CN115913521A - Method for identity authentication based on quantum key - Google Patents
Method for identity authentication based on quantum key Download PDFInfo
- Publication number
- CN115913521A CN115913521A CN202110891668.XA CN202110891668A CN115913521A CN 115913521 A CN115913521 A CN 115913521A CN 202110891668 A CN202110891668 A CN 202110891668A CN 115913521 A CN115913521 A CN 115913521A
- Authority
- CN
- China
- Prior art keywords
- key
- authentication
- communication
- quantum
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000004891 communication Methods 0.000 claims abstract description 71
- 238000009826 distribution Methods 0.000 claims abstract description 41
- 230000008569 process Effects 0.000 claims abstract description 32
- 230000005540 biological transmission Effects 0.000 claims abstract description 18
- 230000004044 response Effects 0.000 claims description 11
- 238000005516 engineering process Methods 0.000 claims description 10
- 238000003860 storage Methods 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000004422 calculation algorithm Methods 0.000 claims description 4
- 230000003993 interaction Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000005610 quantum mechanics Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a method for carrying out identity authentication based on a quantum key, wherein a shared key used for a message check code is obtained from a quantum key distribution network when two communication parties carry out identity authentication and data transmission, the shared quantum key is used as the key for calculating the check code of an authentication message transmitted by the two parties in the process of carrying out identity authentication, and the identity of the other party and the integrity of transmission data are verified by identifying the message check code; the shared quantum key is cleared after being used, and a new key is selected during the next communication; the complexity of presetting the shared secret key can be reduced, the updating period of the shared quantum secret key is shortened, and the safety of the secret key is improved.
Description
Technical Field
The invention belongs to the technical field of quantum communication, and particularly relates to a method for identity authentication based on a quantum key.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
Authentication is the process of verifying whether the user's true identity matches what they claim to be. Symmetric key based authentication requires that the prover and the verifier share a key, by which the trust relationship between each other is maintained. In each authentication, the verifying party sends a different piece of data, usually a different random number, to the proving party; after receiving the data message, the verifying party gives a corresponding response according to an agreed rule; the verifying party compares whether the response message is correct or not according to an agreed rule to verify the identity of the demonstrating party. If two communication parties respectively serve as the card showing party and the opposite party to perform identity authentication once, the bidirectional identity authentication is completed, namely the two parties respectively authenticate the identity of the opposite party.
However, in the existing identity authentication technical solution based on symmetric passwords, key sharing needs to be performed between two users, so that if the users in the network need to perform identity authentication, a shared key needs to be provided between two users. Assuming that the number of user nodes in the network is N, the number of keys to be shared is N x (N-1)/2, and as the number of user nodes increases, the number of keys to be preset will increase sharply, and the difficulty and cost of presetting the keys will also increase continuously. Meanwhile, in order to ensure that the shared key is not stolen by others, the key needs to be updated frequently to reduce the security problem caused by the key stealing by an attacker.
Disclosure of Invention
The invention provides a method for identity authentication based on a quantum key, which adopts a mode that a shared key is obtained from a quantum key distribution network, thereby greatly reducing the complexity of presetting the shared key by a user and simultaneously enhancing the safety of the identity authentication process.
According to some embodiments, the invention adopts the following technical scheme:
a method for identity authentication based on a quantum key comprises the following steps:
each communication direction sends a request to a quantum key distribution node connected with the communication direction, and the quantum key same as other communication parties participating in identity authentication is obtained;
each communication party divides the acquired multiple groups of quantum keys into an authentication key pool and a communication key pool to be stored respectively;
one communication party initiates an identity authentication request, receives the identity information verification result of other communication parties to the requesting party, verifies the identity information of the opposite party, verifies the identity of the opposite party by identifying the message check code in the verification process, and obtains a shared key for calculating the message check code from an authentication key pool;
and after the identity information passes the verification, data transmission is carried out, the transmitted data are encrypted by using an encryption key acquired from the communication key pool, and a check code for verifying the identity of the data sender and the integrity of the data is obtained by calculating by using the check key acquired from the communication key pool.
As an alternative implementation, quantum key distribution nodes are configured or connected to communication parties participating in information interaction, shared quantum keys are distributed among the quantum key distribution nodes through a quantum key distribution technology, and the shared quantum keys are acquired among the communication parties through the quantum key distribution nodes.
As an alternative embodiment, the quantum key distribution node includes a quantum key distribution device and a quantum key management device according to the actual deployment of the quantum key distribution network.
As an alternative implementation, the communication key pool includes an encryption key and a check key, and the storage medium capacity of the authentication key pool and the communication key pool is set by the communication requirement of the communication party.
As an alternative embodiment, the authentication key pool and the communication key pool mark the key type and the key identification information when storing.
As an alternative embodiment, each authentication key in the authentication key pool and each communication key in the communication key pool are used only once, and are cleared after being used, and a new key is used in the next communication.
As an alternative implementation, when one of the communication parties initiates an identity authentication request, user information of the communication party and a locally generated random number are sent, wherein the user information includes at least one of a user name, a user IP address and a user serial number.
As an alternative embodiment, the specific process of verifying the identity information of the requester by the other communication party is to verify the validity of the user information of the requester, and if the user information of the requester is not legal, the authentication process is terminated; if the authentication is legal, sending next authentication information to the requester, wherein the information content is that the receiver selects a first key for authentication from the authentication key pool, and the information check code of the local random number of the requester is calculated by using the first key and is used as a response message; and simultaneously, generating another random number segment locally, and sending own user information, response information, the key identification of the first key and the other random number to the identity authentication requester.
By way of further limitation, when the message check code of the local random number of the requester is calculated as the response message using the first key, the calculation method is an HMAC algorithm implemented by a one-way hash function or a block cipher calculation method is used.
As an alternative embodiment, the process of verifying the identity information of the other party by the requesting party includes: verifying whether the user information of the opposite side is legal or not, and if the user is not legal, terminating the authentication process; if the user is legal, selecting a corresponding authentication key from the authentication key pool according to the authentication key identification, calculating a message check code of a random number of the user, comparing the message check code with the received response message, if the comparison fails, terminating the authentication process, and sending a message of authentication failure to the opposite side; and if the comparison is successful, sending a message of successful authentication to the opposite side.
As an alternative embodiment, the process of the receiving party verifying the identity information of the requesting party includes:
the identity authentication requester selects a second authentication key from the authentication key pool, calculates a message check code of another random number sent by the other party by using the second authentication key, and sends the local user information, the message check code and the second authentication key identification to the identity authentication receiver;
after receiving the message, the identity authentication receiver firstly verifies the validity of the user information of the identity authentication requester, then selects a corresponding second authentication key according to the authentication key identifier, calculates a message check code of another random number by using the key, compares the message check code with the received message check code, and if the comparison fails, terminates the authentication process and sends a message of failed authentication to the identity authentication requester; if the comparison is successful, a message of successful authentication is sent to the identity authentication requester, and at the moment, the identity authentication of the two parties is successful.
As an alternative implementation, when data transmission is performed, a data sending end selects a key of a first key identifier as an encryption key from a communication key pool, selects a key of a second key identifier as a check key, encrypts data to be transmitted by using the encryption key to generate a ciphertext, calculates a message check code for information including the ciphertext, sending end user information, the first key identifier and the second key identifier by using the check key, and sends the ciphertext, the sending end user information, the first key identifier, the second key identifier and the message check code to a receiving end; the receiving end uses the check key to calculate a corresponding message check code for the information containing the ciphertext, the user information of the sending end, the first key identification and the second key identification, and compares the corresponding message check code with the received message check code, if the comparison is consistent, the data is complete and comes from the sending end; and then the receiving end decrypts the ciphertext by using the encryption key to obtain the plaintext.
Compared with the prior art, the invention has the beneficial effects that:
according to the technical scheme provided by the invention, the shared secret key used for the message check code is acquired from the quantum secret key distribution network during identity authentication and data transmission of both communication parties, so that the complexity of presetting the shared secret key can be reduced, the updating period of the shared quantum secret key is shortened, the safety of the secret key is improved, and online acquisition can be supported.
In the process of data transmission, the two communication parties calculate the check codes of the data messages transmitted by the two communication parties by using the shared quantum key as the key, verify the identity of a data sender and the integrity of data by identifying the message check codes, clear the shared quantum key after use, and select a new key in the next communication. Because the shared quantum key uses the quantum key distribution technology, even if the computing capacity is improved, the risk of stealing can be resisted, and only two communication parties hold the key, so that the safety of the message check code is improved, and the safety of the identity authentication process is enhanced.
In the data transmission process, the shared quantum key is used for calculating and comparing the check code of the transmitted message, so that the identity authentication of a sender and the integrity verification of the transmitted data can be carried out on each piece of transmitted data by using the quantum key again in the data transmission stage on the basis of the identity authentication already carried out in the handshake stage, and the intensity of the identity authentication is enhanced.
The invention solves the problems that in the identity authentication method based on the symmetric key, a large number of shared keys are usually needed and the keys need to be obtained again when being updated, and the prior art generally adopts a pre-preset mode and has higher complexity, greatly shortens the updating period of the shared quantum key, improves the security of the keys, improves the obtaining efficiency of the keys, can provide a key using mode of 'one-time pad', and solves the instantaneity problem of the shared symmetric keys in the identity authentication.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description serve to explain the invention and not to limit the invention.
FIG. 1 shows a quantum key distribution scheme between two communicating parties;
FIG. 2 is a schematic diagram of the generation of multiple identical sets of keys between two end quantum key distribution nodes;
FIG. 3 is a schematic diagram of a key storage approach;
FIG. 4 is a schematic diagram of an authentication/communication key storage format;
fig. 5 is a schematic diagram of the process of identity authentication and data transmission.
The specific implementation mode is as follows:
the invention is further described with reference to the following figures and examples.
It is to be understood that the following detailed description is exemplary and is intended to provide further explanation of the invention as claimed. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular forms "a", "an", and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
In this embodiment, for the convenience of understanding of technical staff, two communication parties are taken as an example to illustrate the method for performing identity authentication based on a quantum key, but the scope of the present invention is not limited thereto.
The method of the embodiment specifically comprises the following steps:
quantum key distribution stage
And distributing the quantum key between Alice and Bob of the two communication parties through a quantum key distribution technology. The key distribution is shown in fig. 1. The quantum key distribution node 1 and the quantum key distribution node 2 are two nodes in a quantum key distribution network, and share quantum keys are distributed between the two nodes through a quantum key distribution technology, and then the quantum keys are respectively provided for Alice and Bob, so that Alice and Bob will also have the shared quantum keys in this way.
The quantum key distribution network can distribute a shared quantum key between any two nodes in the network through a quantum key distribution technology. As long as the user accesses the node of the quantum key distribution network, the user can acquire the shared quantum key with any other node through the node. The acquisition mode can be near-end charging or far-end online acquisition, wherein online acquisition is preferentially recommended because online acquisition has higher convenience, the key updating period is shortened, and the key safety is improved.
The quantum key distribution process between Alice and Bob is specifically carried out according to the following steps:
the method comprises the following steps:
through the quantum key distribution technology, multiple groups of same quantum keys are distributed between two ends of quantum key distribution nodes, as shown in fig. 2.
Step two:
before starting identity authentication, alice and Bob respectively acquire the same quantum key as the other party from the quantum key distribution nodes connected with each other, and key updating can also be performed in the same way.
Step three:
and respectively storing the obtained or updated multiple groups of quantum keys by Alice and Bob in two types: one is authentication key, the other is communication key, the communication key contains encryption key and check key. The storage quantity of the authentication key and the communication key can be set according to the capacity of the storage medium or the specific requirements of the user. The key storage is shown in fig. 3.
The authentication key and the communication key need to be labeled with information such as a key type and a key identifier when being stored, as shown in fig. 4.
The authentication key and the communication key are used once in the using process, and are cleared after being used, and a new key is used in the next communication.
(II) handshake phase
In the first stage, alice has shared a quantum key to Bob through a quantum key distribution technique, and the quantum key is used as an authentication key and a communication key for an identity authentication process, where a specific identity authentication manner is, for example, alice initiates identity authentication, as shown in fig. 5;
as shown in fig. 5, the detailed steps of the identity authentication and data transmission process using the quantum key are as follows:
the method comprises the following steps:
initiating an identity authentication request to Bob by Alice, wherein the message comprises user information UserInfo1 of Alice and a Random number Random1 locally generated by Alice;
description of the drawings: the above "user information" is related information for identifying a user, and may be: user name, user IP address, user serial number, etc. that are unique to each user.
Step two:
and after receiving the message of Alice, bob verifies the validity of the user information UserInfo 1. If the UserInfo1 is illegal, the authentication process is terminated; if the UserInfo1 is legal, sending a next authentication message to Alice, wherein the message content is as follows: bob selects a key AuKey1 for authentication from an authentication key pool, wherein the key identification is ID Aukey1 Using AuKey1 to calculate message check code MAC of Random number Random1 Aukey1 (Random 1) as a response message; simultaneously, locally generating a Random number Random2; the user information of Bob is UserInfo2; bob converts UserInfo2, MAC Aukey1 (Random1)、ID Aukey1 And Random2 are sent to Alice together.
In the above process, (1) the calculation method of the message check code may use an HMAC algorithm implemented by using a one-way hash function, such as HMAC-SHA-256, as the message check code using the SHA-256 one-way hash function; or a block cipher, such as AES-CMAC, is used as a message check code in the CBC mode of the AES algorithm.
(2) The random number may be a random number of a classical method or a quantum random number.
Step three:
after receiving the message of Bob, alice firstly verifies whether the user information UserInfo2 of Bob is legal or not, and if the user is illegal, the authentication process is terminated; if the user is legal, the ID is identified according to the authentication key Aukey1 Selecting corresponding authentication key from the authentication key pool, calculating the message check code of Random number Random1, and the received MAC Aukey1 (Random 1) alignment was performed. If the comparison fails, the authentication process is terminated, and an authentication failure message is sent to Bob; if the comparison is successful, sending a message of successful authentication to Bob, and starting the following operation of the fourth step.
Step four:
alice selects an authentication key AuKey2 from an authentication key pool, and the key identification is ID Aukey2 (ii) a Message check code MAC for calculating Random number Random2 by using AuKey2 Aukey2 (Random 2); alice sends UserInfo1 and MAC Aukey2 (Random2)、ID Aukey2 Sent to Bob together;
step five:
after receiving the message, bob firstly verifies the validity of user information UserInfo1 of Alice, and then identifies the ID according to the authentication key Aukey2 Selecting corresponding authentication key, calculating Random2 message check code by using the key, and receiving MAC Aukey2 (Random 2) alignment. If the comparison fails, terminating the authentication process and sending a verification failure message to Alice; if the comparison is successful, the identity of the Alice passes successfully, and a message of successful authentication is sent to the Alice, and at the moment, the identity authentication of the two parties is successful, and the following safe data transmission operation can be carried out;
(III) data transmission stage
As shown in fig. 5, after the handshake between the two communication parties is completed, the two communication parties can establish a secure channel to perform secure data transmission, and during the data transmission process, each communication uses a shared quantum key to perform check code calculation and comparison on the message transmitted this time, so as to verify the identity of the sender, which is specifically implemented as follows:
when data transmission is carried out between Alice and Bob, a sending end (taking Alice as an example) selects a secret key identifier as ID from communication secret keys Enkey1 As an encryption key, the key is identified as ID Enkey2 The key is a check key, and the Enkey1 is used for encrypting Data to be transmitted to generate a ciphertext E Enkey1 (Data), using Enkey2 pair [ UserInfo1, E Enkey1 (Data)、ID Enkey1 、ID Enkey2 ]Calculating a message check code as MAC Enkey2 General information 1, E Enkey1 (Data)、ID Enkey1 、ID Enkey2、 MAC Enkey2 Sending to a receiving end; the receiving end uses an EnKey2 pair [ UserInfo1, E Enkey1 (Data)、ID Enkey1 、ID Enkey2 ]Calculate message check code and compare with MAC Enkey2 Comparing, and if the comparison is consistent, indicating that the data is complete and comes from Alice; the receiving end then uses Enckey1 to E Enkey1 And (Data) decrypting to obtain the plaintext Data.
The quantum key distribution technology based on quantum mechanics ensures that the key cannot be intercepted effectively because the quantum state has the characteristics of unclonability, uncertainty and measurement collapse, so that the quantum key distribution technology is used in the identity authentication scheme based on the symmetric cipher, and the security guarantee can be provided for the key sharing process. Meanwhile, with the construction of a quantum communication backbone line and a metropolitan area network, the coverage range of quantum key distribution is gradually increased, and the quantum key distribution technology can be used for completing key sharing and key updating among access nodes in the coverage range, so that as long as a user accesses the quantum communication network through the access nodes, the user can complete key sharing and key updating through quantum key distribution service provided by the network to complete identity authentication and security data transmission based on a symmetric key without the limitations of complexity increase and the like caused by network scale increase, the convenience of the user is greatly improved, and the operation cost is reduced.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive changes in the technical solutions of the present invention.
Claims (12)
1. A method for identity authentication based on quantum keys is characterized in that: the method comprises the following steps:
each communication direction sends a request to a quantum key distribution node connected with the communication direction to acquire the quantum key same as other communication parties participating in identity authentication;
each communication party divides the acquired multiple groups of quantum keys into an authentication key pool and a communication key pool to be stored respectively;
one communication party initiates an identity authentication request, receives the identity information verification result of other communication parties to the requesting party, verifies the identity information of the opposite party, verifies the identity of the opposite party by identifying the message check code in the verification process, and obtains the shared secret key for the message check code from the authentication secret key pool;
and after the identity information passes the verification, data transmission is carried out, the transmitted data are encrypted by using an encryption key acquired from the communication key pool, and a check code for verifying the identity of the data sender and the integrity of the data is obtained by calculating by using the check key acquired from the communication key pool.
2. The method for identity authentication based on quantum keys as claimed in claim 1, wherein: the communication parties participating in information interaction are all configured or connected with quantum key distribution nodes, shared quantum keys are distributed among the quantum key distribution nodes through a quantum key distribution technology, and the communication parties have the shared quantum keys.
3. The quantum key distribution node comprises quantum key distribution equipment and quantum key management equipment according to the actual deployment of a quantum key distribution network.
4. The method for identity authentication based on quantum keys as claimed in claim 1, wherein: the communication key pool comprises an encryption key and a verification key, and the storage medium capacity of the authentication key pool and the communication key pool or the communication requirement of the communication party is set.
5. The method for identity authentication based on quantum keys as claimed in claim 1, wherein: and marking the key type and the key identification information when the authentication key pool and the communication key pool are stored.
6. The method for identity authentication based on the quantum key as claimed in claim 1, wherein: and each authentication key in the authentication key pool and each communication key in the communication key pool are used only once, and are cleared after being used, and a new key is used in the next communication.
7. The method for identity authentication based on quantum keys as claimed in claim 1, wherein: when one communication party initiates an identity authentication request, user information of the communication party and a locally generated random number are sent, wherein the user information comprises at least one of a user name, a user IP address and a user serial number.
8. The method for identity authentication based on quantum keys as claimed in claim 1, wherein: the specific process of verifying the identity information of the requester by other communication parties is to verify the validity of the user information of the requester, and if the user information of the requester is illegal, the authentication process is terminated; if the authentication is legal, sending next authentication information to the requester, wherein the information content is that the receiver selects a first key for authentication from the authentication key pool, and the information check code of the local random number of the requester is calculated by using the first key and is used as a response message; and simultaneously, generating another random number locally, and sending own user information, response information, the key identification of the first key and the other random number to the identity authentication requester.
9. The method of claim 8, wherein the method comprises: when the message check code of the local random number of the requester is calculated as the response message by using the first key, the calculation method is an HMAC algorithm implemented by a one-way hash function or a block cipher calculation method.
10. The method for identity authentication based on the quantum key as claimed in claim 1, wherein: the process of verifying the identity information of the other party by the requester comprises the following steps: verifying whether the user information of the opposite side is legal or not, and if the user is not legal, terminating the authentication process; if the user is legal, selecting a corresponding authentication key from the authentication key pool according to the authentication key identification, calculating a message check code of a random number of the user, comparing the message check code with the received response message, if the comparison fails, terminating the authentication process, and sending a message of authentication failure to the opposite side; and if the comparison is successful, sending a message of successful authentication to the opposite side.
11. The method for identity authentication based on the quantum key as claimed in claim 1, wherein: the process of verifying the identity information of the requester by the receiver comprises the following steps:
the identity authentication requester selects a second authentication key from the authentication key pool, calculates a message check code of another random number sent by the other party by using the second authentication key, and sends the local user information, the message check code and the second authentication key identification to the identity authentication receiver;
after receiving the message, the identity authentication receiver firstly verifies the validity of the user information of the identity authentication requester, then selects a corresponding second authentication key according to the authentication key identifier, calculates a message check code of another random number by using the key, compares the message check code with the received message check code, and if the comparison fails, terminates the authentication process and sends a message of failed authentication to the identity authentication requester; if the comparison is successful, a message of successful authentication is sent to the identity authentication requester, and at the moment, the identity authentication of the two parties is successful.
12. The method for identity authentication based on quantum keys as claimed in claim 1, wherein: when data transmission is carried out, a data sending end selects a key of a first key identifier as an encryption key from a communication key pool, selects a key of a second key identifier as a check key, encrypts data to be transmitted by using the encryption key to generate a ciphertext, calculates a message check code by using the check key for information comprising the ciphertext, sending end user information, the first key identifier, the second key identifier and the second key identifier, and sends the ciphertext, the sending end user information, the first key identifier, the second key identifier and the message check code to a receiving end; the receiving terminal uses the check key to calculate a corresponding message check code for the information containing the ciphertext, the user information of the sending terminal, the first key identification and the second key identification, and compares the corresponding message check code with the received message check code, if the comparison is consistent, the data is complete and comes from the sending terminal; and then the receiving end decrypts the ciphertext by using the encryption key to obtain the plaintext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110891668.XA CN115913521A (en) | 2021-08-04 | 2021-08-04 | Method for identity authentication based on quantum key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110891668.XA CN115913521A (en) | 2021-08-04 | 2021-08-04 | Method for identity authentication based on quantum key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115913521A true CN115913521A (en) | 2023-04-04 |
Family
ID=86490065
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110891668.XA Pending CN115913521A (en) | 2021-08-04 | 2021-08-04 | Method for identity authentication based on quantum key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115913521A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117278339A (en) * | 2023-11-23 | 2023-12-22 | 广东广宇科技发展有限公司 | Data independent transmission verification method based on bidirectional synchronous key pool |
-
2021
- 2021-08-04 CN CN202110891668.XA patent/CN115913521A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117278339A (en) * | 2023-11-23 | 2023-12-22 | 广东广宇科技发展有限公司 | Data independent transmission verification method based on bidirectional synchronous key pool |
| CN117278339B (en) * | 2023-11-23 | 2024-04-09 | 广东广宇科技发展有限公司 | Data independent transmission verification method based on bidirectional synchronous key pool |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109600350B (en) | System and method for secure communication between controllers in a vehicle network | |
| CN106130716B (en) | Key exchange system and method based on authentication information | |
| WO2018040758A1 (en) | Authentication method, authentication apparatus and authentication system | |
| US9917692B2 (en) | Key exchange system, key exchange method, key exchange device, control method thereof, and recording medium for storing control program | |
| CN105721153B (en) | Key exchange system and method based on authentication information | |
| CN106790261B (en) | Distributed file system and method for authenticating communication between its interior joint | |
| CN108650028B (en) | Multiple identity authentication system and method based on quantum communication network and true random number | |
| KR101706117B1 (en) | Apparatus and method for other portable terminal authentication in portable terminal | |
| CN113630248B (en) | Session key negotiation method | |
| CN109905877B (en) | Message verification method of communication network system, communication method and communication network system | |
| KR20080004165A (en) | Method for device authentication using broadcast encryption | |
| CN113612610B (en) | Session key negotiation method | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| CN108809633A (en) | A kind of identity authentication method, apparatus and system | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN113595725B (en) | Communication system and communication method based on quantum key card arrangement | |
| CN111245611B (en) | Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment | |
| CN114765543A (en) | Encryption communication method and system of quantum cryptography network expansion equipment | |
| CN115913521A (en) | Method for identity authentication based on quantum key | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| KR101256114B1 (en) | Message authentication code test method and system of many mac testserver | |
| CN115459918A (en) | Identity authentication method and device | |
| KR100921153B1 (en) | Method for authentication in network system | |
| CN113918971A (en) | Block chain based message transmission method, device, equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |