CN108683501A - Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number - Google Patents

Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number Download PDF

Info

Publication number
CN108683501A
CN108683501A CN201810171946.2A CN201810171946A CN108683501A CN 108683501 A CN108683501 A CN 108683501A CN 201810171946 A CN201810171946 A CN 201810171946A CN 108683501 A CN108683501 A CN 108683501A
Authority
CN
China
Prior art keywords
user terminal
key
quantum
random number
network service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810171946.2A
Other languages
Chinese (zh)
Other versions
CN108683501B (en
Inventor
富尧
钟民
钟一民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201810171946.2A priority Critical patent/CN108683501B/en
Publication of CN108683501A publication Critical patent/CN108683501A/en
Application granted granted Critical
Publication of CN108683501B publication Critical patent/CN108683501B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of based on quantum communication network using timestamp as the multiple identity authorization system and method for random number, system includes user terminal A, user terminal B and quantum network service station, when user terminal A applies for ticket to user terminal B, user terminal B generated times, which stab, is sent to quantum network service station, quantum network service station generates ticket using the timestamp and session key, then the ticket is distributed to user terminal A and is distributed to user terminal B via user terminal A;The session key is used to implement between user terminal A and user terminal B coded communication and is generated by synchronous between user terminal A and quantum network service station;Each user terminal is each configured with quantum key card, for generating certification mark when true random number is used as ticket distributions and ticket.Of the invention its implements multiple certification based on quantum communication network by random number of timestamp, further improves safety, in addition improves the generating mode of session key, reduces the information content that authentication is transmitted.

Description

Based on quantum communication network using timestamp as the multiple identity authorization system of random number And method
Technical field
The present invention relates to Technique on Quantum Communication fields, more particularly to the authentication based on quantum network service station system And method.
Background technology
Authentication is to realize the basic fundamental of information security, and system is to confirm the user by examining the identity of user The no access having to certain resource and access right, can also equally carry out the authentication between system and system.
Identity authorization system generally uses kerberos authentication scheme in present communications network.Kerberos is a kind of network Authentication protocol, design object are that powerful authentication service is provided for subscriber computer/server application by cipher key system.It should Certification of the realization of verification process independent of host operating system, is not necessarily based on the trust of host address, does not require on network The physical security of All hosts, and assume that the data packet transmitted on network can read, change and be inserted into data by arbitrary. Under case above, Kerberos as a kind of Third Party Authentication service trusty, be by traditional cryptographic technique (such as:Altogether Enjoy key) execute authentication service.
In kerberos authentication scheme, timestamp timestamp is introduced to check Replay Attack, but ticket According to there is life cycle, still can be used within the effective time of its life cycle.If the time for receiving message is to provide Within the scope of permission, it is judged that the message has freshness.But the attacker after obtaining licensing can send In this case the message of forgery is hard to find within the time of permission.
Problem of the existing technology:
(1) existing identity identifying technology causes to occur playback and attack based on kerberos authentication scheme to the use of timestamp The possibility hit.
(2) Kerberos protocol requirements are synchronized based on clock in network, height are required to whole system time synchronization, big It is difficult to realize in type distributed system.
(3) server will distribute session key to two user terminals respectively in the prior art, and there are some potential safety problemss.
(4) in the prior art, user terminal key storage, can be by Malware or malicious operation in user terminal memory It steals.
(5) Information Number that authentication is transmitted in the prior art is more, completes one-time identity authentication and needs to transmit five Information.
Invention content
The present invention provides a kind of identity authorization system, more as random number implementation using timestamp based on quantum communication network Secondary certification, further improves safety, in addition improves the generating mode of session key, reduces and is passed required for authentication The information content passed.
It is a kind of based on quantum communication network using timestamp as the multiple identity authorization system of random number, including user terminal A, User terminal B and quantum network service station, when user terminal A applies for ticket to user terminal B, user terminal B generated times stab transmission To quantum network service station, quantum network service station generates ticket using the timestamp and session key, then will be described Ticket is distributed to user terminal A and is distributed to user terminal B via user terminal A;
The session key is used to implement coded communication between user terminal A and user terminal B and by user terminal A and quantum net It is synchronous between network service station to generate;Each user terminal is each configured with quantum key card, for generating true random number as ticket Certification when distribution and ticket are used identifies.
User terminal A of the present invention and user terminal B is only convenient for difference and description, and A, B be not to user terminal itself Make additional qualification.
The quantum key card of the configuration of user terminal is stored with corresponding quantum key with quantum network service station respectively, is used for Direct or indirect encrypted transmission and authentication between user terminal and quantum network service station.
Quantum network service station as network side can be one or more, when multiple quantum network service stations participate in, Whole network side is visually integral, different when different quantum key cards belongs to different quantum network service stations Quantum network service station can by modes such as QKD between station encrypted transmission data.
Since the present invention is based on quantum networks, when not emphasizing especially, involved random number is true random number, Such as quantum random number, the key being related to is quantum key.
When user terminal A applies for ticket to user terminal B, including:
User terminal A generates key KAAnd session key KA-BAnd generating mode is notified into quantum network service station, user terminal B generates key KBAnd generating mode is notified into quantum network service station;
User terminal A sends first message to apply for ticket to user terminal B, and user terminal A bodies are carried in the first message Part information and the true random number N identified as certificationA, true random number NAIt is generated for the matched quantum key cards of user terminal A.
User terminal B generated times, which stab, is sent to quantum network service station, specifically include user terminal B in response to first message to Quantum network service station sends second message, which includes:
True random number N as certification markB, true random number NBIt is generated for the matched quantum key cards of user terminal B;
The identity information of user terminal B;
For issuing the instruction of trust, including the true random number N to user terminal AA, user terminal A identity information and The time stamp T that user terminal B is generatedB, and the instruction passes through key KBEncryption.
The quantum network service station according to the identity information of user terminal A and user terminal B in second message, generate with it is close Key KAIdentical key KA', with key KBIdentical key KB', and with session key KA-BIdentical session key KA-B’;
The third message that the quantum network service station generation carries the ticket is sent to user terminal A, the third Message includes:
ticket;
True random number NB
Utilize key KA' encrypted:Identity information, the true random number N of user terminal BA, session key KA-B' and timestamp TB
The wherein described ticket is including the use of key KB' encrypted:Identity information, the session key K of user terminal AA-B' with And time stamp TB
Such as key K in the present inventionAWith identical key KA', the difference in order to distinguish generation side is identified by footmark, by In using symmetric cryptography principle, therefore key KAWith key KA' it is identical in terms of content, for add accordingly, solving Close operation.Footmark in other appellations is distinguished similarly;Key KAIt also can abbreviation KA, other appellations are similarly.
When the ticket is distributed to user terminal B via user terminal A, user terminal A first verifies truly random in third message Number NA, be proved to be successful rear line end B send the 4th message, the 4th message include ticket and utilize session key KA-BEncrypted true random number NB
True random number N after user terminal B the 4th message of reception in the 4th message of verificationB
The multiple identity authorization system of the present invention further includes user terminal A accesses user terminal B according to the ticket, including:
User terminal A sends access request to user terminal B, which includes the true random number identified as certification NA' and the ticket, the true random number NA' it is that the matched quantum key cards of user terminal A generate;
User terminal B receives access request, verifies ticket, is verified rear line end A and sends checking request, the verification Request includes the true random number N identified as certificationB', and utilize session key KA-BEncrypted true random number NA', very with Machine number NB' it is that the matched quantum key cards of user terminal B generate;
User terminal A receives checking request and to true random number NA' verified, it is verified rear line end B transmissions and tests Card is replied, including the use of session key K in verification replyA-BEncrypted true random number NB’;
User terminal B receives verification and replys and to true random number NB' verified.
The ticket is updated according to predetermined condition, and when update includes:
User terminal A sends update request to user terminal B, and update request includes the true random number identified as certification NA" and the ticket, the true random number NA" it is that the matched quantum key cards of user terminal A generate;
User terminal B receives update request, verifies ticket, is verified rear line end A transmission updates and replys, the update Reply includes:
Updated session key KA-B", the identity information of user terminal B and new time stamp TB', and this three is using more Session key K before newA-B' encryption;
True random number N as certification markB", true random number NB" it is that the matched quantum key cards of user terminal B generate;
Utilize updated session key KA-B" encrypted true random number NA”;And
Updated ticket;
User terminal A receptions are renewed back to redoubling to true random number NA" verified, it is verified rear line end B and sends more It is new to feed back, including the use of updated session key K in update feedbackA-B" encrypted true random number NB”;
User terminal B receives update feedback and to true random number NB" verified.
Each certification mark is all that corresponding user terminal generates in matched quantum key card in the present invention, and is truly random Several forms.
The key of coded communication between session key and each user terminal and quantum network service station is all to pass through key Seed is obtained via assignment algorithm, user terminal when carrying out authentication, as key seed quantum key be used for a long time or Reuse has the possibility being cracked, and to improve the safety of this identity authorization system, key seed needs timing to update.
After user terminal establishes communication connection with matched quantum key card, user terminal is close to quantum by upper level applications Key card sends update application, which is also sent to quantum network service station simultaneously;
After update application is received in key storage clamping, by preset Policy Updates key seed;
After quantum network service station receives update application, Policy Updates quantum consensus with quantum key card in advance is pressed The key seed of respective stored in network service station.
In the present invention, optional situation is that the matched quantum key card of both user terminal A and user terminal B belongs to same Quantum network service station.It is stored with corresponding quantum key with the quantum network service station, also can be considered in LAN ring Under border.
If under wan environment, user terminal A belongs to different quantum from the matched quantum key cards of both user terminal B Network service station, such as:
The quantum network service station includes quantum network service station A and quantum network service station B, wherein user terminal A Matched quantum key card is issued from quantum network service station A, and the matched quantum key cards of user terminal B are issued to be taken from quantum network Business station B;
When user terminal A applies for ticket to user terminal B, user terminal A generates key KAAnd session key KA-BAnd it will generate Mode notifies quantum network service station A, user terminal B to generate key KBAnd generating mode is notified into quantum network service station B;
Quantum network service station B receives the second message from user terminal B, and quantum network service station B is according to second message The identity information of middle user terminal B generates and key KBIdentical key KB’;
Quantum network service station B utilizes key KB' instruction decryption that user terminal A issues trust is will serve to, after decryption Instruction quantum network service station A is sent to by encrypted transmission mode between station together with other contents in second message;
Identity informations of the quantum network service station A according to user terminal A, generates and key KAIdentical key KA', Yi Jiyu Session key KA-BIdentical session key KA-B’;
Quantum network service station A generates third message and is sent to user terminal A accordingly again.
The present invention also provides a kind of based on quantum communication network using timestamp as the multiple identity identifying method of random number, Implement in multiple identity authorization system of the present invention.
Due to having the detailed description of related procedure in multiple identity authorization system, because the method part repeats no more.
Existing identity identifying technology causes to occur Replay Attack based on kerberos certificate schemes to the use of timestamp Possibility, and entire kerberos protocol requirements are synchronized based on clock in network, whole system time synchronization is required it is high, It is difficult to realize in large-scale distributed system.The timestamp that former scheme uses has been changed to true random number by the present invention, and use with The associated timestamp of local clock of user terminal B, does not require the time synchronization of whole system.
In the present invention generating mode of session key be using quantum network service station it is synchronous with user terminal A generate rather than It is directly generated by quantum network service station, eliminates the process for distributing session key to user terminal B, reduce meeting in distribution procedure Words key is cracked and leads to the possibility of message leakage, improves safety.
The present invention is using quantum key card storage user terminal key rather than user terminal memory, quantum key card are independent Hardware device, the possibility that key is stolen by Malware or malicious operation substantially reduces.Initial authentication in the present invention It only needs to transmit four information, secondary authentication only needs to transmit three information, reduces transmission required for authentication Information Number.
Description of the drawings
Fig. 1 is identity authorization system structure chart of the present invention.
Fig. 2 is flow for authenticating ID figure in LAN;
(a) partly illustrates the flow of user terminal A applications ticket in figure;
(b) partly illustrates the flow of secondary authentication in figure;
(c) partly illustrates the flow of update ticket in figure.
Fig. 3 is flow for authenticating ID figure in wide area network;
(a) partly illustrates the flow of user terminal A applications ticket in figure;
(b) partly illustrates the flow of secondary authentication in figure;
(c) partly illustrates the flow of update ticket in figure.
Specific implementation mode
As shown in Figure 1, identity authorization system of the present invention may include multiple quantum network service stations, different quantum network clothes Quantum key between the shared station of QKD modes can be passed through between business station.
Quantum network service station includes:
Quantum service centre, be mainly used for by each user terminal of classic network and user side communication connection and and other Quantum network service station communicates to connect;Classic network includes but not limited to telecommunications network, internet, broadcasting and television network or other are logical Communication network etc..
Quantum key distribution equipment is mainly used for realizing the shared of quantum key between station by QKD modes.
Real random number generator, the application user side key for receiving the proposition of user side Key Management server are asked It asks, generates user side key, and be sent to user side Key Management server;Use herein is real random number generator.Its Preferably quantum real random number generator, or real random number generator based on circuit, based on the truly random of physical resource Number generator and other kinds of truly random generator.
User side Key Management server, the user side key that storage, management are generated from real random number generator, Ke Yijie Enter the quantum key card of packaged type, realizes hair fastener, registration, copy user side key, can be carried with reception amount sub-services center The application user side key request gone out, the user side key for sending corresponding length give quantum service centre.Quantum key card it is detailed Thin content see application No. is
The patent of " 201610846210.6 ".
Wherein quantum service centre includes:Authentication server, ticket-granting server can also be arranged as required to it His server, such as digital signature server, signature verification service device, encryption and decryption server etc..
Authentication server takes before the service such as received message certification, digital signature with quantum network for realizing user The mutual identity authentication at business station.There is the encrypted card using pci bus interface, for storing identity inside authentication server Authentication protocol, including key schedule, verification function, Encryption Transmission Protocol.
Ticket-granting server for realizing user obtain with after the mutual identity authentication in quantum network service station, for Distribute it and access the license of the application of a certain user in family.
Configured with user terminal 1~user terminal n in user terminal, such as figure under each quantum network service station, in this specification Different servers or other devices can also be integrated as needed on hardware.
User terminal is the equipment for accessing quantum network service station, can be mobile terminal, or be fixed terminal.When be it is mobile eventually When end, quantum key card is preferably quantum SD card;When for fixed terminal, quantum key card is preferably USBkey or host encryption Board.
When user goes to the quantum network service station of region to register, quantum key card is obtained after granted (there is unique quantum key card ID).Quantum key card stores user's registration register information, is also built-in with authentication association View includes at least key schedule and verification function or other and the relevant algorithm of authentication.
Also there is authentication protocol in each quantum network service station of network side accordingly, if there are two kinds for each algorithm in agreement More than, quantum key, which is stuck in, can be sent to algorithm label quantum network service station when being communicated with quantum network service station, for amount It chooses in sub-network service station.
User side key in quantum key card may be downloaded from down different quantum network service stations, therefore can come by difference There are different key seeds concentration, user terminals to take key seed by preset rule to generate key in source.It is different Key seed collection have unique key seed ID, be directed toward quantum network service station in be stored with corresponding key kind Son.
Quantum key card is developed from smart card techniques, is combined with quantum physics technology, cryptological technique, intelligence The authentication product of energy card technique and USB technologies.The embedded chip and chip operating system of quantum key card can provide private The functions such as the secure storage of key and cryptographic algorithm.Since it is with independent data-handling capacity and good safety, quantum Key card becomes the safety barrier of quantum true random number private key.Each quantum key card has the protection of hardware PIN code, PIN code Two necessary factors that user uses quantum key card are constituted with hardware.I.e. so-called " double factor authentication ", user is only simultaneously The quantum key card and user's PIN code for saving relevant authentication information are obtained, it just can be with login system.Even if the PIN code of user It is leaked, as long as the quantum key card that user holds is not stolen, the identity of validated user would not be counterfeit;If user's Quantum key card is lost, and the person of picking up also cannot counterfeit the identity of validated user due to not knowing user's PIN code.
Embodiment 1 belongs to two user terminal authentications in a quantum network service station in LAN
In following steps, each user side be related to plus solution, close operation, all in the matched quantum key card of institute into Row.The Encrypt and Decrypt operation that authentication server and ticket-granting server are related to, is the encryption and decryption in quantum network service station It is completed in server.
It is involved in authentication procedures when user terminal A, user terminal B belong to a quantum network service station Quantum key is stuck in local quantum network service station registration and issues.Specific steps are referring to Fig. 2, and in figure, quilt is indicated in braces Encrypted part indicates multiple contents of transmission in bracket, separated with comma, followed by the key that uses of content representation, Such as { A, NA, TB}KBIt indicates to use KBEncrypt A, NAAnd TB.If braces is not used, then it represents that be plaintext transmission.
In Fig. 21,2,3, the 4 of each section indicate respectively the flow in the part sequence, in part (a) of Fig. 2,1,2, 3,4 message1~message4 hereinafter is also corresponded to respectively.
In every message, if including multiple portions, each part is indicated as a line, such as message3 points are 3 Row indicates, that is, includes three parts, and wherein Part III is { B, NA, KA-B', TB}KA', rest part and remaining attached drawing are same Reason.
Specific steps verbal description is as follows:
1. user terminal A applies for Ticket.The part (a) in Fig. 2.
User terminal A and user terminal B carries out key synchronization with quantum network service station respectively:The matched quantum of user terminal A are close Key card combines key to generate and calculates according to random number R 1 caused by randomizer in the key seed SA and card stored Method AS obtains key KA(hereinafter referred to as KA, other Chinese character parts that similarly save are as referred to as).
The matched quantum key cards of user terminal A are produced according to randomizer in the key seed SA and card stored Raw random number R 2 obtains the session key K between user terminal B respectively in connection with key schedule ASA-B.By random number R 1, R2 and key schedule ID and key seed ID pass to quantum network service station;And quantum network service station is notified to carry out Key synchronization.
The matched quantum key cards of user terminal B are produced according to randomizer in the key seed SB and card stored Raw random number R 3 obtains key K in conjunction with key schedule BSB.By random number R 3 and key schedule ID and key kind Sub- ID passes to quantum network service station;And quantum network service station is notified to carry out key synchronization.
Key synchronization between both user terminal A and user terminal B and quantum network service station can be according to the condition of setting Or the period carries out in advance.
1.1 user terminal A generate true random number and are sent to user terminal B:The matched quantum key cards of user terminal A generate very with Machine number NA.By NAWith the identity information (A in Fig. 2 in message1) of A user terminal is sent to as the message1 of plaintext version B。
Step 1.1 is interpreted as including at least true random number N in message1AWith the identity information of A, user terminal A in order to The transmission of expression application ticket and message1 in a network, can select corresponding in the encapsulation process of message1 Protocol mode and inform that user terminal B applies for ticket, subsequent many places message transmission and two by modes such as identifiers In the process similarly, present invention focuses on true random number and ticket generating modes and fortune by secondary authentication and update ticket The prior art may be used in improvement, the encapsulation of message and network transmission mode itself.
1.2 user terminal B, which generate true random number and send, gives quantum network service station:The matched quantum key cards of user terminal B Generate true random number NB.By NBOne generated with the identity information and user terminal B of user terminal B is used for quantum network service station The instruction that trust is issued to A is sent to quantum network service station as message2.It is information that user terminal A, which is described in detail, in instruction Active applicant simultaneously provides the true random number N received from user terminal AA, instruction further includes the time stamp T that user terminal B is generatedB。TBIt is One timestamp for carrying start time, uses as random number.During later T is stabbed in the user terminal B times of receipt (T of R)BAfterwards, Whether user terminal B can check this start time and be consistent and whether review time stamp is in permissible range with current. Entire instruction uses KBEncryption.
Distribute session key in 1.3 quantum network service stations:Quantum network service station is according to key schedule ID and key Seed ID finds out corresponding key seed SA ' and key schedule AS ', in conjunction with random in current quantum network service station Number R1 operations obtain and key KAIdentical key KA’。
It is obtained and key K in conjunction with 2 operation of random number RA-BIdentical key KA-B’。
Quantum network service station is looked for according to key schedule ID and key seed ID in current quantum network service station Go out corresponding key seed SB ' and key schedule BS ', is obtained and key K in conjunction with 3 operation of random number RBIdentical key KB’。
Quantum network service station uses KB' decryption instructions, then by the identity information of user terminal A, KA-B' and TBIt uses KB' encryption, it is sent to user terminal A as the ticket in message3.Further include N in message3BWith use KA' encrypted Identity information, the N of user terminal BA、KA-B' and TB
1.4 user terminal A send ticket:User terminal A uses KADecrypt the last part of message3 (referring to Fig. 2, i.e., { B, NA, KA-B', TB}KA'), verify random number NAIt is whether identical in message1.Certification by afterwards ticket together with KA-BEncrypted random number NBIt is sent to user terminal B together as message4, the identity of oneself is proved to user terminal B.User terminal N is verified after B decryptionB
2. two authentications.The part (b) in Fig. 2.
2.1 user terminal A apply for re-authentication:User terminal A generates a new random number NA' and ticket send together To B.
2.2 user terminal A and user terminal B complete two-way authentication:After user terminal B receives the re-authentication application of user terminal A, test Ticket is demonstrate,proved, one new random number N of rear regeneration is passed throughB', complete the two-way authentication between AB with method same as above. User terminal B decryption ticket simultaneously verify TBIt checks this start time and whether is consistent and whether review time stamp with current In permissible range.After verification, obtained K is usedA-B' encryption NA', with NB' user terminal A is issued together, it is verified after A decryption NA', then use KA-BEncrypt NB' it is sent to user terminal B, verify N after user terminal B decryptionB', complete bidirectional identity authentication.
3. updating ticket.The part (c) in Fig. 2.
3.1 user terminal A application updates ticket:User terminal A generates a new random number NA" and ticket mono- rise Give B.
3.2 user terminal B distributes new ticket:After user terminal B certifications ticket, a new random number N is generatedB" and New key KB”.To KA-B' carry out operation generation KA-B", K can also be regeneratedA-B”.Use KA-B' encryption KA-B", user terminal The identity information of B and new time stamp TB', together with newly-generated NB", use KA-B" encrypted NA" and new ticket ' is together It is sent to user terminal A.Ticket ' key KB" encrypt, content is as follows:
1. new AB session keys KA-B”;
2. the identity information of A;
3. time stamp T newly-generated BB’。
3.3 user terminal A obtain new ticket and complete bi-directional verification with user terminal B:User terminal A is used after receiving information KA-BFirst part is decrypted, K is obtainedA-B”.Use KA-B" Part III completion is decrypted to NA" verification.Then K is usedA-B" encryption NB" and be sent to user terminal B, verify N after user terminal B decryptionB", complete bidirectional identity authentication.
In this system user terminal B may be with the unmatched quantum network service station B of A, pass through user terminal A and user It holds the information between the matched quantum network service station A of A and quantum network service station B three to transmit and completes user terminal A and quantum Authentication mutual network service station B.Due to needing interior communication, each switching centre and quantum network service Station is respectively equipped with quantum key distribution equipment, and the shared of key between station can be realized by QKD modes.The biography of message2 in 1.2 Quantum is close between passing usable quantum network service station A and quantum network service station B respective quantum key distribution equipment realizations station Key is shared so that the message2 of plaintext version is realized in quantum network service station A and quantum network service station B and transmitted.Amount If also to pass through other network node transfers, direct communication connection between sub-network service station A and quantum network service station B Two quantum network service stations (or network node) between by corresponding quantum key distribution equipment formed station between quantum it is close Key, and transfer transmits ciphertext successively.The distribution of quantum key is the strange land key realized using fundamental principles of quantum mechanics between standing Shared mode, preferably BB84 agreements.
For user when carrying out authentication, key seed, which is used for a long time or reuses, has the possibility being cracked, and is The safety of this identity authorization system is improved, key seed needs timing to update.
Update mode in the present embodiment is:
After user terminal establishes communication connection with matched quantum key card, user terminal is close to quantum by upper level applications Key card sends update application, which is also sent to quantum service centre simultaneously.
After update application is received in key storage clamping, make by preset Policy Updates key seed, such as by a part Used key seed does failure indication, does not use, and enables new key seed.
After quantum service centre receives update application, Policy Updates quantum net consensus with quantum key card in advance is pressed The key seed of respective stored in network service station is realized constantly corresponding with quantum key card.Each embodiment is close in the present invention The update method of key seed is all made of the above method.
Embodiment 2, the authentication of two user terminals in wide area network
As shown in figure 3, when user terminal A, user terminal B are not belonging to the same quantum network service station, authentication procedures In the quantum network service station registration of involved quantum key card respectively belonging to the user terminal issue.In the present embodiment is System framework is different from 1 place of embodiment as using in the wide area network, primary centre is a prefecture-level city or quite big cell The quantum network core station in domain, secondary switching center are the quantum network core station of a county-level city or suitable size area, amount Sub-network service station is the quantum communications access website of the suitable size area in a small towns or subdistrict office.
Primary centre is connected with multiple secondary switching centers of subordinate with Star Network structure, and secondary switching center can To be connected with Star Network structure with the quantum network service station of multiple subordinaties.
Due to needing interior communication, each switching centre and quantum network service station to be respectively equipped with quantum key distribution Equipment can realize the shared of key between station by QKD modes.The other equipment in quantum network service station and pass in the present embodiment Embodiment 1 is can be found in the description of quantum key card.
Such as primary centre and the secondary switching center of subordinate are utilized respectively between quantum key distribution equipment realization station Quantum key is shared, and the quantum network service station of secondary switching center and subordinate are utilized respectively quantum key distribution equipment reality Quantum key is shared between now standing, and it can also be at least two sets integrated that quantum key distribution equipment, which can be a set of,.
Between two primary centres due to distance farther out, can be used Quantum repeater station mode realize station between quantum it is close Key is shared.
In the present embodiment, user terminal A and user terminal B will carry out authentication, and user terminal A belongs to quantum network service station A, i.e., for user terminal A, current quantum network service station is the quantum network service station with user terminal A communication connections A;Similarly user terminal B belongs to quantum network service station B.The specific part that the present embodiment is different from embodiment 1 is key KA' Acquisition and transmission mode.
For specific steps referring to Fig. 3, verbal description is as follows:
1. user terminal A applies for Ticket.The part (a) in Fig. 3.
User terminal A and user terminal B carries out key synchronization with quantum network service station respectively:The matched quantum of user terminal A are close Key card is given birth to according to random number R 1 caused by randomizer in the key seed SA and card stored respectively in connection with key Key K is obtained at algorithm ASA(hereinafter referred to as KA, other Chinese character parts that similarly save are as referred to as).The matched quantum of user terminal A Key card is according to random number R 2 caused by randomizer in the key seed SA and card stored respectively in connection with key Generating algorithm AS obtains the session key K between user terminal BA-B.By random number R 1, R2 and key schedule ID and close Key seed ID passes to quantum network service station;And quantum network service station is notified to carry out key synchronization.The matched amounts of user terminal B Sub-key card combines key to give birth to according to random number R 3 caused by randomizer in the key seed SB and card stored Key K is obtained at algorithm BSB.Random number R 3 and key schedule ID and key seed ID are passed into quantum network service It stands;And quantum network service station is notified to carry out key synchronization.
1.1 user terminal A generate true random number and are sent to user terminal B:The matched quantum key cards of user terminal A generate very with Machine number NA.By NAWith the identity information of A user terminal B is sent to as the message1 of plaintext version.
1.2 user terminal B, which generate true random number and send, gives quantum network service station B:The matched quantum key cards of user terminal B Generate true random number NB.By NBOne generated with the identity information and B of B is used for issuing trust to A to quantum network service station Instruction is sent to quantum network service station B as message2.Instruction be described in detail A be information active applicant and provide from The random number N that user terminal A is receiveda, instruction further includes the time stamp T that user terminal B is generatedB。TBBe one with start time when Between stab, used as random number, T stabbed in the B times of receipt (T of R)BAfterwards, whether B can check this start time and be consistent with current And whether review time stamp is in permissible range.Entire instruction uses KBEncryption.
Distribute session key in 1.3 quantum network service stations:Quantum network service station B is according to key schedule ID and key Seed ID finds out corresponding key seed SB ' and key schedule BS ', in conjunction with random in current quantum network service station Number R3 operations obtain and key KBIdentical key KB’。
Quantum network service station A is according to key schedule ID and key seed ID, in current quantum network service station Corresponding key seed SA ' and key schedule AS ' is found out, is obtained and key K in conjunction with 1 operation of random number RAIdentical key KA’.It is obtained and key K in conjunction with 2 operation of random number RA-BIdentical key KA-B’。
Quantum network service station B uses KB' decryption instructions, obtain A, NAAnd TB
Quantum network service station A and quantum network service station B realizes the station area of a room using respective quantum key distribution equipment Sub-key is shared so that the B of plaintext version, NB, A, NA, TB, KB' be used as message3 after quantum network service station B encryptions It is sent to quantum network service station A.The decrypted information for recovering plaintext version again.
If it will also be by other network node transfers, directly between quantum network service station A and quantum network service station B It connects and is formed by corresponding quantum key distribution equipment between two quantum network service stations (or network node) of communication connection Quantum key between standing, and transfer transmits ciphertext successively.
Between standing the distribution of quantum key be by the strange land key that fundamental principles of quantum mechanics is realized share in the way of, preferably For BB84 agreements.
1.4 quantum network service station A and the session key that user terminal A and user terminal B are generated by real random number generator KA-B.By the identity of A, KA-BAnd TBUse KB' encryption, you is sent to user terminal A as the ticket in message4. Further include N in message4BWith use KA' encrypted B identity information, NA、KA-BAnd TB
1.5 user terminal A send ticket:User terminal A uses KAThe last part of message4 is decrypted, random number is verified NAIt is whether identical in message1.Then it uses ticket together with KA-BEncrypted random number NBTogether as message5 It is sent to user terminal B, the identity of oneself is proved to user terminal B.N is verified after user terminal B decryptionB
2. two authentications.The part (b) in Fig. 3.
2.1 user terminal A apply for re-authentication:User terminal A generates a new random number NA' and ticket send together To B.
2.2 user terminal A and user terminal B complete two-way authentication:It is raw after user terminal B receives the re-authentication application of user terminal A At a new random number NB', user terminal B decryption ticket simultaneously verify TBAfterwards, using obtained KA-B' encryption NA', with NB' one It rises and verifies N after issuing user terminal A, A decryptionA', then use KA-BEncrypt NB' it is sent to user terminal B, verify N after user terminal B decryptionB', Complete bidirectional identity authentication.
3. updating ticket.The part (c) in Fig. 3.
3.1 user terminal A application updates ticket:User terminal A generates a new random number NA" and ticket mono- rise Give B.
3.2 user terminal B distribute new ticket:After user terminal B certifications ticket, a new random number N is generatedB" and New key KB”.To KA-B' carry out operation generation KA-B", K can also be regeneratedA-B”.Use KA-B' encryption KA-B", the body of B Part information and new time stamp TB', together with newly-generated NB", use KA-B" encrypted NA" and new ticket ' send together Give user terminal A.Ticket ' key KB" encrypt, content is as follows:
1. the session key K of ABA-B”;
2. the identity information of A;
3. the time stamp T that B is generatedB’。
3.3 user terminal A obtain new ticket and complete bi-directional verification with user terminal B:User terminal A is used after receiving information KA-BFirst part is decrypted, K is obtainedA-B”.Use KA-B" Part III completion is decrypted to NA" verification.Then K is usedA-B" encryption NB" and be sent to user terminal B, verify N after user terminal B decryptionB", complete bidirectional identity authentication.
Disclosed above is only the embodiment of the present invention, but the present invention is not limited to this, those skilled in the art Various changes and modifications can be made to the invention without departing from the spirit and scope of the present invention.These obvious modification and variations are equal Should belong to the present invention claims protection domain protection in.In addition, although having used some specific terms in this specification, this A little terms merely for convenience of description, are not constituted the present invention any specifically limited.

Claims (9)

1. it is a kind of based on quantum communication network using timestamp as the multiple identity authorization system of random number, which is characterized in that packet User terminal A, user terminal B and quantum network service station are included, when user terminal A applies for ticket to user terminal B, user terminal B is generated Timestamp is sent to quantum network service station, and quantum network service station generates ticket using the timestamp and session key, The ticket is distributed to user terminal A again and is distributed to user terminal B via user terminal A;
The session key is used to implement coded communication between user terminal A and user terminal B and be taken by user terminal A and quantum network It is synchronous between business station to generate;Each user terminal is each configured with quantum key card, distributes as ticket for generating true random number And certification when ticket uses identifies.
2. as described in claim 1 based on quantum communication network using timestamp as the multiple identity authorization system of random number, It is characterized in that, when user terminal A applies for ticket to user terminal B, including:
User terminal A generates key KAAnd session key KA-BAnd by generating mode notice quantum network service station, user terminal B is generated Key KBAnd generating mode is notified into quantum network service station;
User terminal A sends first message to apply for ticket to user terminal B, and user terminal A identity letter is carried in the first message Breath and the true random number N identified as certificationA, true random number NAIt is generated for the matched quantum key cards of user terminal A.
3. as claimed in claim 2 based on quantum communication network using timestamp as the multiple identity authorization system of random number, It is characterized in that, user terminal B generated times stab and are sent to quantum network service station, specifically includes user terminal B and disappear in response to first It ceases to quantum network service station and sends second message, which includes:
True random number N as certification markB, true random number NBIt is generated for the matched quantum key cards of user terminal B;
The identity information of user terminal B;
For issuing the instruction of trust, including the true random number N to user terminal AA, user terminal A identity information and user terminal The time stamp T that B is generatedB, and the instruction passes through key KBEncryption.
4. as claimed in claim 3 based on quantum communication network using timestamp as the multiple identity authorization system of random number, It is characterized in that, the quantum network service station is generated according to the identity information of user terminal A and user terminal B in second message With key KAIdentical key KA', with key KBIdentical key KB', and with session key KA-BIdentical session key KA-B’;
The third message that the quantum network service station generation carries the ticket is sent to user terminal A, the third message Include:
ticket;
True random number NB
Utilize key KA' encrypted:Identity information, the true random number N of user terminal BA, session key KA-B' and time stamp TB
The wherein described ticket is including the use of key KB' encrypted:Identity information, the session key K of user terminal AA-B' and the time Stab TB
5. as claimed in claim 4 based on quantum communication network using timestamp as the multiple identity authorization system of random number, It is characterized in that, when the ticket is distributed to user terminal B via user terminal A, user terminal A first verify in third message it is true with Machine number NA, be proved to be successful rear line end B send the 4th message, the 4th message include ticket and utilize session key KA-BEncrypted true random number NB
True random number N after user terminal B the 4th message of reception in the 4th message of verificationB
6. as described in claim 1 based on quantum communication network using timestamp as the multiple identity authorization system of random number, User terminal B is accessed according to the ticket it is characterized in that, further including user terminal A, including:
User terminal A sends access request to user terminal B, which includes the true random number N identified as certificationA', with And the ticket, the true random number NA' it is that the matched quantum key cards of user terminal A generate;
User terminal B receives access request, verifies ticket, is verified rear line end A and sends checking request, the checking request Include the true random number N identified as certificationB', and utilize session key KA-BEncrypted true random number NA', true random number NB' it is that the matched quantum key cards of user terminal B generate;
User terminal A receives checking request and to true random number NA' verified, it is verified rear line end B transmissions and verifies back It is multiple, including the use of session key K in verification replyA-BEncrypted true random number NB’;
User terminal B receives verification and replys and to true random number NB' verified.
7. as described in claim 1 based on quantum communication network using timestamp as the multiple identity authorization system of random number, It is characterized in that, the ticket is updated according to predetermined condition, when update, includes:
User terminal A sends update request to user terminal B, and update request includes the true random number N identified as certificationA", with And the ticket, the true random number NA" it is that the matched quantum key cards of user terminal A generate;
User terminal B receives update request, verifies ticket, is verified rear line end A transmission updates and replys, which replys Including:
Updated session key KA-B", the identity information of user terminal B and new time stamp TB', and this three utilizes before updating Session key KA-B' encryption;
True random number N as certification markB", true random number NB" it is that the matched quantum key cards of user terminal B generate;
Utilize updated session key KA-B" encrypted true random number NA”;And
Updated ticket;
User terminal A receptions are renewed back to redoubling to true random number NA" verified, it is verified rear line end B and sends update instead It presents, including the use of updated session key K in update feedbackA-B" encrypted true random number NB”;
User terminal B receives update feedback and to true random number NB" verified.
8. as claimed in claim 4 based on quantum communication network using timestamp as the multiple identity authorization system of random number, It is characterized in that, the quantum network service station includes quantum network service station A and quantum network service station B, wherein user The end matched quantum key cards of A are issued from quantum network service station A, and the matched quantum key cards of user terminal B issue subnet of estimating one's own ability Network service station B;
When user terminal A applies for ticket to user terminal B, user terminal A generates key KAAnd session key KA-BAnd by generating mode Quantum network service station A, user terminal B is notified to generate key KBAnd generating mode is notified into quantum network service station B;
Quantum network service station B receives the second message from user terminal B, is used in quantum network service station B foundation second messages The identity information of family end B generates and key KBIdentical key KB’;
Quantum network service station B utilizes key KB' instruction decryption that user terminal A issues trust is will serve to, by the instruction after decryption Quantum network service station A is sent to by encrypted transmission mode between station together with other contents in second message;
Identity informations of the quantum network service station A according to user terminal A, generates and key KAIdentical key KA', and and session Key KA-BIdentical session key KA-B’;
Quantum network service station A generates third message and is sent to user terminal A accordingly again.
9. it is a kind of based on quantum communication network using timestamp as the multiple identity identifying method of random number, which is characterized in that it is real It applies in the multiple identity authorization system of claim 1~8 any one of them.
CN201810171946.2A 2018-03-01 2018-03-01 Multiple identity authentication system and method with timestamp as random number based on quantum communication network Active CN108683501B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810171946.2A CN108683501B (en) 2018-03-01 2018-03-01 Multiple identity authentication system and method with timestamp as random number based on quantum communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810171946.2A CN108683501B (en) 2018-03-01 2018-03-01 Multiple identity authentication system and method with timestamp as random number based on quantum communication network

Publications (2)

Publication Number Publication Date
CN108683501A true CN108683501A (en) 2018-10-19
CN108683501B CN108683501B (en) 2021-01-05

Family

ID=63799253

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810171946.2A Active CN108683501B (en) 2018-03-01 2018-03-01 Multiple identity authentication system and method with timestamp as random number based on quantum communication network

Country Status (1)

Country Link
CN (1) CN108683501B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787763A (en) * 2019-03-05 2019-05-21 山东鲁能软件技术有限公司 A kind of Mobile Authentication method, system, terminal and storage medium based on quantum key
CN110932870A (en) * 2019-12-12 2020-03-27 南京如般量子科技有限公司 Secret sharing and timestamp based quantum communication service station key negotiation system and method
CN114124370A (en) * 2021-10-14 2022-03-01 阿里云计算有限公司 Key generation method and device
CN114553445A (en) * 2020-11-10 2022-05-27 腾讯科技(深圳)有限公司 Equipment method, device, electronic equipment and readable storage medium
CN114726515A (en) * 2022-03-25 2022-07-08 杭州舜时科技有限公司 Quantum encryption communication method and corresponding communication system
CN115225411A (en) * 2022-09-20 2022-10-21 龙图腾网科技(合肥)股份有限公司 Quantum security verification method, system, server and medium for confidential document transmission
US11552801B2 (en) * 2019-05-10 2023-01-10 Samsung Electronics Co., Ltd. Method of operating memory system with replay attack countermeasure and memory system performing the same
CN116321156A (en) * 2023-05-18 2023-06-23 合肥工业大学 Lightweight vehicle cloud identity authentication method and communication method
CN116319073A (en) * 2023-05-12 2023-06-23 国开启科量子技术(北京)有限公司 API (application program interface) replay attack prevention method and system based on quantum random numbers
CN116684093A (en) * 2023-08-02 2023-09-01 中电信量子科技有限公司 Identity authentication and key exchange method and system
CN117098123A (en) * 2023-10-17 2023-11-21 西北大学 Quantum key-based Beidou short message encryption communication system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357649A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 User identity authentication system and method
CN107257334A (en) * 2017-06-08 2017-10-17 中国电子科技集团公司第三十二研究所 Identity authentication method for Hadoop cluster

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357649A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 User identity authentication system and method
CN107257334A (en) * 2017-06-08 2017-10-17 中国电子科技集团公司第三十二研究所 Identity authentication method for Hadoop cluster

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
付歌 等: "基于Kerberos认证系统的一个改进的安全认证技术", 《计算机工程》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787763A (en) * 2019-03-05 2019-05-21 山东鲁能软件技术有限公司 A kind of Mobile Authentication method, system, terminal and storage medium based on quantum key
US11552801B2 (en) * 2019-05-10 2023-01-10 Samsung Electronics Co., Ltd. Method of operating memory system with replay attack countermeasure and memory system performing the same
CN110932870A (en) * 2019-12-12 2020-03-27 南京如般量子科技有限公司 Secret sharing and timestamp based quantum communication service station key negotiation system and method
CN110932870B (en) * 2019-12-12 2023-03-31 南京如般量子科技有限公司 Quantum communication service station key negotiation system and method
CN114553445A (en) * 2020-11-10 2022-05-27 腾讯科技(深圳)有限公司 Equipment method, device, electronic equipment and readable storage medium
CN114124370A (en) * 2021-10-14 2022-03-01 阿里云计算有限公司 Key generation method and device
CN114726515A (en) * 2022-03-25 2022-07-08 杭州舜时科技有限公司 Quantum encryption communication method and corresponding communication system
CN114726515B (en) * 2022-03-25 2024-08-06 杭州舜时科技有限公司 Quantum encryption communication method and corresponding communication system
CN115225411B (en) * 2022-09-20 2022-11-22 龙图腾网科技(合肥)股份有限公司 Quantum security verification method, system, server and medium for confidential document transmission
CN115225411A (en) * 2022-09-20 2022-10-21 龙图腾网科技(合肥)股份有限公司 Quantum security verification method, system, server and medium for confidential document transmission
CN116319073A (en) * 2023-05-12 2023-06-23 国开启科量子技术(北京)有限公司 API (application program interface) replay attack prevention method and system based on quantum random numbers
CN116319073B (en) * 2023-05-12 2024-03-26 国开启科量子技术(北京)有限公司 API (application program interface) replay attack prevention method and system based on quantum random numbers
CN116321156A (en) * 2023-05-18 2023-06-23 合肥工业大学 Lightweight vehicle cloud identity authentication method and communication method
CN116684093A (en) * 2023-08-02 2023-09-01 中电信量子科技有限公司 Identity authentication and key exchange method and system
CN116684093B (en) * 2023-08-02 2023-10-31 中电信量子科技有限公司 Identity authentication and key exchange method and system
CN117098123A (en) * 2023-10-17 2023-11-21 西北大学 Quantum key-based Beidou short message encryption communication system
CN117098123B (en) * 2023-10-17 2024-02-02 西北大学 Quantum key-based Beidou short message encryption communication system

Also Published As

Publication number Publication date
CN108683501B (en) 2021-01-05

Similar Documents

Publication Publication Date Title
CN108683501A (en) Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number
CN106357396B (en) Digital signature method and system and quantum key card
CN108566273A (en) Identity authorization system based on quantum network
CN108650028A (en) Multiple identity authorization system and method based on quantum communication network and true random number
CN108768653A (en) Identity authorization system based on quantum key card
CN101189827B (en) Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method
CN106357649A (en) User identity authentication system and method
CN106452739A (en) Quantum network service station and quantum communication network
CN109660485A (en) A kind of authority control method and system based on the transaction of block chain
CN108600152B (en) Improved Kerberos identity authentication system and method based on quantum communication network
CN108964897B (en) Identity authentication system and method based on group communication
CN109495274A (en) A kind of decentralization smart lock electron key distribution method and system
CN106790261B (en) Distributed file system and method for authenticating communication between its interior joint
CN106411525A (en) Message authentication method and system
CN108173649A (en) A kind of message authentication method and system based on quantum key card
CN108964896B (en) Kerberos identity authentication system and method based on group key pool
CN101741555A (en) Method and system for identity authentication and key agreement
CN111756530B (en) Quantum service mobile engine system, network architecture and related equipment
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN108880799B (en) Multi-time identity authentication system and method based on group key pool
CN108809633A (en) A kind of identity authentication method, apparatus and system
CN108809636A (en) The communication system and communication means of message authentication between member are realized based on group's type quantum key card
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
CN114826593B (en) Quantum security data transmission method and digital certificate authentication system
CN206042014U (en) Quantum network service station and quantum communication network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant