CN108566273A - Identity authorization system based on quantum network - Google Patents
Identity authorization system based on quantum network Download PDFInfo
- Publication number
- CN108566273A CN108566273A CN201810171948.1A CN201810171948A CN108566273A CN 108566273 A CN108566273 A CN 108566273A CN 201810171948 A CN201810171948 A CN 201810171948A CN 108566273 A CN108566273 A CN 108566273A
- Authority
- CN
- China
- Prior art keywords
- user terminal
- key
- quantum
- random number
- network service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention discloses a kind of identity authorization systems based on quantum network, including user terminal A, TGT and corresponding Ticket is applied in user terminal B and quantum network service station, wherein user terminal A to quantum network service station, and accesses user terminal B using the Ticket obtained;Each user terminal is each configured with quantum key card, and corresponding quantum key is stored between quantum key card and quantum network service station;When being communicated between user terminal A and quantum network service station and between two users end authentication is carried out using the quantum key card configured.The present invention replaces the timestamp of the prior art using quantum true random number, solves the possibility for Replay Attack occur.Using quantum key card storage user terminal key rather than user terminal memory, quantum key card are independent hardware devices, and the possibility that key is stolen by Malware or malicious operation substantially reduces.And key can often change, and safety greatly improves.
Description
Technical field
The present invention relates to Technique on Quantum Communication fields, more particularly to the identity authorization system based on quantum network.
Background technology
Authentication is to realize the basic fundamental of information security, and system is to confirm the user by examining the identity of user
The no access having to certain resource and access right, can also equally carry out the authentication between system and system.
Identity authorization system generally uses kerberos authentication scheme in present communications network.Kerberos is a kind of network
Authentication protocol, design object are that powerful authentication service is provided for client/server applications by cipher key system.It should
Certification of the realization of verification process independent of host operating system, is not necessarily based on the trust of host address, does not require on network
The physical security of All hosts, and assume that the data packet transmitted on network can read, change and be inserted into data by arbitrary.
Under case above, Kerberos as a kind of Third Party Authentication service trusty, be by traditional cryptographic technique (such as:Altogether
Enjoy key) execute authentication service.
In kerberos authentication scheme, timestamp timestamp is introduced to check Replay Attack, but ticket
According to there is life cycle, still can be used within the effective time of its life cycle.If the time for receiving message is to provide
Within the scope of permission, it is judged that the message has freshness.But the attacker after obtaining licensing can send
In this case the message of forgery is hard to find within the time of permission.
Attacker is possible to attack encryption device, or is attacked using Malware, so many researchs
Person is being placed in the improvement to hardware device the improvement of Kerberos.Currently, the user terminal in kerberos system is suitble to make
Trusted hardware device is smart card.Smart card is integrated into kerberos system, good effect is achieved.
Problem of the existing technology:
(1) existing identity identifying technology causes to occur playback and attack based on kerberos authentication scheme to the use of timestamp
The possibility hit.
(2) Kerberos protocol requirements are synchronized based on clock in network, height are required to whole system time synchronization, big
It is difficult to realize in type distributed system.
(3) in the prior art, user terminal key storage, can be by Malware or malicious operation in user terminal memory
It steals.
(4) in the prior art, the long term keys of user terminal are constant, and safety is not high enough.
Invention content
The present invention is based on kerberos authentication modes, provide a kind of identity authorization system with more preferable safety.
A kind of identity authorization system based on quantum network, including user terminal A, user terminal B and quantum network service station,
Wherein user terminal A applies for TGT and corresponding Ticket to quantum network service station, and accesses user using the Ticket obtained
Hold B;
Each user terminal is each configured with quantum key card, is stored between quantum key card and quantum network service station corresponding
Quantum key;Configured quantum is utilized when being communicated between user terminal A and quantum network service station and between two users end
Key card carries out authentication.
Quantum network service station provides bill Ticket, in user as believable third party to user terminal A in the present invention
During the bill that end A applies to quantum network service station and user terminal B is in the verification process of user terminal A, being directed to body
The use of part authentication data.
When user terminal A is communicated with quantum network service station, can utilize quantum key card storage quantum key directly or
An indirectly part for effect identification authentication data, and quantum network service station is stored with identical quantum key, therefore conveniently
Carry out comparison certification.
When user terminal A is communicated with user terminal B, the effect that the quantum key that negotiate in advance of both sides can be utilized direct or indirect
A part for identification authentication data, quantum key can come from the quantum key card of one of which, and another one is via quantum net
Network service station can obtain identical quantum key, in order to carry out comparison certification.
The present invention by being then based on quantum network and each user terminal is each configured with quantum key card, therefore it is mentioned with
Machine number is under the premise of no specified otherwise, it is thus understood that quantum random number, i.e. true random number.The key referred to is not special
Under the premise of explanation, it is thus understood that quantum key.
The quantum network service station includes authentication server and ticket-granting server, and the user terminal A is to body
Part certificate server application TGT, then according to the TGT to ticket-granting server application Ticket.
User terminal A carries out body respectively using matched quantum key card and authentication server and ticket-granting server
Part certification includes to be generated by quantum key card in the identification authentication data transmitted by user terminal A when carrying out authentication
Random number, quantum network service station generate corresponding random number and are carried out respectively for authentication server and ticket-granting server
Compare certification.
When user terminal A is to authentication server application TGT, the request of transmission includes the authentication number of user terminal A
According to A1 and the identity information of ticket-granting server, authentication server is authenticated for identification authentication data A1, and
TGT corresponding with ticket-granting server is replied after certification passes through.
The identification authentication data A1 includes the identity information Ainfo and random number N of user terminal A1, the random number N1's
Generating mode is:
The matched quantum key cards of user terminal A generate random number R 1, are generated according to true random number R1 and key using this
Algorithm carries out obtaining true random number N to operation to the quantum key as key seed in quantum key card1;
Random number R 1 and key schedule ID and key seed ID are also passed to quantum network service by user terminal A
It stands, so that authentication server generates corresponding true random number N1' it is authenticated comparison.
True random number N1' can be generated in authentication server or other servers in quantum network service station
It is middle to generate and by being transmitted in station, be sent to authentication server.
With encrypted test mode when user terminal A sends identification authentication data A1 to authentication server, ciphering process also with
It is carried out in the matched quantum key cards of family end A, the key K that crypto identity authentication data A1 is usedAWith the generation side of random number R 1
Formula similarly, in order to generate or transfer identical key K in quantum network service stationA' be decrypted.
After authentication server is by identification authentication data A1 certifications, it includes returning for the TGT to be sent to user terminal A
Multiple, the TGT is using key K in stationQEncryption, so that ticket-granting server is decrypted.
Include the TGT reply in, also include key KQ-A, between user terminal A and ticket-granting server
Coded communication.
Quantum network service station can generate key K by the real random number generator in stationQWith the login with user terminal A
Session key KQ-A。
Key KQEncrypted TGT, it is in user terminal A and non-decrypting, but it is transmitted directly to bill in subsequent flow
Permit server, the corresponding data content of decryption reading in ticket-granting server.
TGT includes KQ-A, the identity information Ainfo and TGT expiration time endtime1 of user terminal A.
When user terminal A foundations TGT is to ticket-granting server application Ticket, the request of transmission includes KQIt is encrypted
TGT, key KQ-AThe identity information Binfo of the identification authentication data A2 and user terminal B of encrypted user terminal A, bill license clothes
Business device is authenticated for identification authentication data A2, and includes the Ticket by rear line end A transmissions in certification
It replys.
Identification authentication data A2 and identification authentication data A1 similarly, including the identity information Ainfo of user terminal A and truly random
Number N2, true random number N2Generating mode be:
The matched quantum key cards of user terminal A generate random number R 2, are generated according to true random number R2 and key using this
Algorithm carries out obtaining true random number N to operation to the quantum key as key seed in quantum key card2;
Random number R 2 and key schedule ID and key seed ID are also passed to quantum network service by user terminal A
It stands, so that ticket-granting server generates corresponding true random number N2' it is authenticated comparison.
True random number N2' can be generated in ticket-granting server or other servers in quantum network service station
It is middle to generate and by being transmitted in station, be sent to ticket-granting server.
Include the Ticket reply in, also include key KA-B, for adding between user terminal A and user terminal B
Close communication;Key KA-BUsing encrypted test mode, pass through key KQ-AEncryption.
The Ticket uses encrypted test mode, passes through the key K in quantum network service stationB' encryption, in user terminal B
It is used for and key K in the quantum key card matchedB' identical key KB。
About key KB' and key KB, in user terminal B and quantum network service station between can be by way of negotiating in advance
It is corresponding to obtain, it also can be considered after last key synchronization as a result, preassign the key used next time.
Key KB' encrypted Ticket, it is in user terminal A and non-decrypting, but be transmitted directly in subsequent flow
User terminal B, the corresponding data content of decryption reading in user terminal B.
Ticket includes key KA-B, the identity information Ainfo and Ticket expiration time endtime2 of user terminal A.
When user terminal A accesses user terminal B progress authentications using Ticket, the authentication number transmitted by user terminal A
Include true random number in, which comes from quantum network service station, and is given birth to the quantum key card of user terminal B
At random number it is identical, user terminal B is authenticated user terminal A by the random number.
When user terminal A accesses user terminal B using Ticket, the request of transmission includes key KB' encrypted Ticket, it is close
Key KA-BThe identification authentication data A3 of encrypted user terminal A, user terminal B are authenticated for identification authentication data A3, and in certification
The resource that request accesses is provided by rear line end A.
Identification authentication data A3 includes the identity information Ainfo and true random number N of user terminal A3', true random number N3'
Generating mode is:
The matched quantum key cards of user terminal B generate true random number N3, and generating mode is notified into quantum network service station,
Quantum network service station generates corresponding true random number N3', and by true random number N3' it is sent to user terminal A.
Quantum network service station sends true random number N3' when use encrypted test mode, when encryption and decryption, quantum network can be utilized
Corresponding quantum key between service station and the quantum key card of user terminal A, or utilize key KA-BEtc. modes.
User terminal B utilizes key KBDecryption Ticket obtains KA-B, then pass through KA-BDecryption identity authentication data A3 is obtained very
Random number N3', utilize true random number N3Compare true random number N3' verified, it is proved to be successful, then user terminal A access is allowed to need to visit
The resource asked, otherwise refuses.
Further include whether needing the mark of bi-directional verification in the request of transmission when user terminal A accesses user terminal B using Ticket
Know, such as need bi-directional verification, then user terminal B extracts the true random number N in identification authentication data A33', use KA-BEncryption is sent
User terminal A is given, the identity for user terminal A verification user terminals B.
User terminal when carrying out authentication, as key seed quantum key be used for a long time or reuse have by
The possibility cracked, to improve the safety of this identity authorization system, key seed needs timing to update.
After user terminal establishes communication connection with matched quantum key card, user terminal is close to quantum by upper level applications
Key card sends update application, which is also sent to quantum network service station simultaneously;
After update application is received in key storage clamping, by preset Policy Updates key seed;
After quantum network service station receives update application, Policy Updates quantum consensus with quantum key card in advance is pressed
The key seed of respective stored in network service station.
In the present invention, optional situation is that the matched quantum key card of both user terminal A and user terminal B belongs to same
Quantum network service station.It is stored with corresponding quantum key with the quantum network service station, also can be considered in LAN ring
Under border.
If under wan environment, user terminal A belongs to different quantum from the matched quantum key cards of both user terminal B
Network service station;
When user terminal A accesses user terminal B progress authentications using Ticket, the authentication number transmitted by user terminal A
Include true random number in, the quantum network which is belonged to via the matched quantum key cards of user terminal B successively
The quantum network service station that service station and the matched quantum key cards of user terminal A are belonged to is sent to user terminal A;And with
The random number that the quantum key card of family end B is generated is identical, and user terminal B is authenticated user terminal A by the random number.
Specifically, between user terminal A and user terminal B when certification, the true random number N that is related to3', successively via user terminal B
The amount that the matched quantum key card in quantum network service station and user terminal A that matched quantum key card is belonged to is belonged to
Sub-network service station is sent to user terminal A.
Can be direct or indirect between two quantum network service stations using quantum key between station with encrypted test mode transmit very with
Machine number N3’。
The present invention replaces the timestamp of the prior art using quantum true random number, solves the possibility for Replay Attack occur.
Not using timestamp also makes system not require system time synchronization.The present invention is close using quantum key card storage user terminal
Key rather than user terminal memory, quantum key card are independent hardware devices, key is stolen by Malware or malicious operation
Possibility substantially reduce.And key can often change, and safety greatly improves.
Description of the drawings
Fig. 1 is identity authorization system structure chart of the present invention.
Fig. 2 is flow for authenticating ID figure in LAN.
Fig. 3 is flow for authenticating ID figure in wide area network.
Fig. 4 is the detailed step schematic diagram that the present invention implements authentication.
Specific implementation mode
As shown in Figure 1, identity authorization system of the present invention may include multiple quantum network service stations, different quantum network clothes
Quantum key between the shared station of QKD modes can be passed through between business station.
Quantum network service station includes:
Quantum service centre, be mainly used for by each user terminal of classic network and user side communication connection and and other
Quantum network service station communicates to connect;Classic network includes but not limited to telecommunications network, internet, broadcasting and television network or other are logical
Communication network etc..
Quantum key distribution equipment is mainly used for realizing the shared of quantum key between station by QKD modes.
Real random number generator, the application user side key for receiving the proposition of user side Key Management server are asked
It asks, generates user side key, and be sent to user side Key Management server;Use herein is real random number generator.Its
Preferably quantum real random number generator, or real random number generator based on circuit, based on the truly random of physical resource
Number generator and other kinds of truly random generator.
User side Key Management server, the user side key that storage, management are generated from real random number generator, Ke Yijie
Enter the quantum key card of packaged type, realizes hair fastener, registration, copy user side key, can be carried with reception amount sub-services center
The application user side key request gone out, the user side key for sending corresponding length give quantum service centre.Quantum key card it is detailed
Thin content also can be found in that application No. is the Patent Application Publications of " 201610846210.6 ".
Wherein quantum service centre includes:Authentication server, ticket-granting server can also be arranged as required to it
His server, such as digital signature server, signature verification service device, encryption and decryption server etc..
Authentication server takes before the service such as received message certification, digital signature with quantum network for realizing user
The mutual identity authentication at business station.There is the encrypted card using pci bus interface, for storing identity inside authentication server
Authentication protocol, including key schedule, verification function, Encryption Transmission Protocol.
Ticket-granting server for realizing user obtain with after the mutual identity authentication in quantum network service station, for
Distribute it and access the license of the application of a certain user in family.
Configured with user terminal 1~user terminal n in user terminal, such as figure under each quantum network service station, in this specification
Different servers or other devices can also be integrated as needed on hardware.
User terminal is the equipment for accessing quantum network service station, can be mobile terminal, or be fixed terminal.When be it is mobile eventually
When end, quantum key card is preferably quantum SD card;When for fixed terminal, quantum key card is preferably USBkey or host encryption
Board.
When client goes to the quantum network service station of region to register, quantum key card is obtained after granted
(there is unique quantum key card ID).Quantum key card stores client enrollment register information, is also built-in with authentication association
View includes at least key schedule and verification function or other and the relevant algorithm of authentication.
Also there is authentication protocol in each quantum network service station of network side accordingly, if there are two kinds for each algorithm in agreement
More than, quantum key, which is stuck in, can be sent to algorithm label quantum network service station when being communicated with quantum network service station, for amount
It chooses in sub-network service station.
User side key in quantum key card may be downloaded from down different quantum network service stations, therefore can come by difference
There are different key seeds concentration, user terminals to take key seed by preset rule to generate key in source.It is different
Key seed collection have unique key seed ID, be directed toward quantum network service station in be stored with corresponding key kind
Son.
Quantum key card is developed from smart card techniques, is combined with quantum physics technology, cryptological technique, hard
The authentication product of part security isolation technology.The embedded chip and chip operating system of quantum key card can provide private key
The functions such as secure storage and cryptographic algorithm.Since it is with independent data-handling capacity and good safety, quantum key
Card becomes the safety barrier of quantum true random number private key.Each quantum key card has a protection of hardware PIN code, PIN code and hard
Part constitutes two necessary factors that user uses quantum key card.I.e. so-called " double factor authentication ", user only have while obtaining
The quantum key card and user's PIN code for saving relevant authentication information, just can be with login system.Even if the PIN code of user is let out
Dew, as long as the quantum key card that user holds is not stolen, the identity of validated user would not be counterfeit;If the quantum of user
Key card is lost, and the person of picking up also cannot counterfeit the identity of validated user due to not knowing user's PIN code.
Embodiment 1 belongs to two user terminal authentications in a quantum network service station in LAN
In following steps, each user side be related to plus solution, close operation, all in the matched quantum key card of institute into
Row.The Encrypt and Decrypt operation that authentication server and ticket-granting server are related to, is the encryption and decryption in quantum network service station
It is completed in server.
As shown in Fig. 2, when user terminal A, user terminal B belong to a quantum network service station, authentication procedures
In involved quantum key be stuck in the local quantum network service station and register and issue.Specific steps in figure, include greatly referring to Fig. 4
Encrypted part is indicated in number, followed by the key that uses of content representation, such as { Ainfo+N1 } KA expressions are added using KA
Close Ainfo+N1.
Specific steps verbal description is as follows:
The first step:User terminal A is to quantum network service station application license bill TGT.
A. user side authentication key generates:The matched quantum key cards of user terminal A are according to the key seed stored
Random number R 1 caused by randomizer obtains key K in conjunction with key schedule AS in SA and cardA(hereinafter referred to as KA,
Other Chinese character parts that similarly save are as referred to as) and true random number N1.And by random number R 1 and key schedule ID and close
Key seed ID passes to quantum network service station;And quantum network service station is notified to carry out key synchronization.
Network side authentication key generates:Quantum network service station is in response to the notice from user terminal A, according to key
Generating algorithm ID and key seed ID, finds out corresponding key seed SA ' in current quantum network service station and key generates
Algorithm AS ' is obtained and key K in conjunction with 1 operation of random number RAIdentical key KA', and and N1Identical true random number N1’。
B. user terminal A sends identity authentication service request:User terminal A is to quantum network service station quantum network service station
Authentication server sends identity authentication service request, and request content includes:
1. using KAThe identity information Ainfo and N of encrypted user terminal A1As pre- identification authentication data;
2. the identity information TGSinfo of ticket-granting server in quantum network service station.
C. quantum network service station carries out authentication with user terminal A:Quantum network service station is used and KAIdentical KA' right
Request message is decrypted, and the true random number N in pre- identification authentication data is obtained1, with N1' be compared, complete quantum network service station
With the authentication between user terminal A.
D. quantum network service station generates key:Quantum network service station generates key K by real random number generatorQWith
With the login sessions key K of user terminal AQ-A。
E. quantum network service station sends identity authentication service and replys:Body between quantum network service station and user terminal A
After the completion of part certification, quantum network service station sends a identity authentication service to user terminal A and replys, and reply content includes:
1. using KA' encrypted KQ-A;
2. using KQEncrypted permission ticket TGT;
TGT includes KQ-A, the identity information Ainfo and TGT expiration time endtime1 of user terminal A.Expiration time can be
Maximum time period can also be that maximum access times, or both combine and take one first reached.TGT can be used for applying obtaining
The Ticket of a certain user terminal for taking the ticket-granting server for accessing the quantum service station to be capable of providing.
F. user terminal A, which is obtained, replys:User terminal A is received after identity authentication service is replied to get to TGT, also using and KA’
Identical KAFirst part is decrypted, K is obtainedQ-A。
Second step:User terminal A applies for the bill Ticket for accessing user terminal B by TGT to quantum network service station.
A. authentication key generates:The matched quantum key cards of user terminal A generate true random number N2.Quantum network service
It stands according to the corresponding true random number N of generation2’。
True random number N2, N2' for both sides implement certification, can be generated in advance, such as after last sign off it is i.e. pre-
Implementing the true random number of certification when first generating communication next time.Also it can be considered the generation result after last key synchronization.
True random number N2, N2' generating mode and opportunity can also be used similar to true random number N1And N1' mode.
User side authentication key generates:The matched quantum key cards of user terminal B are according to the key seed SB stored
And random number R 2 caused by randomizer obtains key K in conjunction with key schedule BS in cardB.And by random number R 2
And key schedule ID and key seed ID pass to quantum network service station.
Network side authentication key generates:Quantum network service station according to key schedule ID and key seed ID,
Corresponding key seed SB ' and key schedule BS ' is found out in current quantum network service station, in conjunction with 2 operation of random number R
Obtain key KB’。
B. user terminal A sends the request of bill licensed service:Bill licensed services of the user terminal A into quantum network service station
Device sends bill license request, and request content includes:
1. using KQEncrypted TGT;
2. using KQ-AThe identity information Ainfo and N of encrypted user terminal A2As identification authentication data;
3. the identity information Binfo for the user terminal B that user terminal A is desired access to.
C. ticket-granting server carries out authentication to user terminal A:Bill licensed service in quantum network service station
Device passes through KQDecryption TGT obtains KQ-A, then pass through KQ-ADecryption identity authentication data obtains N2, with N2' be compared, complete identity
Certification.
Since authentication server and ticket-granting server are with a quantum network service station is in, the two can be total to
Enjoy KQ。
D. quantum network service station generates key:Quantum network service station generates user terminal A by real random number generator
With the session key K of user terminal BA-B。
E. quantum network service station sends bill licensed service and replys:Rear quantum network service station is verified to user terminal
A sends bill licensed service and replys, and reply content includes:
1. using KQ-AEncrypted KA-B;
2. using KB' encrypted Ticket;
Ticket includes KA-B, the identity information Ainfo and Ticket expiration time endtime2 of user terminal A.
It is stored with key K in the matched quantum key cards of user terminal BB, therefore quantum network service station is according to user terminal B
The ID for the quantum key card matched uses identical key K in stationB' encrypt KA-B, for being used after user terminal B decryption.
F. user terminal A, which is obtained, replys:User terminal A is received after bill licensed service is replied to get to Ticket, and is used
KQ-AFirst part is decrypted, K is obtainedA-B。
Third walks:User terminal A provides Ticket to user terminal B and completes authentication.
A. authentication key generates:The matched quantum key cards of user terminal B generate true random number N3.And by generating mode
Quantum network service station, quantum network service station is notified to generate corresponding true random number N3’.Use KA-BEncryption is sent to user
Hold A.User terminal A decrypts to obtain N3’。
True random number N3And N3' in order to implement certification between user terminal A and user terminal B, user terminal A obtains N3' side
Formula can also be the presynchronization after being communicated based on user terminal A and user terminal B last times.
B. user terminal A initiates a session request:User terminal A initiates a session request to user terminal B, and request content includes:
1. using KB' encrypted Ticket;
2. using KA-BThe identity information Ainfo and N of encrypted user terminal A3' it is used as identification authentication data;
3. Flag (for representing whether bi-directional verification).
C. user terminal B carries out authentication to user terminal A:User terminal B passes through KBDecryption Ticket obtains KA-B, then pass through
KA-BDecryption identity authentication data obtains N3', with N3It is compared, completes authentication.If be proved to be successful, user terminal A is allowed
The resource for needing to access is accessed, the request of other side is otherwise directly refused.
D. if necessary to bi-directional verification, user terminal B extracts the N in identification authentication data3', use KA-BEncryption, and by its
It is sent to identity of the user terminal A for user terminal A verification user terminals B.
For client when carrying out authentication, key seed, which is used for a long time or reuses, has the possibility being cracked, and is
The safety of this identity authorization system is improved, key seed needs timing to update.
Update mode in the present embodiment is:
After user terminal establishes communication connection with matched quantum key card, user terminal is close to quantum by upper level applications
Key card sends update application, which is also sent to quantum network service station simultaneously.
After update application is received in key storage clamping, make by preset Policy Updates key seed, such as by a part
Used key seed does failure indication, does not use, and enables new key seed.
After quantum network service station receives update application, Policy Updates quantum consensus with quantum key card in advance is pressed
The key seed of respective stored in network service station is realized constantly corresponding with quantum key card.Each embodiment in the present invention
The update method of key seed is all made of the above method.
Embodiment 2, the authentication of two user terminals in wide area network
As shown in figure 3, when user terminal A, user terminal B are not belonging to the same quantum network service station, authentication procedures
In the quantum network service station registration of involved quantum key card respectively belonging to the user terminal issue.In the present embodiment is
System framework is different from 1 place of embodiment as using in the wide area network, primary centre is a prefecture-level city or quite big cell
The quantum network core station in domain, secondary switching center are the quantum network core station of a county-level city or suitable size area, amount
Sub-network service station is the quantum communications access website of the suitable size area in a small towns or subdistrict office.
Primary centre is connected with multiple secondary switching centers of subordinate with Star Network structure, and secondary switching center can
To be connected with Star Network structure with the quantum network service station of multiple subordinaties.
Due to needing interior communication, each switching centre and quantum network service station to be respectively equipped with quantum key distribution
Equipment can realize the shared of key between station by QKD modes.The other equipment in quantum network service station and pass in the present embodiment
Embodiment 1 is can be found in the description of quantum key card.
Such as primary centre and the secondary switching center of subordinate are utilized respectively between quantum key distribution equipment realization station
Quantum key is shared, and the quantum network service station of secondary switching center and subordinate are utilized respectively quantum key distribution equipment reality
Quantum key is shared between now standing, and it can also be at least two sets integrated that quantum key distribution equipment, which can be a set of,.
Between two primary centres due to distance farther out, can be used Quantum repeater station mode realize station between quantum it is close
Key is shared.
In the present embodiment, user terminal A and user terminal B will carry out authentication, and user terminal A belongs to quantum network service station
A, i.e., for user terminal A, current quantum network service station is the quantum network service station with user terminal A communication connections
A;Similarly user terminal B belongs to quantum network service station B.The specific part that the present embodiment is different from embodiment 1 is in third step
True random number N3Acquisition and transmission mode.
For specific steps referring to Fig. 4, verbal description is as follows:
The first step:User terminal A is to the quantum network service station A application license bills TGT belonging to user terminal A.
A. user side authentication key generates:The matched quantum key cards of user terminal A are according to the key seed stored
Random number R 1 caused by randomizer obtains key K in conjunction with key schedule AS in SA and cardAAnd true random number
N1.And random number R 1 and key schedule ID and key seed ID are passed into quantum network service station;And notify quantum
Network service station carries out key synchronization.
Network side authentication key generates:Quantum network service station is in response to the notice from user terminal A, according to key
Generating algorithm ID and key seed ID, finds out corresponding key seed SA ' in current quantum network service station and key generates
Algorithm AS ' is obtained and key K in conjunction with 1 operation of random number RAIdentical key KA', and and N1Identical true random number N1’。
B. user terminal A sends identity authentication service request:User terminal A is to quantum network service station quantum network service station
Authentication server sends identity authentication service request, and request content includes:
1. using KAThe identity information Ainfo and N of encrypted user terminal A1As pre- identification authentication data;
2. the identity information TGSinfo of ticket-granting server in quantum network service station.
C. quantum network service station carries out authentication with user terminal A:Quantum network service station is used and KAIdentical KA' right
Request message is decrypted, and the true random number N in pre- identification authentication data is obtained1, with N1' be compared, complete quantum network service station
With the authentication between user terminal A.
D. quantum network service station generates key:Quantum network service station generates key K by real random number generatorQWith
With the login sessions key K of user terminal AQ-A。
E. quantum network service station sends identity authentication service and replys:Body between quantum network service station and user terminal A
After the completion of part certification, quantum network service station sends a identity authentication service to user terminal A and replys, and reply content includes:
1. using KA' encrypted KQ-A;
2. using KQEncrypted permission ticket TGT;
TGT includes KQ-A, the identity information Ainfo and TGT expiration time endtime1 of user terminal A.
F. user terminal A, which is obtained, replys:User terminal A is received after identity authentication service is replied to get to TGT, also uses KASolution
Close first part, obtains KQ-A。
Second step:User terminal A applies for the bill Ticket for accessing user terminal B by TGT to quantum network service station.
A. authentication key generates:The matched quantum key cards of user terminal A generate true random number N2.Quantum network service
It stands according to the corresponding true random number N of generation2’。
User side authentication key generates:The matched quantum key cards of user terminal B are according to the key seed SB stored
And random number R 2 caused by randomizer obtains key K in conjunction with key schedule BS in cardB.And by random number R 2
And key schedule ID and key seed ID pass to quantum network service station.
Network side authentication key generates:Quantum network service station according to key schedule ID and key seed ID,
Corresponding key seed SB ' and key schedule BS ' is found out in current quantum network service station, in conjunction with 2 operation of random number R
Obtain key KB’。
B. user terminal A sends the request of bill licensed service:Bill licensed services of the user terminal A into quantum network service station
Device sends bill license request, and request content includes:
1. using KQEncrypted TGT;
2. using KQ-AThe identity information Ainfo and N of encrypted user terminal A2As identification authentication data;
3. the identity information Binfo for the user terminal B that user terminal A is desired access to.
C. ticket-granting server carries out authentication to user terminal A:Bill licensed service in quantum network service station
Device passes through KQDecryption TGT obtains KQ-A, then pass through KQ-ADecryption identity authentication data obtains N2, with N2' be compared, complete identity
Certification.
D. quantum network service station generates key:Quantum network service station generates user terminal A by real random number generator
With the session key K of user terminal BA-B。
E. quantum network service station sends bill licensed service and replys:Rear quantum network service station is verified to user terminal
A sends bill licensed service and replys, and reply content includes:
1. using KQ-AEncrypted KA-B;
2. using KB' encrypted Ticket;
Ticket includes KA-B, the identity information Ainfo and Ticket expiration time endtime2 of user terminal A.
F. user terminal A, which is obtained, replys:User terminal A is received after bill licensed service is replied to get to Ticket, and is used
KQ-AFirst part is decrypted, K is obtainedA-B。
Third walks:User terminal A provides Ticket to user terminal B and completes authentication.
A. authentication key generates:The matched quantum key cards of user terminal B generate true random number N3.Belonging to user terminal B
Quantum network service station B generate corresponding true random number N3’。
Quantum network service station belonging to user terminal A utilizes respective amount with the quantum network service station belonging to user terminal B
Quantum key is shared between quantum key distribution equipment realization station so that the true random number N of plaintext version3' belonging to user terminal B
It is sent to quantum network service station belonging to user terminal A after the encryption of quantum network service station, then decrypted recovers plaintext version
N3’。
If also wanted between quantum network service station belonging to user terminal A and the quantum network service station belonging to user terminal B
By other network node transfers, then by corresponding between two quantum network service stations (or network node) of direct communication connection
Quantum key distribution equipment formed station between quantum key, and successively transfer transmit ciphertext.
Between standing the distribution of quantum key be by the strange land key that fundamental principles of quantum mechanics is realized share in the way of, preferably
For BB84 agreements.
Quantum network service station A belonging to user terminal A is received and is decrypted to obtain N3' K is used afterwardsA-BEncryption is sent to user
Hold A.User terminal A decrypts to obtain N3’。
B. user terminal A initiates a session request:User terminal A initiates a session request to user terminal B, and request content includes:
1. using KB' encrypted Ticket;
2. using KA-BThe identity information Ainfo and N of encrypted user terminal A3' it is used as identification authentication data;
3. Flag (for representing whether bi-directional verification).
C. user terminal B carries out authentication to user terminal A:User terminal B passes through KBDecryption Ticket obtains KA-B, then pass through
KA-BDecryption identity authentication data obtains N3', with N3It is compared, completes authentication.If be proved to be successful, user terminal A is allowed
The resource for needing to access is accessed, the request of other side is otherwise directly refused.
D. if necessary to bi-directional verification, user terminal B extracts the N in identification authentication data3', use KA-BEncryption, and by its
It is sent to identity of the user terminal A for user terminal A verification user terminals B.
Existing identity identifying technology causes to occur Replay Attack based on kerberos authentication scheme to the use of timestamp
Possibility, and entire Kerberos protocol requirements are synchronized based on clock in network, whole system time synchronization is required it is high,
It is difficult to realize in large-scale distributed system.The present invention replaces the timestamp of former scheme using quantum true random number, solves out
The possibility of existing Replay Attack.Not using timestamp also makes system not require system time synchronization.The present invention uses quantum
Key card stores user terminal key rather than user terminal memory, and quantum key card is independent hardware device, by Malware
Or malicious operation is stolen the possibility of key and is substantially reduced.The long term keys of user terminal often change in the present invention, and existing
Have in technology that user terminal long term keys are constant to be greatly improved compared to safety.
Disclosed above is only the embodiment of the present invention, but the present invention is not limited to this, those skilled in the art
Various changes and modifications can be made to the invention without departing from the spirit and scope of the present invention.These obvious modification and variations are equal
Should belong to the present invention claims protection domain protection in.In addition, although having used some specific terms in this specification, this
A little terms merely for convenience of description, are not constituted the present invention any specifically limited.
Claims (10)
1. a kind of identity authorization system based on quantum network, which is characterized in that including user terminal A, user terminal B and quantum net
TGT and corresponding Ticket is applied in network service station, wherein user terminal A to quantum network service station, and utilizes acquisition
Ticket accesses user terminal B;
Each user terminal is each configured with quantum key card, and corresponding amount is stored between quantum key card and quantum network service station
Sub-key;Configured quantum key is utilized when being communicated between user terminal A and quantum network service station and between two users end
Card carries out authentication.
2. the identity authorization system based on quantum network as described in claim 1, which is characterized in that the quantum network service
Stand including authentication server and ticket-granting server, the user terminal A to authentication server application TGT, then according to
According to the TGT to ticket-granting server application Ticket;
User terminal A carries out identity respectively using matched quantum key card with authentication server and ticket-granting server to be recognized
Card, include when carrying out authentication, in the identification authentication data transmitted by user terminal A generated by quantum key card it is random
Number, quantum network service station generate corresponding random number and are compared respectively for authentication server and ticket-granting server
Certification.
3. the identity authorization system based on quantum network as claimed in claim 2, which is characterized in that user terminal A recognizes to identity
When demonstrate,proving server application TGT, the request of transmission includes the identification authentication data A1 and ticket-granting server of user terminal A
Identity information, authentication server are authenticated for identification authentication data A1, and are replied after certification passes through and permitted with bill
It can the corresponding TGT of server;
The identification authentication data A1 includes the identity information Ainfo and random number N of user terminal A1, the random number N1Generation
Mode is:
The matched quantum key cards of user terminal A generate random number R 1, using this according to true random number R1 and key schedule
Quantum key as key seed in quantum key card is carried out obtaining true random number N to operation1;
Random number R 1 and key schedule ID and key seed ID are also passed to quantum network service station by user terminal A, with
Corresponding true random number N is generated for authentication server1' it is authenticated comparison.
4. the identity authorization system based on quantum network as claimed in claim 3, which is characterized in that authentication server is logical
Include the reply of the TGT to user terminal A transmissions, the TGT is using key K in station after crossing identification authentication data A1 certificationsQ
Encryption, so that ticket-granting server is decrypted;
Include the TGT reply in, also include key KQ-A, for adding between user terminal A and ticket-granting server
Close communication.
5. the identity authorization system based on quantum network as claimed in claim 4, which is characterized in that user terminal A according to TGT to
When ticket-granting server application Ticket, the request of transmission includes KQEncrypted TGT, key KQ-AEncrypted user terminal A's
The identity information Binfo of identification authentication data A2 and user terminal B, ticket-granting server are carried out for identification authentication data A2
Certification, and pass through the reply that A transmissions in rear line end include the Ticket in certification;
Identification authentication data A2 includes the identity information Ainfo and true random number N of user terminal A2, true random number N2Generation side
Formula is:
The matched quantum key cards of user terminal A generate random number R 2, using this according to true random number R2 and key schedule
Quantum key as key seed in quantum key card is carried out obtaining true random number N to operation2;
Random number R 2 and key schedule ID and key seed ID are also passed to quantum network service station by user terminal A, with
Corresponding true random number N is generated for ticket-granting server2' it is authenticated comparison.
6. the identity authorization system based on quantum network as claimed in claim 5, which is characterized in that include the Ticket
Reply in, also include key KA-B, for the coded communication between user terminal A and user terminal B;Key KA-BUsing ciphertext side
Formula passes through key KQ-AEncryption.
7. the identity authorization system based on quantum network as described in claim 1, which is characterized in that user terminal A is utilized
Include true random number in the identification authentication data transmitted by user terminal A when Ticket accesses user terminal B progress authentications,
The true random number comes from quantum network service station, and identical as the random number that the quantum key card of user terminal B is generated, user
End B is authenticated user terminal A by the random number.
8. the identity authorization system based on quantum network as claimed in claim 6, which is characterized in that user terminal A is utilized
When Ticket accesses user terminal B, the request of transmission includes key KB' encrypted Ticket, key KA-BEncrypted user terminal A
Identification authentication data A3, user terminal B is authenticated for identification authentication data A3, and is carried by rear line end A in certification
The resource accessed for request;
Identification authentication data A3 includes the identity information Ainfo and true random number N of user terminal A3', true random number N3' generation
Mode is:
The matched quantum key cards of user terminal B generate true random number N3, and generating mode is notified into quantum network service station, quantum
Network service station generates corresponding true random number N3', and by true random number N3' it is sent to user terminal A.
9. the identity authorization system based on quantum network as claimed in claim 8, which is characterized in that user terminal A is utilized
When Ticket accesses user terminal B, further includes whether needing the mark of bi-directional verification in the request of transmission, such as needs bi-directional verification,
Then user terminal B extracts the true random number N in identification authentication data A33', use KA-BEncryption is sent to user terminal A, is used for user
Hold the identity of A verification user terminals B.
10. the identity authorization system based on quantum network as described in claim 1, which is characterized in that user terminal with it is matched
After quantum key card establishes communication connection, user terminal sends update application by upper level applications to quantum key card, this is more
It is new to apply while being also sent to quantum network service station;
After update application is received in key storage clamping, by preset Policy Updates key seed;
After quantum network service station receives update application, Policy Updates quantum network consensus with quantum key card in advance is pressed
The key seed of respective stored in service station.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810171948.1A CN108566273A (en) | 2018-03-01 | 2018-03-01 | Identity authorization system based on quantum network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810171948.1A CN108566273A (en) | 2018-03-01 | 2018-03-01 | Identity authorization system based on quantum network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108566273A true CN108566273A (en) | 2018-09-21 |
Family
ID=63532422
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810171948.1A Pending CN108566273A (en) | 2018-03-01 | 2018-03-01 | Identity authorization system based on quantum network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108566273A (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109194477A (en) * | 2018-11-12 | 2019-01-11 | 中共中央办公厅电子科技学院 | The access node device of quantum secret communication network system and communications network system including the device |
CN109670827A (en) * | 2018-11-29 | 2019-04-23 | 如般量子科技有限公司 | Anti- quantum calculation block chain method of commerce based on pool of symmetric keys |
CN109670826A (en) * | 2018-11-29 | 2019-04-23 | 如般量子科技有限公司 | Anti- quantum calculation block chain method of commerce based on unsymmetrical key pond |
CN110098925A (en) * | 2019-04-22 | 2019-08-06 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system |
CN110213056A (en) * | 2019-05-15 | 2019-09-06 | 如般量子科技有限公司 | Anti- quantum calculation energy-saving communication method and system and computer equipment based on online static signature |
CN111314074A (en) * | 2020-02-25 | 2020-06-19 | 南京如般量子科技有限公司 | Secret sharing and timestamp based quantum secret communication key distribution and negotiation system |
CN113422679A (en) * | 2020-07-20 | 2021-09-21 | 阿里巴巴集团控股有限公司 | Key generation method, device and system, encryption method, electronic device and computer-readable storage medium |
CN113595725A (en) * | 2021-07-29 | 2021-11-02 | 如般量子科技有限公司 | Communication system and communication method based on quantum key card arrangement |
CN114765541A (en) * | 2020-12-31 | 2022-07-19 | 科大国盾量子技术股份有限公司 | Secret key distribution method and system of quantum key fob |
JP7392065B2 (en) | 2022-02-25 | 2023-12-05 | 株式会社東芝 | Quantum networks and authentication methods |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1805341A (en) * | 2006-01-11 | 2006-07-19 | 西安电子科技大学 | Network authentication and key allocation method across secure domains |
CN102457482A (en) * | 2010-10-19 | 2012-05-16 | 成都市华为赛门铁克科技有限公司 | Authentication method, apparatus and system thereof |
US9241044B2 (en) * | 2013-08-28 | 2016-01-19 | Hola Networks, Ltd. | System and method for improving internet communication by using intermediate nodes |
CN106357649A (en) * | 2016-09-23 | 2017-01-25 | 浙江神州量子网络科技有限公司 | User identity authentication system and method |
CN106411525A (en) * | 2016-09-23 | 2017-02-15 | 浙江神州量子网络科技有限公司 | Message authentication method and system |
CN107257334A (en) * | 2017-06-08 | 2017-10-17 | 中国电子科技集团公司第三十二研究所 | Identity authentication method for Hadoop cluster |
-
2018
- 2018-03-01 CN CN201810171948.1A patent/CN108566273A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1805341A (en) * | 2006-01-11 | 2006-07-19 | 西安电子科技大学 | Network authentication and key allocation method across secure domains |
CN102457482A (en) * | 2010-10-19 | 2012-05-16 | 成都市华为赛门铁克科技有限公司 | Authentication method, apparatus and system thereof |
US9241044B2 (en) * | 2013-08-28 | 2016-01-19 | Hola Networks, Ltd. | System and method for improving internet communication by using intermediate nodes |
CN106357649A (en) * | 2016-09-23 | 2017-01-25 | 浙江神州量子网络科技有限公司 | User identity authentication system and method |
CN106411525A (en) * | 2016-09-23 | 2017-02-15 | 浙江神州量子网络科技有限公司 | Message authentication method and system |
CN107257334A (en) * | 2017-06-08 | 2017-10-17 | 中国电子科技集团公司第三十二研究所 | Identity authentication method for Hadoop cluster |
Non-Patent Citations (3)
Title |
---|
MIN LI ET AL: "《A Novel Identity Authentication Scheme of Wireless Mesh Network Based on Improved Kerberos Protocol》", 《2014 13TH INTERNATIONAL SYMPOSIUM ON DISTRIBUTED COMPUTING AND APPLICATIONS TO BUSINESS, ENGINEERING AND SCIENCE》 * |
付歌 ET AL: "《基于Kerberos认证系统的一个改进的安全认证技术》", 《计算机工程》 * |
邓捷: "《身份认证方案的研究与设计》", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109194477A (en) * | 2018-11-12 | 2019-01-11 | 中共中央办公厅电子科技学院 | The access node device of quantum secret communication network system and communications network system including the device |
CN109194477B (en) * | 2018-11-12 | 2024-04-02 | 中共中央办公厅电子科技学院 | Access node device for quantum secret communication network system and communication network system comprising the same |
CN109670827A (en) * | 2018-11-29 | 2019-04-23 | 如般量子科技有限公司 | Anti- quantum calculation block chain method of commerce based on pool of symmetric keys |
CN109670826A (en) * | 2018-11-29 | 2019-04-23 | 如般量子科技有限公司 | Anti- quantum calculation block chain method of commerce based on unsymmetrical key pond |
CN109670826B (en) * | 2018-11-29 | 2020-11-17 | 如般量子科技有限公司 | Anti-quantum computation block chain transaction method based on asymmetric key pool |
CN109670827B (en) * | 2018-11-29 | 2020-11-17 | 如般量子科技有限公司 | Anti-quantum computation blockchain transaction method based on symmetric key pool |
CN110098925A (en) * | 2019-04-22 | 2019-08-06 | 如般量子科技有限公司 | Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system |
CN110098925B (en) * | 2019-04-22 | 2023-09-05 | 如般量子科技有限公司 | Quantum communication service station key negotiation method and system based on asymmetric key pool pair and random number |
CN110213056B (en) * | 2019-05-15 | 2023-03-24 | 如般量子科技有限公司 | Anti-quantum computing energy-saving communication method and system and computer equipment |
CN110213056A (en) * | 2019-05-15 | 2019-09-06 | 如般量子科技有限公司 | Anti- quantum calculation energy-saving communication method and system and computer equipment based on online static signature |
CN111314074A (en) * | 2020-02-25 | 2020-06-19 | 南京如般量子科技有限公司 | Secret sharing and timestamp based quantum secret communication key distribution and negotiation system |
CN113422679A (en) * | 2020-07-20 | 2021-09-21 | 阿里巴巴集团控股有限公司 | Key generation method, device and system, encryption method, electronic device and computer-readable storage medium |
CN114765541A (en) * | 2020-12-31 | 2022-07-19 | 科大国盾量子技术股份有限公司 | Secret key distribution method and system of quantum key fob |
CN114765541B (en) * | 2020-12-31 | 2024-02-23 | 科大国盾量子技术股份有限公司 | Key distribution method and system of quantum key fob |
CN113595725B (en) * | 2021-07-29 | 2023-08-11 | 如般量子科技有限公司 | Communication system and communication method based on quantum key card arrangement |
CN113595725A (en) * | 2021-07-29 | 2021-11-02 | 如般量子科技有限公司 | Communication system and communication method based on quantum key card arrangement |
JP7392065B2 (en) | 2022-02-25 | 2023-12-05 | 株式会社東芝 | Quantum networks and authentication methods |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108768653A (en) | Identity authorization system based on quantum key card | |
CN108566273A (en) | Identity authorization system based on quantum network | |
CN106357396B (en) | Digital signature method and system and quantum key card | |
CN101189827B (en) | Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method | |
CN108683501B (en) | Multiple identity authentication system and method with timestamp as random number based on quantum communication network | |
CN106357649A (en) | User identity authentication system and method | |
CN110932870B (en) | Quantum communication service station key negotiation system and method | |
CN108650028B (en) | Multiple identity authentication system and method based on quantum communication network and true random number | |
CN106452739A (en) | Quantum network service station and quantum communication network | |
CN106411525A (en) | Message authentication method and system | |
CN108964897B (en) | Identity authentication system and method based on group communication | |
CN108964896B (en) | Kerberos identity authentication system and method based on group key pool | |
CN105553654B (en) | Key information processing method and device, key information management system | |
CN108600152B (en) | Improved Kerberos identity authentication system and method based on quantum communication network | |
CN108282329A (en) | A kind of Bidirectional identity authentication method and device | |
CN108964895B (en) | User-to-User identity authentication system and method based on group key pool and improved Kerberos | |
CN108809633A (en) | A kind of identity authentication method, apparatus and system | |
CN108880799A (en) | Multiple identity authorization system and method based on group key pond | |
CN108809636A (en) | The communication system and communication means of message authentication between member are realized based on group's type quantum key card | |
CN108632042A (en) | A kind of class AKA identity authorization systems and method based on pool of symmetric keys | |
CN110505055A (en) | Based on unsymmetrical key pond to and key card outer net access identity authentication method and system | |
CN110535626A (en) | The quantum communications service station secret communication method and system of identity-based | |
CN206042014U (en) | Quantum network service station and quantum communication network | |
CN110176989B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool | |
Hou et al. | Lightweight and privacy-preserving charging reservation authentication protocol for 5G-V2G |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180921 |
|
RJ01 | Rejection of invention patent application after publication |