Improved Kerberos identity authentication system and method based on a quantum communication network

An identity authentication and quantum communication technology, applied in user identity/authority verification, transmission systems, digital transmission systems, etc., can solve problems such as timestamp replay attacks, high system time synchronization requirements, and high server pressure.

Active Publication Date: 2018-09-28
RUBAN QUANTUM TECH CO LTD
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] (1) Existing identity authentication technology based on the Kerberos authentication scheme uses time stamps, resulting in the possibility of replay attacks
[0007] (2) The requirements of the Kerberos protocol are based on clock synchronization in the network, which has high requirements for time synchronization of the entire system, and is difficult to achieve in large-scale distributed systems
[0008] (3) In the prior art, the server has to distribute the session key to the two clients respectively, which has certain security risks
[00

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Improved Kerberos identity authentication system and method based on a quantum communication network
  • Improved Kerberos identity authentication system and method based on a quantum communication network
  • Improved Kerberos identity authentication system and method based on a quantum communication network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0101] Embodiment 1, authentication of two client terminals belonging to the same quantum network service station in the local area network

[0102] In the following steps, the encryption, decryption and encryption operations involved in each client side are all performed in the matched quantum key card. The encryption and decryption operations involved in the identity authentication server and ticket permission server are completed in the encryption and decryption server of the quantum network service station.

[0103] When both client A and client B belong to the same quantum network service station, the quantum key card involved in the identity authentication process is registered and issued at the local quantum network service station. For specific steps, see figure 2 , in the figure, the curly brackets indicate the encrypted part, and the brackets indicate multiple transmitted contents, separated by commas, and the following content indicates the key used, such as {A, B...

Embodiment 2

[0130] Embodiment 2, identity authentication of two client terminals in the wide area network

[0131] Such as Figure 4 As shown, when client A and client B do not belong to the same quantum network service station, the quantum key cards involved in the identity authentication process are registered and issued by the quantum network service station to which the client belongs. The difference between the system architecture in this embodiment and Embodiment 1 is that it is applied in a wide area network. The first-level switching center is a quantum network core station in a prefecture-level city or a fairly large area, and the second-level switching center is a county-level city or equivalent. The quantum network core station of a large or small area, the quantum network service station is a quantum communication access site of a fairly large area of ​​a township or street office.

[0132] The primary switching center is connected with multiple subordinate secondary switchin...

Embodiment 3

[0151] Embodiment 3, the extension of identity authentication of two clients belonging to a quantum network service station in the local area network

[0152] Based on the identity authentication protocol in Embodiment 1, client B generates a new key K t , and K A-B Together with the quantum network service station to complete synchronization and send to client A. K t It is only used as the current identity authentication session key, and it will be discarded immediately after the identity authentication is completed. The improvement to the identity authentication protocol in Embodiment 1 is achieved by adding an additional key that is used only once, and the number of identity authentication information is not increased. The specific steps of the improved protocol can be found in Figure 5 , the text description is as follows:

[0153] 1. Identity authentication key generation:

[0154] User-side identity authentication key generation: The quantum key card matched by us...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an improved Kerberos identity authentication system and method based on a quantum communication network. The improved Kerberos identity authentication system comprises a user terminal A, a user terminal B and a quantum network service station. The user terminal A sends a first authentication request for identity authentication with the user terminal B to the quantum networkservice station. The quantum network service station sends proof to the user terminal B in response to the first authentication request and also sends proof to the user terminal A through the user terminal B. The user terminal A and the user terminal B generate tickets and exchange the tickets on the basis of the obtained proof to implement the first authentication. The user terminal A also sendsa second authentication request to the user terminal B according to the ticket obtained from the user terminal B, and the user terminal B responds to the second authentication request and exchanges the tickets with the user terminal A to perform the second authentication. Based on the quantum communication network, the security of the improved Kerberos identity authentication system and method are further improved.

Description

technical field [0001] The invention relates to the technical field of quantum communication, in particular to a system and method for identity authentication based on a quantum network service station. Background technique [0002] Identity authentication is the basic technology to achieve information security. The system checks the user's identity to confirm whether the user has access and use rights to certain resources, and can also perform identity authentication between systems. [0003] Currently, the identity authentication system in the communication network generally adopts the Kerberos authentication scheme. Kerberos is a network authentication protocol designed to provide strong authentication services for client / server applications through a key system. The realization of the authentication process does not depend on the authentication of the host operating system, does not require trust based on the host address, does not require the physical security of all h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L9/32H04L9/08
CPCH04L9/08H04L9/0852H04L9/0861H04L9/0894H04L9/3213H04L63/0807
Inventor 富尧钟一民
Owner RUBAN QUANTUM TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap