Multiple identity authentication system and method based on group key pool

Abstract

The present invention discloses a multiple identity authentication system and method based on a group key pool. Identity authentication includes: step S1, one of the client A1 in the active party group according to the preset active party communication range and In the communication range of the passive party, a Ticket application is submitted to one of the client B1 in the passive party group; Step S2, the client B1 responds to the Ticket application, obtains the session key from the quantum network service station and forwards it to the client A1; the client B1 also obtains the session key or information for generating the session key from the quantum network service station and generates a Ticket accordingly, and then forwards the Ticket to the client A1; the client A1 is within the communication range of the active party Share the Ticket and the session key; step S3, a client A2 within the communication range of the active party sends the Ticket to a client B2 within the communication range of the passive party, so that the client A2 and the client B2 are shared for implementation Session key for encrypted communication.

Description

technical field [0001] The invention relates to the technical field of quantum communication, in particular to a system and method for identity authentication based on a quantum network service station. Background technique [0002] Authentication, that is, identity authentication is the basic technology to achieve information security. The system checks the user's identity to confirm whether the user has access and use rights to certain resources, and can also perform identity authentication between systems. [0003] Currently, the identity authentication system in the communication network generally adopts the Kerberos authentication scheme. Kerberos is a network authentication protocol designed to provide strong authentication services for client / server applications through a key system. The realization of the authentication process does not depend on the authentication of the host operating system, does not require trust based on the host address, does not require the p...

AI Technical Summary

Problems solved by technology

[0007] (1) The existing quantum key card-based identity authentication technology can only complete one-to-one identity authentication, and cannot complete identity authentication with groups or identity authentication between groups

[0008] (2) The challenge information transmitted by identity authentication in the prior art is generally an exposed random number, which may be cracked by an attacker by researching the challenge and response

[0010] (4) Existing identity authentication technology based on the Kerberos authentication scheme uses time stamps, resulting in the possibility of replay attacks

The requirements of the Kerberos protocol are based on clock synchronization in the network, which has high requirements for the time synchronization of the entire system, which is difficult to achieve in large-scale distributed systems

[0011] (5) In the prior art, the client key is stored in the client memory, which can be stolen by malicious software or malicious operations

Images