. It is to be understood that such changes and modifications are intended to be included within the scope of the appended claims. Furthermore, although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims (8)

1. A two-dimensional code authentication system based on a quantum communication network comprises an application server, an application terminal and a mobile terminal, and is characterized by further comprising a quantum communication service station and a quantum key fob matched with the mobile terminal and the application server, wherein a corresponding quantum key is stored between the quantum key fob and the quantum communication service station;
when the two-dimension code authentication is carried out, the mobile terminal obtains the two-dimension code generated from the application server through the application terminal, then a two-dimension code response value is generated in the matched quantum key fob by using the stored quantum key, the application server receives the response with the two-dimension code response value from the mobile terminal, corresponding information is extracted from the response and legality judgment is carried out, the two-dimension code response value is sent to a quantum communication service station for authentication after the validity judgment is carried out, whether the biological characteristics of a user are matched with reserved information in the application server or not needs to be judged when the legality judgment is carried out, the authentication result is sent to the mobile terminal and/or the application terminal through the application server, and related services are executed.
2. The two-dimensional code authentication system based on the quantum communication network as claimed in claim 1, wherein the application server is a background server of the access control system; an intelligent building background control center or an attendance system background server; the application terminal is correspondingly an access control device; controlled terminal of intelligent building or attendance machine terminal.
3. The quantum communication network-based two-dimensional code authentication system as claimed in claim 1, wherein a user of the mobile terminal applies for the two-dimensional code to the application server through the application terminal, and the application information carries or does not carry an identification number pre-assigned to the user by the application server.
4. The quantum communication network-based two-dimensional code authentication system as claimed in claim 3, wherein the application terminal outputs the two-dimensional code generated from the application server through the display screen; or outputting the two-dimensional code generated from the application server in a printing mode.
5. The two-dimensional code authentication system based on the quantum communication network as claimed in claim 1, wherein the validity judgment comprises at least one of the following judgments:
whether the two-dimensional code is generated by the current application server;
whether the user and the quantum key fob used have a match in their identification numbers;
whether the two-dimensional code authentication time is overdue or not.
6. The two-dimensional code authentication system based on the quantum communication network as claimed in claim 1, wherein the quantum key card of the application server issues from the first quantum communication service station, the quantum key card of the mobile terminal issues from the second quantum communication service station, the first quantum communication service station receives the two-dimensional code response value sent by the application server, forwards the two-dimensional code response value to the second quantum communication service station for authentication, and forwards the authentication result from the second quantum communication service station to the application server.
7. The two-dimensional code authentication system based on the quantum communication network as claimed in claim 1, wherein the quantum key fob of the application server issues from the first quantum communication service station, the quantum key fob of the mobile terminal issues from the second quantum communication service station, the first quantum communication service station requests the quantum key capable of implementing authentication from the second quantum communication service station after receiving the two-dimensional code response value sent by the application server, and then the first quantum communication service station performs authentication and forwards the authentication result to the application server.
8. The two-dimensional code authentication system based on the quantum communication network as claimed in claim 1, wherein the quantum key fobs of both the mobile terminal and the application server are issued from the same quantum communication service station, and the quantum communication service station stores therein the quantum keys respectively corresponding to the quantum key fobs of both.
CN201710993072.4A 2017-10-23 2017-10-23 Two-dimensional code authentication system based on quantum communication network Active CN107911211B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710993072.4A CN107911211B (en) 2017-10-23 2017-10-23 Two-dimensional code authentication system based on quantum communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710993072.4A CN107911211B (en) 2017-10-23 2017-10-23 Two-dimensional code authentication system based on quantum communication network

Publications (2)

Publication Number Publication Date
CN107911211A CN107911211A (en) 2018-04-13
CN107911211B true CN107911211B (en) 2020-11-17

Family

ID=61840723

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710993072.4A Active CN107911211B (en) 2017-10-23 2017-10-23 Two-dimensional code authentication system based on quantum communication network

Country Status (1)

Country Link
CN (1) CN107911211B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108985750B (en) * 2018-06-11 2021-04-09 北京航空航天大学 Two-dimensional code transaction closed-loop authentication method based on time
CN108898708B (en) * 2018-06-21 2020-12-29 河南理工大学 Intelligent access control system based on quantum invisible state transfer and wireless local area network
CN111242248B (en) * 2018-11-09 2023-07-21 中移(杭州)信息技术有限公司 Personnel information monitoring method, device and computer storage medium
CN109448203A (en) * 2018-12-26 2019-03-08 江苏亨通问天量子信息研究院有限公司 Control method, device, system and the smart lock of smart lock

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106452750A (en) * 2016-10-19 2017-02-22 长春大学 Quantum encryption communication method for mobile devices
CN206100008U (en) * 2016-10-19 2017-04-12 长春大学 Be used for mobile device quantum cryptography to bear device
CN106712931A (en) * 2015-08-20 2017-05-24 上海国盾量子信息技术有限公司 Mobile phone token identity authentication system and method based on quantum cipher network

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016033356A1 (en) * 2014-08-27 2016-03-03 Contentguard Holdings, Inc. Method, apparatus, and media for creating social media channels
CN105991285B (en) * 2015-02-16 2019-06-11 阿里巴巴集团控股有限公司 Identity identifying method, apparatus and system for quantum key distribution process
CN104917766B (en) * 2015-06-10 2018-01-05 飞天诚信科技股份有限公司 A kind of two-dimension code safe authentication method
CN106452739A (en) * 2016-09-23 2017-02-22 浙江神州量子网络科技有限公司 Quantum network service station and quantum communication network
CN206042014U (en) * 2016-09-23 2017-03-22 浙江神州量子网络科技有限公司 Quantum network service station and quantum communication network
CN106357649B (en) * 2016-09-23 2020-06-16 浙江神州量子网络科技有限公司 User identity authentication system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106712931A (en) * 2015-08-20 2017-05-24 上海国盾量子信息技术有限公司 Mobile phone token identity authentication system and method based on quantum cipher network
CN106452750A (en) * 2016-10-19 2017-02-22 长春大学 Quantum encryption communication method for mobile devices
CN206100008U (en) * 2016-10-19 2017-04-12 长春大学 Be used for mobile device quantum cryptography to bear device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
无中心化离线认证技术的应用与实践;彭桂林;《技术与应用》;20170930;全文 *

Also Published As

Publication number Publication date
CN107911211A (en) 2018-04-13

Similar Documents

Publication Publication Date Title
CN106161032B (en) A kind of identity authentication method and device
CN101340436B (en) Method and apparatus implementing remote access control based on portable memory apparatus
CN107257334B (en) Identity authentication method for Hadoop cluster
CN105389500B (en) The method for unlocking another equipment using an equipment
WO2017201809A1 (en) Communication method and system for terminal
CN108270571A (en) Internet of Things identity authorization system and its method based on block chain
CN107911211B (en) Two-dimensional code authentication system based on quantum communication network
KR20120101523A (en) Secure multi-uim authentication and key exchange
CN110247881A (en) Identity identifying method and system based on wearable device
CN108768653A (en) Identity authorization system based on quantum key card
WO2017185450A1 (en) Method and system for authenticating terminal
JP2005504459A (en) Authentication method between portable article for telecommunication and public access terminal
CN108566273A (en) Identity authorization system based on quantum network
WO2014141263A1 (en) Asymmetric otp authentication system
CN114765534B (en) Private key distribution system and method based on national secret identification cryptographic algorithm
CN108964896A (en) A kind of Kerberos identity authorization system and method based on group key pond
CN108964897A (en) Identity authorization system and method based on group communication
CN110493162A (en) Identity identifying method and system based on wearable device
KR20210006329A (en) Remote biometric identification
CN112184952A (en) Intelligent lock control system, method and storage medium
CN107786978B (en) NFC authentication system based on quantum encryption
CN108964895A (en) User-to-User identity authorization system and method based on group key pond and improvement Kerberos
CN107888376B (en) NFC authentication system based on quantum communication network
CN108667801A (en) A kind of Internet of Things access identity safety certifying method and system
CN108650219A (en) A kind of method for identifying ID, relevant apparatus, equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant