Unlock instant, AI-driven research and patent intelligence for your innovation.

Kerberos identity authentication system and method based on group key pool

An identity authentication and key pool technology, applied in transmission systems, digital transmission systems, and key distribution, can solve problems such as theft, insufficient security, and inability to complete group identity authentication

Active Publication Date: 2018-12-07
RUBAN QUANTUM TECH CO LTD
View PDF12 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] (1) The existing quantum key card-based identity authentication technology can only complete one-to-one identity authentication, and cannot complete identity authentication with groups or identity authentication between groups
[0009] (2) The challenge information transmitted by identity authentication in the prior art is generally an exposed random number, which may be cracked by an attacker by researching the challenge and response
[0011] (4) In the prior art, the client key is stored in the client memory, which can be stolen by malicious software or malicious operations
[0012] (5) In the existing technology, the long-term key of the client is unchanged, and the security is not high enough

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Kerberos identity authentication system and method based on group key pool
  • Kerberos identity authentication system and method based on group key pool
  • Kerberos identity authentication system and method based on group key pool

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0083] Embodiment 1, authentication of two client terminals belonging to the same quantum network service station in the local area network

[0084] The scenario of this embodiment is as figure 1 As shown, the quantum key card matched by client A participating in identity authentication contains a symmetric key pool K A and group key pool K PA ; The quantum key card matched by client B participating in identity authentication contains a symmetric key pool K B and group key pool K PB ; Client A and Client B belong to Quantum Network Service Station Q, and Client A and Client B do not belong to the same group. Quantum network service station Q contains the symmetric key pool of all members and the group key pool K PA and K PB . The cryptographic modules of A, B and Q all hold corresponding key pools (including symmetric key pools and group key pools) and various algorithms. The key pool used in the specific steps of identity authentication that client A participates in is...

Embodiment 2

[0135] Embodiment 2, identity authentication of two client terminals in the wide area network

[0136] The identity authentication process of two clients in the WAN is as follows: Figure 4 As shown, when client A and client B do not belong to the same quantum network service station, the quantum key cards involved in the identity authentication process are registered and issued by the quantum network service station to which the client belongs. The difference between the system architecture in this embodiment and Embodiment 1 is that it is applied in a wide area network. The first-level switching center is a quantum network core station in a prefecture-level city or a fairly large area, and the second-level switching center is a county-level city or equivalent. The quantum network core station of a large or small area, the quantum network service station is a quantum communication access site of a fairly large area of ​​a township or street office.

[0137] The primary switc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a Kerberos identity authentication system based on a group key pool. The system comprises a quantum network service station, an active party group comprising multiple user sides and a passive party group comprising multiple user sides. Identity authentication comprises the following steps: the step A, one user side in the active party group applies for a TGT to the quantumnetwork service station according to a preset active party communication range; the step B, the user side applies for a corresponding Ticket and an active party session key to the quantum network service station according to the TGT and a preset passive party communication range, and shares the Ticket and the active party session key within the active party communication range; and the step C, another user side A in the active party communication range sends the Ticket to one user side B in the passive party communication range, the Ticket also comprises a passive party session key, and then the user side A and the user side B share the session key for implementing encrypted communication.

Description

technical field [0001] The invention relates to the technical field of quantum communication, in particular to an identity authentication system based on a quantum network. Background technique [0002] Authentication, that is, identity authentication is the basic technology to achieve information security. The system checks the user's identity to confirm whether the user has access and use rights to certain resources, and can also perform identity authentication between systems. [0003] Currently, the identity authentication system in the communication network generally adopts the Kerberos authentication scheme. Kerberos is a network authentication protocol designed to provide strong authentication services for client / server applications through a key system. The realization of the authentication process does not depend on the authentication of the host operating system, does not require trust based on the host address, does not require the physical security of all hosts ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08H04L29/06
CPCH04L9/085H04L9/0852H04L9/0891H04L63/068H04L63/083H04L63/0876
Inventor 富尧钟一民
Owner RUBAN QUANTUM TECH CO LTD