CN108566273A - Identity authorization system based on quantum network - Google Patents

Identity authorization system based on quantum network Download PDF

Info

Publication number
CN108566273A
CN108566273A CN201810171948.1A CN201810171948A CN108566273A CN 108566273 A CN108566273 A CN 108566273A CN 201810171948 A CN201810171948 A CN 201810171948A CN 108566273 A CN108566273 A CN 108566273A
Authority
CN
China
Prior art keywords
user terminal
key
quantum
random number
network service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810171948.1A
Other languages
Chinese (zh)
Inventor
富尧
钟民
钟一民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201810171948.1A priority Critical patent/CN108566273A/en
Publication of CN108566273A publication Critical patent/CN108566273A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The invention discloses a kind of identity authorization systems based on quantum network, including user terminal A, TGT and corresponding Ticket is applied in user terminal B and quantum network service station, wherein user terminal A to quantum network service station, and accesses user terminal B using the Ticket obtained;Each user terminal is each configured with quantum key card, and corresponding quantum key is stored between quantum key card and quantum network service station;When being communicated between user terminal A and quantum network service station and between two users end authentication is carried out using the quantum key card configured.The present invention replaces the timestamp of the prior art using quantum true random number, solves the possibility for Replay Attack occur.Using quantum key card storage user terminal key rather than user terminal memory, quantum key card are independent hardware devices, and the possibility that key is stolen by Malware or malicious operation substantially reduces.And key can often change, and safety greatly improves.

Description

Identity authorization system based on quantum network
Technical field
The present invention relates to Technique on Quantum Communication fields, more particularly to the identity authorization system based on quantum network.
Background technology
Authentication is to realize the basic fundamental of information security, and system is to confirm the user by examining the identity of user The no access having to certain resource and access right, can also equally carry out the authentication between system and system.
Identity authorization system generally uses kerberos authentication scheme in present communications network.Kerberos is a kind of network Authentication protocol, design object are that powerful authentication service is provided for client/server applications by cipher key system.It should Certification of the realization of verification process independent of host operating system, is not necessarily based on the trust of host address, does not require on network The physical security of All hosts, and assume that the data packet transmitted on network can read, change and be inserted into data by arbitrary. Under case above, Kerberos as a kind of Third Party Authentication service trusty, be by traditional cryptographic technique (such as:Altogether Enjoy key) execute authentication service.
In kerberos authentication scheme, timestamp timestamp is introduced to check Replay Attack, but ticket According to there is life cycle, still can be used within the effective time of its life cycle.If the time for receiving message is to provide Within the scope of permission, it is judged that the message has freshness.But the attacker after obtaining licensing can send In this case the message of forgery is hard to find within the time of permission.
Attacker is possible to attack encryption device, or is attacked using Malware, so many researchs Person is being placed in the improvement to hardware device the improvement of Kerberos.Currently, the user terminal in kerberos system is suitble to make Trusted hardware device is smart card.Smart card is integrated into kerberos system, good effect is achieved.
Problem of the existing technology:
(1) existing identity identifying technology causes to occur playback and attack based on kerberos authentication scheme to the use of timestamp The possibility hit.
(2) Kerberos protocol requirements are synchronized based on clock in network, height are required to whole system time synchronization, big It is difficult to realize in type distributed system.
(3) in the prior art, user terminal key storage, can be by Malware or malicious operation in user terminal memory It steals.
(4) in the prior art, the long term keys of user terminal are constant, and safety is not high enough.
Invention content
The present invention is based on kerberos authentication modes, provide a kind of identity authorization system with more preferable safety.
A kind of identity authorization system based on quantum network, including user terminal A, user terminal B and quantum network service station, Wherein user terminal A applies for TGT and corresponding Ticket to quantum network service station, and accesses user using the Ticket obtained Hold B;
Each user terminal is each configured with quantum key card, is stored between quantum key card and quantum network service station corresponding Quantum key;Configured quantum is utilized when being communicated between user terminal A and quantum network service station and between two users end Key card carries out authentication.
Quantum network service station provides bill Ticket, in user as believable third party to user terminal A in the present invention During the bill that end A applies to quantum network service station and user terminal B is in the verification process of user terminal A, being directed to body The use of part authentication data.
When user terminal A is communicated with quantum network service station, can utilize quantum key card storage quantum key directly or An indirectly part for effect identification authentication data, and quantum network service station is stored with identical quantum key, therefore conveniently Carry out comparison certification.
When user terminal A is communicated with user terminal B, the effect that the quantum key that negotiate in advance of both sides can be utilized direct or indirect A part for identification authentication data, quantum key can come from the quantum key card of one of which, and another one is via quantum net Network service station can obtain identical quantum key, in order to carry out comparison certification.
The present invention by being then based on quantum network and each user terminal is each configured with quantum key card, therefore it is mentioned with Machine number is under the premise of no specified otherwise, it is thus understood that quantum random number, i.e. true random number.The key referred to is not special Under the premise of explanation, it is thus understood that quantum key.
The quantum network service station includes authentication server and ticket-granting server, and the user terminal A is to body Part certificate server application TGT, then according to the TGT to ticket-granting server application Ticket.
User terminal A carries out body respectively using matched quantum key card and authentication server and ticket-granting server Part certification includes to be generated by quantum key card in the identification authentication data transmitted by user terminal A when carrying out authentication Random number, quantum network service station generate corresponding random number and are carried out respectively for authentication server and ticket-granting server Compare certification.
When user terminal A is to authentication server application TGT, the request of transmission includes the authentication number of user terminal A According to A1 and the identity information of ticket-granting server, authentication server is authenticated for identification authentication data A1, and TGT corresponding with ticket-granting server is replied after certification passes through.
The identification authentication data A1 includes the identity information Ainfo and random number N of user terminal A1, the random number N1's Generating mode is:
The matched quantum key cards of user terminal A generate random number R 1, are generated according to true random number R1 and key using this Algorithm carries out obtaining true random number N to operation to the quantum key as key seed in quantum key card1
Random number R 1 and key schedule ID and key seed ID are also passed to quantum network service by user terminal A It stands, so that authentication server generates corresponding true random number N1' it is authenticated comparison.
True random number N1' can be generated in authentication server or other servers in quantum network service station It is middle to generate and by being transmitted in station, be sent to authentication server.
With encrypted test mode when user terminal A sends identification authentication data A1 to authentication server, ciphering process also with It is carried out in the matched quantum key cards of family end A, the key K that crypto identity authentication data A1 is usedAWith the generation side of random number R 1 Formula similarly, in order to generate or transfer identical key K in quantum network service stationA' be decrypted.
After authentication server is by identification authentication data A1 certifications, it includes returning for the TGT to be sent to user terminal A Multiple, the TGT is using key K in stationQEncryption, so that ticket-granting server is decrypted.
Include the TGT reply in, also include key KQ-A, between user terminal A and ticket-granting server Coded communication.
Quantum network service station can generate key K by the real random number generator in stationQWith the login with user terminal A Session key KQ-A
Key KQEncrypted TGT, it is in user terminal A and non-decrypting, but it is transmitted directly to bill in subsequent flow Permit server, the corresponding data content of decryption reading in ticket-granting server.
TGT includes KQ-A, the identity information Ainfo and TGT expiration time endtime1 of user terminal A.
When user terminal A foundations TGT is to ticket-granting server application Ticket, the request of transmission includes KQIt is encrypted TGT, key KQ-AThe identity information Binfo of the identification authentication data A2 and user terminal B of encrypted user terminal A, bill license clothes Business device is authenticated for identification authentication data A2, and includes the Ticket by rear line end A transmissions in certification It replys.
Identification authentication data A2 and identification authentication data A1 similarly, including the identity information Ainfo of user terminal A and truly random Number N2, true random number N2Generating mode be:
The matched quantum key cards of user terminal A generate random number R 2, are generated according to true random number R2 and key using this Algorithm carries out obtaining true random number N to operation to the quantum key as key seed in quantum key card2
Random number R 2 and key schedule ID and key seed ID are also passed to quantum network service by user terminal A It stands, so that ticket-granting server generates corresponding true random number N2' it is authenticated comparison.
True random number N2' can be generated in ticket-granting server or other servers in quantum network service station It is middle to generate and by being transmitted in station, be sent to ticket-granting server.
Include the Ticket reply in, also include key KA-B, for adding between user terminal A and user terminal B Close communication;Key KA-BUsing encrypted test mode, pass through key KQ-AEncryption.
The Ticket uses encrypted test mode, passes through the key K in quantum network service stationB' encryption, in user terminal B It is used for and key K in the quantum key card matchedB' identical key KB
About key KB' and key KB, in user terminal B and quantum network service station between can be by way of negotiating in advance It is corresponding to obtain, it also can be considered after last key synchronization as a result, preassign the key used next time.
Key KB' encrypted Ticket, it is in user terminal A and non-decrypting, but be transmitted directly in subsequent flow User terminal B, the corresponding data content of decryption reading in user terminal B.
Ticket includes key KA-B, the identity information Ainfo and Ticket expiration time endtime2 of user terminal A.
When user terminal A accesses user terminal B progress authentications using Ticket, the authentication number transmitted by user terminal A Include true random number in, which comes from quantum network service station, and is given birth to the quantum key card of user terminal B At random number it is identical, user terminal B is authenticated user terminal A by the random number.
When user terminal A accesses user terminal B using Ticket, the request of transmission includes key KB' encrypted Ticket, it is close Key KA-BThe identification authentication data A3 of encrypted user terminal A, user terminal B are authenticated for identification authentication data A3, and in certification The resource that request accesses is provided by rear line end A.
Identification authentication data A3 includes the identity information Ainfo and true random number N of user terminal A3', true random number N3' Generating mode is:
The matched quantum key cards of user terminal B generate true random number N3, and generating mode is notified into quantum network service station, Quantum network service station generates corresponding true random number N3', and by true random number N3' it is sent to user terminal A.
Quantum network service station sends true random number N3' when use encrypted test mode, when encryption and decryption, quantum network can be utilized Corresponding quantum key between service station and the quantum key card of user terminal A, or utilize key KA-BEtc. modes.
User terminal B utilizes key KBDecryption Ticket obtains KA-B, then pass through KA-BDecryption identity authentication data A3 is obtained very Random number N3', utilize true random number N3Compare true random number N3' verified, it is proved to be successful, then user terminal A access is allowed to need to visit The resource asked, otherwise refuses.
Further include whether needing the mark of bi-directional verification in the request of transmission when user terminal A accesses user terminal B using Ticket Know, such as need bi-directional verification, then user terminal B extracts the true random number N in identification authentication data A33', use KA-BEncryption is sent User terminal A is given, the identity for user terminal A verification user terminals B.
User terminal when carrying out authentication, as key seed quantum key be used for a long time or reuse have by The possibility cracked, to improve the safety of this identity authorization system, key seed needs timing to update.
After user terminal establishes communication connection with matched quantum key card, user terminal is close to quantum by upper level applications Key card sends update application, which is also sent to quantum network service station simultaneously;
After update application is received in key storage clamping, by preset Policy Updates key seed;
After quantum network service station receives update application, Policy Updates quantum consensus with quantum key card in advance is pressed The key seed of respective stored in network service station.
In the present invention, optional situation is that the matched quantum key card of both user terminal A and user terminal B belongs to same Quantum network service station.It is stored with corresponding quantum key with the quantum network service station, also can be considered in LAN ring Under border.
If under wan environment, user terminal A belongs to different quantum from the matched quantum key cards of both user terminal B Network service station;
When user terminal A accesses user terminal B progress authentications using Ticket, the authentication number transmitted by user terminal A Include true random number in, the quantum network which is belonged to via the matched quantum key cards of user terminal B successively The quantum network service station that service station and the matched quantum key cards of user terminal A are belonged to is sent to user terminal A;And with The random number that the quantum key card of family end B is generated is identical, and user terminal B is authenticated user terminal A by the random number.
Specifically, between user terminal A and user terminal B when certification, the true random number N that is related to3', successively via user terminal B The amount that the matched quantum key card in quantum network service station and user terminal A that matched quantum key card is belonged to is belonged to Sub-network service station is sent to user terminal A.
Can be direct or indirect between two quantum network service stations using quantum key between station with encrypted test mode transmit very with Machine number N3’。
The present invention replaces the timestamp of the prior art using quantum true random number, solves the possibility for Replay Attack occur. Not using timestamp also makes system not require system time synchronization.The present invention is close using quantum key card storage user terminal Key rather than user terminal memory, quantum key card are independent hardware devices, key is stolen by Malware or malicious operation Possibility substantially reduce.And key can often change, and safety greatly improves.
Description of the drawings
Fig. 1 is identity authorization system structure chart of the present invention.
Fig. 2 is flow for authenticating ID figure in LAN.
Fig. 3 is flow for authenticating ID figure in wide area network.
Fig. 4 is the detailed step schematic diagram that the present invention implements authentication.
Specific implementation mode
As shown in Figure 1, identity authorization system of the present invention may include multiple quantum network service stations, different quantum network clothes Quantum key between the shared station of QKD modes can be passed through between business station.
Quantum network service station includes:
Quantum service centre, be mainly used for by each user terminal of classic network and user side communication connection and and other Quantum network service station communicates to connect;Classic network includes but not limited to telecommunications network, internet, broadcasting and television network or other are logical Communication network etc..
Quantum key distribution equipment is mainly used for realizing the shared of quantum key between station by QKD modes.
Real random number generator, the application user side key for receiving the proposition of user side Key Management server are asked It asks, generates user side key, and be sent to user side Key Management server;Use herein is real random number generator.Its Preferably quantum real random number generator, or real random number generator based on circuit, based on the truly random of physical resource Number generator and other kinds of truly random generator.
User side Key Management server, the user side key that storage, management are generated from real random number generator, Ke Yijie Enter the quantum key card of packaged type, realizes hair fastener, registration, copy user side key, can be carried with reception amount sub-services center The application user side key request gone out, the user side key for sending corresponding length give quantum service centre.Quantum key card it is detailed Thin content also can be found in that application No. is the Patent Application Publications of " 201610846210.6 ".
Wherein quantum service centre includes:Authentication server, ticket-granting server can also be arranged as required to it His server, such as digital signature server, signature verification service device, encryption and decryption server etc..
Authentication server takes before the service such as received message certification, digital signature with quantum network for realizing user The mutual identity authentication at business station.There is the encrypted card using pci bus interface, for storing identity inside authentication server Authentication protocol, including key schedule, verification function, Encryption Transmission Protocol.
Ticket-granting server for realizing user obtain with after the mutual identity authentication in quantum network service station, for Distribute it and access the license of the application of a certain user in family.
Configured with user terminal 1~user terminal n in user terminal, such as figure under each quantum network service station, in this specification Different servers or other devices can also be integrated as needed on hardware.
User terminal is the equipment for accessing quantum network service station, can be mobile terminal, or be fixed terminal.When be it is mobile eventually When end, quantum key card is preferably quantum SD card;When for fixed terminal, quantum key card is preferably USBkey or host encryption Board.
When client goes to the quantum network service station of region to register, quantum key card is obtained after granted (there is unique quantum key card ID).Quantum key card stores client enrollment register information, is also built-in with authentication association View includes at least key schedule and verification function or other and the relevant algorithm of authentication.
Also there is authentication protocol in each quantum network service station of network side accordingly, if there are two kinds for each algorithm in agreement More than, quantum key, which is stuck in, can be sent to algorithm label quantum network service station when being communicated with quantum network service station, for amount It chooses in sub-network service station.
User side key in quantum key card may be downloaded from down different quantum network service stations, therefore can come by difference There are different key seeds concentration, user terminals to take key seed by preset rule to generate key in source.It is different Key seed collection have unique key seed ID, be directed toward quantum network service station in be stored with corresponding key kind Son.
Quantum key card is developed from smart card techniques, is combined with quantum physics technology, cryptological technique, hard The authentication product of part security isolation technology.The embedded chip and chip operating system of quantum key card can provide private key The functions such as secure storage and cryptographic algorithm.Since it is with independent data-handling capacity and good safety, quantum key Card becomes the safety barrier of quantum true random number private key.Each quantum key card has a protection of hardware PIN code, PIN code and hard Part constitutes two necessary factors that user uses quantum key card.I.e. so-called " double factor authentication ", user only have while obtaining The quantum key card and user's PIN code for saving relevant authentication information, just can be with login system.Even if the PIN code of user is let out Dew, as long as the quantum key card that user holds is not stolen, the identity of validated user would not be counterfeit;If the quantum of user Key card is lost, and the person of picking up also cannot counterfeit the identity of validated user due to not knowing user's PIN code.
Embodiment 1 belongs to two user terminal authentications in a quantum network service station in LAN
In following steps, each user side be related to plus solution, close operation, all in the matched quantum key card of institute into Row.The Encrypt and Decrypt operation that authentication server and ticket-granting server are related to, is the encryption and decryption in quantum network service station It is completed in server.
As shown in Fig. 2, when user terminal A, user terminal B belong to a quantum network service station, authentication procedures In involved quantum key be stuck in the local quantum network service station and register and issue.Specific steps in figure, include greatly referring to Fig. 4 Encrypted part is indicated in number, followed by the key that uses of content representation, such as { Ainfo+N1 } KA expressions are added using KA Close Ainfo+N1.
Specific steps verbal description is as follows:
The first step:User terminal A is to quantum network service station application license bill TGT.
A. user side authentication key generates:The matched quantum key cards of user terminal A are according to the key seed stored Random number R 1 caused by randomizer obtains key K in conjunction with key schedule AS in SA and cardA(hereinafter referred to as KA, Other Chinese character parts that similarly save are as referred to as) and true random number N1.And by random number R 1 and key schedule ID and close Key seed ID passes to quantum network service station;And quantum network service station is notified to carry out key synchronization.
Network side authentication key generates:Quantum network service station is in response to the notice from user terminal A, according to key Generating algorithm ID and key seed ID, finds out corresponding key seed SA ' in current quantum network service station and key generates Algorithm AS ' is obtained and key K in conjunction with 1 operation of random number RAIdentical key KA', and and N1Identical true random number N1’。
B. user terminal A sends identity authentication service request:User terminal A is to quantum network service station quantum network service station Authentication server sends identity authentication service request, and request content includes:
1. using KAThe identity information Ainfo and N of encrypted user terminal A1As pre- identification authentication data;
2. the identity information TGSinfo of ticket-granting server in quantum network service station.
C. quantum network service station carries out authentication with user terminal A:Quantum network service station is used and KAIdentical KA' right Request message is decrypted, and the true random number N in pre- identification authentication data is obtained1, with N1' be compared, complete quantum network service station With the authentication between user terminal A.
D. quantum network service station generates key:Quantum network service station generates key K by real random number generatorQWith With the login sessions key K of user terminal AQ-A
E. quantum network service station sends identity authentication service and replys:Body between quantum network service station and user terminal A After the completion of part certification, quantum network service station sends a identity authentication service to user terminal A and replys, and reply content includes:
1. using KA' encrypted KQ-A
2. using KQEncrypted permission ticket TGT;
TGT includes KQ-A, the identity information Ainfo and TGT expiration time endtime1 of user terminal A.Expiration time can be Maximum time period can also be that maximum access times, or both combine and take one first reached.TGT can be used for applying obtaining The Ticket of a certain user terminal for taking the ticket-granting server for accessing the quantum service station to be capable of providing.
F. user terminal A, which is obtained, replys:User terminal A is received after identity authentication service is replied to get to TGT, also using and KA’ Identical KAFirst part is decrypted, K is obtainedQ-A
Second step:User terminal A applies for the bill Ticket for accessing user terminal B by TGT to quantum network service station.
A. authentication key generates:The matched quantum key cards of user terminal A generate true random number N2.Quantum network service It stands according to the corresponding true random number N of generation2’。
True random number N2, N2' for both sides implement certification, can be generated in advance, such as after last sign off it is i.e. pre- Implementing the true random number of certification when first generating communication next time.Also it can be considered the generation result after last key synchronization.
True random number N2, N2' generating mode and opportunity can also be used similar to true random number N1And N1' mode.
User side authentication key generates:The matched quantum key cards of user terminal B are according to the key seed SB stored And random number R 2 caused by randomizer obtains key K in conjunction with key schedule BS in cardB.And by random number R 2 And key schedule ID and key seed ID pass to quantum network service station.
Network side authentication key generates:Quantum network service station according to key schedule ID and key seed ID, Corresponding key seed SB ' and key schedule BS ' is found out in current quantum network service station, in conjunction with 2 operation of random number R Obtain key KB’。
B. user terminal A sends the request of bill licensed service:Bill licensed services of the user terminal A into quantum network service station Device sends bill license request, and request content includes:
1. using KQEncrypted TGT;
2. using KQ-AThe identity information Ainfo and N of encrypted user terminal A2As identification authentication data;
3. the identity information Binfo for the user terminal B that user terminal A is desired access to.
C. ticket-granting server carries out authentication to user terminal A:Bill licensed service in quantum network service station Device passes through KQDecryption TGT obtains KQ-A, then pass through KQ-ADecryption identity authentication data obtains N2, with N2' be compared, complete identity Certification.
Since authentication server and ticket-granting server are with a quantum network service station is in, the two can be total to Enjoy KQ
D. quantum network service station generates key:Quantum network service station generates user terminal A by real random number generator With the session key K of user terminal BA-B
E. quantum network service station sends bill licensed service and replys:Rear quantum network service station is verified to user terminal A sends bill licensed service and replys, and reply content includes:
1. using KQ-AEncrypted KA-B
2. using KB' encrypted Ticket;
Ticket includes KA-B, the identity information Ainfo and Ticket expiration time endtime2 of user terminal A.
It is stored with key K in the matched quantum key cards of user terminal BB, therefore quantum network service station is according to user terminal B The ID for the quantum key card matched uses identical key K in stationB' encrypt KA-B, for being used after user terminal B decryption.
F. user terminal A, which is obtained, replys:User terminal A is received after bill licensed service is replied to get to Ticket, and is used KQ-AFirst part is decrypted, K is obtainedA-B
Third walks:User terminal A provides Ticket to user terminal B and completes authentication.
A. authentication key generates:The matched quantum key cards of user terminal B generate true random number N3.And by generating mode Quantum network service station, quantum network service station is notified to generate corresponding true random number N3’.Use KA-BEncryption is sent to user Hold A.User terminal A decrypts to obtain N3’。
True random number N3And N3' in order to implement certification between user terminal A and user terminal B, user terminal A obtains N3' side Formula can also be the presynchronization after being communicated based on user terminal A and user terminal B last times.
B. user terminal A initiates a session request:User terminal A initiates a session request to user terminal B, and request content includes:
1. using KB' encrypted Ticket;
2. using KA-BThe identity information Ainfo and N of encrypted user terminal A3' it is used as identification authentication data;
3. Flag (for representing whether bi-directional verification).
C. user terminal B carries out authentication to user terminal A:User terminal B passes through KBDecryption Ticket obtains KA-B, then pass through KA-BDecryption identity authentication data obtains N3', with N3It is compared, completes authentication.If be proved to be successful, user terminal A is allowed The resource for needing to access is accessed, the request of other side is otherwise directly refused.
D. if necessary to bi-directional verification, user terminal B extracts the N in identification authentication data3', use KA-BEncryption, and by its It is sent to identity of the user terminal A for user terminal A verification user terminals B.
For client when carrying out authentication, key seed, which is used for a long time or reuses, has the possibility being cracked, and is The safety of this identity authorization system is improved, key seed needs timing to update.
Update mode in the present embodiment is:
After user terminal establishes communication connection with matched quantum key card, user terminal is close to quantum by upper level applications Key card sends update application, which is also sent to quantum network service station simultaneously.
After update application is received in key storage clamping, make by preset Policy Updates key seed, such as by a part Used key seed does failure indication, does not use, and enables new key seed.
After quantum network service station receives update application, Policy Updates quantum consensus with quantum key card in advance is pressed The key seed of respective stored in network service station is realized constantly corresponding with quantum key card.Each embodiment in the present invention The update method of key seed is all made of the above method.
Embodiment 2, the authentication of two user terminals in wide area network
As shown in figure 3, when user terminal A, user terminal B are not belonging to the same quantum network service station, authentication procedures In the quantum network service station registration of involved quantum key card respectively belonging to the user terminal issue.In the present embodiment is System framework is different from 1 place of embodiment as using in the wide area network, primary centre is a prefecture-level city or quite big cell The quantum network core station in domain, secondary switching center are the quantum network core station of a county-level city or suitable size area, amount Sub-network service station is the quantum communications access website of the suitable size area in a small towns or subdistrict office.
Primary centre is connected with multiple secondary switching centers of subordinate with Star Network structure, and secondary switching center can To be connected with Star Network structure with the quantum network service station of multiple subordinaties.
Due to needing interior communication, each switching centre and quantum network service station to be respectively equipped with quantum key distribution Equipment can realize the shared of key between station by QKD modes.The other equipment in quantum network service station and pass in the present embodiment Embodiment 1 is can be found in the description of quantum key card.
Such as primary centre and the secondary switching center of subordinate are utilized respectively between quantum key distribution equipment realization station Quantum key is shared, and the quantum network service station of secondary switching center and subordinate are utilized respectively quantum key distribution equipment reality Quantum key is shared between now standing, and it can also be at least two sets integrated that quantum key distribution equipment, which can be a set of,.
Between two primary centres due to distance farther out, can be used Quantum repeater station mode realize station between quantum it is close Key is shared.
In the present embodiment, user terminal A and user terminal B will carry out authentication, and user terminal A belongs to quantum network service station A, i.e., for user terminal A, current quantum network service station is the quantum network service station with user terminal A communication connections A;Similarly user terminal B belongs to quantum network service station B.The specific part that the present embodiment is different from embodiment 1 is in third step True random number N3Acquisition and transmission mode.
For specific steps referring to Fig. 4, verbal description is as follows:
The first step:User terminal A is to the quantum network service station A application license bills TGT belonging to user terminal A.
A. user side authentication key generates:The matched quantum key cards of user terminal A are according to the key seed stored Random number R 1 caused by randomizer obtains key K in conjunction with key schedule AS in SA and cardAAnd true random number N1.And random number R 1 and key schedule ID and key seed ID are passed into quantum network service station;And notify quantum Network service station carries out key synchronization.
Network side authentication key generates:Quantum network service station is in response to the notice from user terminal A, according to key Generating algorithm ID and key seed ID, finds out corresponding key seed SA ' in current quantum network service station and key generates Algorithm AS ' is obtained and key K in conjunction with 1 operation of random number RAIdentical key KA', and and N1Identical true random number N1’。
B. user terminal A sends identity authentication service request:User terminal A is to quantum network service station quantum network service station Authentication server sends identity authentication service request, and request content includes:
1. using KAThe identity information Ainfo and N of encrypted user terminal A1As pre- identification authentication data;
2. the identity information TGSinfo of ticket-granting server in quantum network service station.
C. quantum network service station carries out authentication with user terminal A:Quantum network service station is used and KAIdentical KA' right Request message is decrypted, and the true random number N in pre- identification authentication data is obtained1, with N1' be compared, complete quantum network service station With the authentication between user terminal A.
D. quantum network service station generates key:Quantum network service station generates key K by real random number generatorQWith With the login sessions key K of user terminal AQ-A
E. quantum network service station sends identity authentication service and replys:Body between quantum network service station and user terminal A After the completion of part certification, quantum network service station sends a identity authentication service to user terminal A and replys, and reply content includes:
1. using KA' encrypted KQ-A
2. using KQEncrypted permission ticket TGT;
TGT includes KQ-A, the identity information Ainfo and TGT expiration time endtime1 of user terminal A.
F. user terminal A, which is obtained, replys:User terminal A is received after identity authentication service is replied to get to TGT, also uses KASolution Close first part, obtains KQ-A
Second step:User terminal A applies for the bill Ticket for accessing user terminal B by TGT to quantum network service station.
A. authentication key generates:The matched quantum key cards of user terminal A generate true random number N2.Quantum network service It stands according to the corresponding true random number N of generation2’。
User side authentication key generates:The matched quantum key cards of user terminal B are according to the key seed SB stored And random number R 2 caused by randomizer obtains key K in conjunction with key schedule BS in cardB.And by random number R 2 And key schedule ID and key seed ID pass to quantum network service station.
Network side authentication key generates:Quantum network service station according to key schedule ID and key seed ID, Corresponding key seed SB ' and key schedule BS ' is found out in current quantum network service station, in conjunction with 2 operation of random number R Obtain key KB’。
B. user terminal A sends the request of bill licensed service:Bill licensed services of the user terminal A into quantum network service station Device sends bill license request, and request content includes:
1. using KQEncrypted TGT;
2. using KQ-AThe identity information Ainfo and N of encrypted user terminal A2As identification authentication data;
3. the identity information Binfo for the user terminal B that user terminal A is desired access to.
C. ticket-granting server carries out authentication to user terminal A:Bill licensed service in quantum network service station Device passes through KQDecryption TGT obtains KQ-A, then pass through KQ-ADecryption identity authentication data obtains N2, with N2' be compared, complete identity Certification.
D. quantum network service station generates key:Quantum network service station generates user terminal A by real random number generator With the session key K of user terminal BA-B
E. quantum network service station sends bill licensed service and replys:Rear quantum network service station is verified to user terminal A sends bill licensed service and replys, and reply content includes:
1. using KQ-AEncrypted KA-B
2. using KB' encrypted Ticket;
Ticket includes KA-B, the identity information Ainfo and Ticket expiration time endtime2 of user terminal A.
F. user terminal A, which is obtained, replys:User terminal A is received after bill licensed service is replied to get to Ticket, and is used KQ-AFirst part is decrypted, K is obtainedA-B
Third walks:User terminal A provides Ticket to user terminal B and completes authentication.
A. authentication key generates:The matched quantum key cards of user terminal B generate true random number N3.Belonging to user terminal B Quantum network service station B generate corresponding true random number N3’。
Quantum network service station belonging to user terminal A utilizes respective amount with the quantum network service station belonging to user terminal B Quantum key is shared between quantum key distribution equipment realization station so that the true random number N of plaintext version3' belonging to user terminal B It is sent to quantum network service station belonging to user terminal A after the encryption of quantum network service station, then decrypted recovers plaintext version N3’。
If also wanted between quantum network service station belonging to user terminal A and the quantum network service station belonging to user terminal B By other network node transfers, then by corresponding between two quantum network service stations (or network node) of direct communication connection Quantum key distribution equipment formed station between quantum key, and successively transfer transmit ciphertext.
Between standing the distribution of quantum key be by the strange land key that fundamental principles of quantum mechanics is realized share in the way of, preferably For BB84 agreements.
Quantum network service station A belonging to user terminal A is received and is decrypted to obtain N3' K is used afterwardsA-BEncryption is sent to user Hold A.User terminal A decrypts to obtain N3’。
B. user terminal A initiates a session request:User terminal A initiates a session request to user terminal B, and request content includes:
1. using KB' encrypted Ticket;
2. using KA-BThe identity information Ainfo and N of encrypted user terminal A3' it is used as identification authentication data;
3. Flag (for representing whether bi-directional verification).
C. user terminal B carries out authentication to user terminal A:User terminal B passes through KBDecryption Ticket obtains KA-B, then pass through KA-BDecryption identity authentication data obtains N3', with N3It is compared, completes authentication.If be proved to be successful, user terminal A is allowed The resource for needing to access is accessed, the request of other side is otherwise directly refused.
D. if necessary to bi-directional verification, user terminal B extracts the N in identification authentication data3', use KA-BEncryption, and by its It is sent to identity of the user terminal A for user terminal A verification user terminals B.
Existing identity identifying technology causes to occur Replay Attack based on kerberos authentication scheme to the use of timestamp Possibility, and entire Kerberos protocol requirements are synchronized based on clock in network, whole system time synchronization is required it is high, It is difficult to realize in large-scale distributed system.The present invention replaces the timestamp of former scheme using quantum true random number, solves out The possibility of existing Replay Attack.Not using timestamp also makes system not require system time synchronization.The present invention uses quantum Key card stores user terminal key rather than user terminal memory, and quantum key card is independent hardware device, by Malware Or malicious operation is stolen the possibility of key and is substantially reduced.The long term keys of user terminal often change in the present invention, and existing Have in technology that user terminal long term keys are constant to be greatly improved compared to safety.
Disclosed above is only the embodiment of the present invention, but the present invention is not limited to this, those skilled in the art Various changes and modifications can be made to the invention without departing from the spirit and scope of the present invention.These obvious modification and variations are equal Should belong to the present invention claims protection domain protection in.In addition, although having used some specific terms in this specification, this A little terms merely for convenience of description, are not constituted the present invention any specifically limited.

Claims (10)

1. a kind of identity authorization system based on quantum network, which is characterized in that including user terminal A, user terminal B and quantum net TGT and corresponding Ticket is applied in network service station, wherein user terminal A to quantum network service station, and utilizes acquisition Ticket accesses user terminal B;
Each user terminal is each configured with quantum key card, and corresponding amount is stored between quantum key card and quantum network service station Sub-key;Configured quantum key is utilized when being communicated between user terminal A and quantum network service station and between two users end Card carries out authentication.
2. the identity authorization system based on quantum network as described in claim 1, which is characterized in that the quantum network service Stand including authentication server and ticket-granting server, the user terminal A to authentication server application TGT, then according to According to the TGT to ticket-granting server application Ticket;
User terminal A carries out identity respectively using matched quantum key card with authentication server and ticket-granting server to be recognized Card, include when carrying out authentication, in the identification authentication data transmitted by user terminal A generated by quantum key card it is random Number, quantum network service station generate corresponding random number and are compared respectively for authentication server and ticket-granting server Certification.
3. the identity authorization system based on quantum network as claimed in claim 2, which is characterized in that user terminal A recognizes to identity When demonstrate,proving server application TGT, the request of transmission includes the identification authentication data A1 and ticket-granting server of user terminal A Identity information, authentication server are authenticated for identification authentication data A1, and are replied after certification passes through and permitted with bill It can the corresponding TGT of server;
The identification authentication data A1 includes the identity information Ainfo and random number N of user terminal A1, the random number N1Generation Mode is:
The matched quantum key cards of user terminal A generate random number R 1, using this according to true random number R1 and key schedule Quantum key as key seed in quantum key card is carried out obtaining true random number N to operation1
Random number R 1 and key schedule ID and key seed ID are also passed to quantum network service station by user terminal A, with Corresponding true random number N is generated for authentication server1' it is authenticated comparison.
4. the identity authorization system based on quantum network as claimed in claim 3, which is characterized in that authentication server is logical Include the reply of the TGT to user terminal A transmissions, the TGT is using key K in station after crossing identification authentication data A1 certificationsQ Encryption, so that ticket-granting server is decrypted;
Include the TGT reply in, also include key KQ-A, for adding between user terminal A and ticket-granting server Close communication.
5. the identity authorization system based on quantum network as claimed in claim 4, which is characterized in that user terminal A according to TGT to When ticket-granting server application Ticket, the request of transmission includes KQEncrypted TGT, key KQ-AEncrypted user terminal A's The identity information Binfo of identification authentication data A2 and user terminal B, ticket-granting server are carried out for identification authentication data A2 Certification, and pass through the reply that A transmissions in rear line end include the Ticket in certification;
Identification authentication data A2 includes the identity information Ainfo and true random number N of user terminal A2, true random number N2Generation side Formula is:
The matched quantum key cards of user terminal A generate random number R 2, using this according to true random number R2 and key schedule Quantum key as key seed in quantum key card is carried out obtaining true random number N to operation2
Random number R 2 and key schedule ID and key seed ID are also passed to quantum network service station by user terminal A, with Corresponding true random number N is generated for ticket-granting server2' it is authenticated comparison.
6. the identity authorization system based on quantum network as claimed in claim 5, which is characterized in that include the Ticket Reply in, also include key KA-B, for the coded communication between user terminal A and user terminal B;Key KA-BUsing ciphertext side Formula passes through key KQ-AEncryption.
7. the identity authorization system based on quantum network as described in claim 1, which is characterized in that user terminal A is utilized Include true random number in the identification authentication data transmitted by user terminal A when Ticket accesses user terminal B progress authentications, The true random number comes from quantum network service station, and identical as the random number that the quantum key card of user terminal B is generated, user End B is authenticated user terminal A by the random number.
8. the identity authorization system based on quantum network as claimed in claim 6, which is characterized in that user terminal A is utilized When Ticket accesses user terminal B, the request of transmission includes key KB' encrypted Ticket, key KA-BEncrypted user terminal A Identification authentication data A3, user terminal B is authenticated for identification authentication data A3, and is carried by rear line end A in certification The resource accessed for request;
Identification authentication data A3 includes the identity information Ainfo and true random number N of user terminal A3', true random number N3' generation Mode is:
The matched quantum key cards of user terminal B generate true random number N3, and generating mode is notified into quantum network service station, quantum Network service station generates corresponding true random number N3', and by true random number N3' it is sent to user terminal A.
9. the identity authorization system based on quantum network as claimed in claim 8, which is characterized in that user terminal A is utilized When Ticket accesses user terminal B, further includes whether needing the mark of bi-directional verification in the request of transmission, such as needs bi-directional verification, Then user terminal B extracts the true random number N in identification authentication data A33', use KA-BEncryption is sent to user terminal A, is used for user Hold the identity of A verification user terminals B.
10. the identity authorization system based on quantum network as described in claim 1, which is characterized in that user terminal with it is matched After quantum key card establishes communication connection, user terminal sends update application by upper level applications to quantum key card, this is more It is new to apply while being also sent to quantum network service station;
After update application is received in key storage clamping, by preset Policy Updates key seed;
After quantum network service station receives update application, Policy Updates quantum network consensus with quantum key card in advance is pressed The key seed of respective stored in service station.
CN201810171948.1A 2018-03-01 2018-03-01 Identity authorization system based on quantum network Pending CN108566273A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810171948.1A CN108566273A (en) 2018-03-01 2018-03-01 Identity authorization system based on quantum network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810171948.1A CN108566273A (en) 2018-03-01 2018-03-01 Identity authorization system based on quantum network

Publications (1)

Publication Number Publication Date
CN108566273A true CN108566273A (en) 2018-09-21

Family

ID=63532422

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810171948.1A Pending CN108566273A (en) 2018-03-01 2018-03-01 Identity authorization system based on quantum network

Country Status (1)

Country Link
CN (1) CN108566273A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109194477A (en) * 2018-11-12 2019-01-11 中共中央办公厅电子科技学院 The access node device of quantum secret communication network system and communications network system including the device
CN109670827A (en) * 2018-11-29 2019-04-23 如般量子科技有限公司 Anti- quantum calculation block chain method of commerce based on pool of symmetric keys
CN109670826A (en) * 2018-11-29 2019-04-23 如般量子科技有限公司 Anti- quantum calculation block chain method of commerce based on unsymmetrical key pond
CN110098925A (en) * 2019-04-22 2019-08-06 如般量子科技有限公司 Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system
CN110213056A (en) * 2019-05-15 2019-09-06 如般量子科技有限公司 Anti- quantum calculation energy-saving communication method and system and computer equipment based on online static signature
CN111314074A (en) * 2020-02-25 2020-06-19 南京如般量子科技有限公司 Secret sharing and timestamp based quantum secret communication key distribution and negotiation system
CN113422679A (en) * 2020-07-20 2021-09-21 阿里巴巴集团控股有限公司 Key generation method, device and system, encryption method, electronic device and computer-readable storage medium
CN113595725A (en) * 2021-07-29 2021-11-02 如般量子科技有限公司 Communication system and communication method based on quantum key card arrangement
CN114765541A (en) * 2020-12-31 2022-07-19 科大国盾量子技术股份有限公司 Secret key distribution method and system of quantum key fob
JP7392065B2 (en) 2022-02-25 2023-12-05 株式会社東芝 Quantum networks and authentication methods

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1805341A (en) * 2006-01-11 2006-07-19 西安电子科技大学 Network authentication and key allocation method across secure domains
CN102457482A (en) * 2010-10-19 2012-05-16 成都市华为赛门铁克科技有限公司 Authentication method, apparatus and system thereof
US9241044B2 (en) * 2013-08-28 2016-01-19 Hola Networks, Ltd. System and method for improving internet communication by using intermediate nodes
CN106357649A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 User identity authentication system and method
CN106411525A (en) * 2016-09-23 2017-02-15 浙江神州量子网络科技有限公司 Message authentication method and system
CN107257334A (en) * 2017-06-08 2017-10-17 中国电子科技集团公司第三十二研究所 Identity authentication method for Hadoop cluster

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1805341A (en) * 2006-01-11 2006-07-19 西安电子科技大学 Network authentication and key allocation method across secure domains
CN102457482A (en) * 2010-10-19 2012-05-16 成都市华为赛门铁克科技有限公司 Authentication method, apparatus and system thereof
US9241044B2 (en) * 2013-08-28 2016-01-19 Hola Networks, Ltd. System and method for improving internet communication by using intermediate nodes
CN106357649A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 User identity authentication system and method
CN106411525A (en) * 2016-09-23 2017-02-15 浙江神州量子网络科技有限公司 Message authentication method and system
CN107257334A (en) * 2017-06-08 2017-10-17 中国电子科技集团公司第三十二研究所 Identity authentication method for Hadoop cluster

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
MIN LI ET AL: "《A Novel Identity Authentication Scheme of Wireless Mesh Network Based on Improved Kerberos Protocol》", 《2014 13TH INTERNATIONAL SYMPOSIUM ON DISTRIBUTED COMPUTING AND APPLICATIONS TO BUSINESS, ENGINEERING AND SCIENCE》 *
付歌 ET AL: "《基于Kerberos认证系统的一个改进的安全认证技术》", 《计算机工程》 *
邓捷: "《身份认证方案的研究与设计》", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109194477A (en) * 2018-11-12 2019-01-11 中共中央办公厅电子科技学院 The access node device of quantum secret communication network system and communications network system including the device
CN109194477B (en) * 2018-11-12 2024-04-02 中共中央办公厅电子科技学院 Access node device for quantum secret communication network system and communication network system comprising the same
CN109670827A (en) * 2018-11-29 2019-04-23 如般量子科技有限公司 Anti- quantum calculation block chain method of commerce based on pool of symmetric keys
CN109670826A (en) * 2018-11-29 2019-04-23 如般量子科技有限公司 Anti- quantum calculation block chain method of commerce based on unsymmetrical key pond
CN109670826B (en) * 2018-11-29 2020-11-17 如般量子科技有限公司 Anti-quantum computation block chain transaction method based on asymmetric key pool
CN109670827B (en) * 2018-11-29 2020-11-17 如般量子科技有限公司 Anti-quantum computation blockchain transaction method based on symmetric key pool
CN110098925A (en) * 2019-04-22 2019-08-06 如般量子科技有限公司 Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system
CN110098925B (en) * 2019-04-22 2023-09-05 如般量子科技有限公司 Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number
CN110213056B (en) * 2019-05-15 2023-03-24 如般量子科技有限公司 Anti-quantum computing energy-saving communication method and system and computer equipment
CN110213056A (en) * 2019-05-15 2019-09-06 如般量子科技有限公司 Anti- quantum calculation energy-saving communication method and system and computer equipment based on online static signature
CN111314074A (en) * 2020-02-25 2020-06-19 南京如般量子科技有限公司 Secret sharing and timestamp based quantum secret communication key distribution and negotiation system
CN113422679A (en) * 2020-07-20 2021-09-21 阿里巴巴集团控股有限公司 Key generation method, device and system, encryption method, electronic device and computer-readable storage medium
CN114765541A (en) * 2020-12-31 2022-07-19 科大国盾量子技术股份有限公司 Secret key distribution method and system of quantum key fob
CN114765541B (en) * 2020-12-31 2024-02-23 科大国盾量子技术股份有限公司 Key distribution method and system of quantum key fob
CN113595725B (en) * 2021-07-29 2023-08-11 如般量子科技有限公司 Communication system and communication method based on quantum key card arrangement
CN113595725A (en) * 2021-07-29 2021-11-02 如般量子科技有限公司 Communication system and communication method based on quantum key card arrangement
JP7392065B2 (en) 2022-02-25 2023-12-05 株式会社東芝 Quantum networks and authentication methods

Similar Documents

Publication Publication Date Title
CN108768653A (en) Identity authorization system based on quantum key card
CN108566273A (en) Identity authorization system based on quantum network
CN106357396B (en) Digital signature method and system and quantum key card
CN101189827B (en) Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN106357649A (en) User identity authentication system and method
CN110932870B (en) Quantum communication service station key negotiation system and method
CN108650028B (en) Multiple identity authentication system and method based on quantum communication network and true random number
CN106452739A (en) Quantum network service station and quantum communication network
CN106411525A (en) Message authentication method and system
CN108964897B (en) Identity authentication system and method based on group communication
CN108964896B (en) Kerberos identity authentication system and method based on group key pool
CN105553654B (en) Key information processing method and device, key information management system
CN108600152B (en) Improved Kerberos identity authentication system and method based on quantum communication network
CN108282329A (en) A kind of Bidirectional identity authentication method and device
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN108809633A (en) A kind of identity authentication method, apparatus and system
CN108880799A (en) Multiple identity authorization system and method based on group key pond
CN108809636A (en) The communication system and communication means of message authentication between member are realized based on group's type quantum key card
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
CN110505055A (en) Based on unsymmetrical key pond to and key card outer net access identity authentication method and system
CN110535626A (en) The quantum communications service station secret communication method and system of identity-based
CN206042014U (en) Quantum network service station and quantum communication network
CN110176989B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool
Hou et al. Lightweight and privacy-preserving charging reservation authentication protocol for 5G-V2G

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180921

RJ01 Rejection of invention patent application after publication