A method and system for on-orbit autonomous identity authentication in earth-moon space

By employing an autonomous on-board identity authentication method in the Earth-Moon space, the two-way dual identity verification between the user spacecraft and the on-board node solves the problems of excessive latency and resource consumption in existing Earth-Moon space authentication technologies, and achieves autonomous and secure identity authentication and communication.

CN122160174APending Publication Date: 2026-06-05TECH & ENG CENT FOR SPACE UTILIZATION CHINESE ACAD OF SCI

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
TECH & ENG CENT FOR SPACE UTILIZATION CHINESE ACAD OF SCI
Filing Date
2026-04-20
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In existing technologies, the space-ground collaborative authentication scheme based on elliptic curve cryptography has the following drawbacks in the Earth-Moon space scenario: the authentication process is highly dependent on the ground central node, resulting in excessive latency, which cannot meet the real-time requirements of user spacecraft. Furthermore, it cannot complete authentication independently when the space-ground link is interrupted, affecting mission continuity and consuming onboard resources.

Method used

The system employs an on-board autonomous identity authentication method based on the Earth-Moon space. Through two-way dual identity verification between the user's spacecraft and the on-board node, including certificate validity verification, radio frequency fingerprint physical matching, and cryptographic interactive verification, it can autonomously complete identity authentication without the need for real-time intervention from ground management nodes.

Benefits of technology

It effectively reduces the latency of long-distance communication between the Earth and the Moon, lowers the overhead of authentication interaction, enhances the ability to resist forgery and replay attacks, enables automated and secure access for user aircraft, and improves the autonomy and security of identity authentication.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160174A_ABST
    Figure CN122160174A_ABST
Patent Text Reader

Abstract

The application discloses a kind of lunar space on-board autonomous identity authentication method and system, it is related to space information network security technical field.The method only needs ground management node to participate in registration stage, and authentication stage is completed by on-board node autonomously;User spacecraft and on-board node are interacted by the message carrying digital certificate, time stamp and challenge parameter, and certificate legality verification, radio frequency fingerprint-based physical identity authentication, two-way cryptographic response verification are completed in turn, then session key is generated by negotiation and key verification is completed, and encrypted communication is established after verification passing.The application realizes on-board autonomous two-way double authentication, without ground real-time control, reduces lunar link time delay and on-board resource consumption, combines radio frequency fingerprint physical verification and elliptic curve cryptography mechanism, improves anti-forgery, anti-replay attack ability, adapts to high security, high real-time demand of lunar space user spacecraft random access.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of space information network security technology, and in particular to an autonomous identity authentication method and system for satellites in the Earth-Moon space system. Background Technology

[0002] With the rapid development of aerospace technology, space networks are continuously evolving towards deep space. The Earth-Moon space has become a core area of ​​space exploration for various countries. The advancement of space projects such as the International Lunar Research Station and the Lunar Communication Network has led to a significant increase in the number of spacecraft in the Earth-Moon space. The demand for collaborative communication between spacecraft is growing, and the openness and complexity of space information networks are constantly increasing. As the first line of defense for space communication security, the adaptability of its technical solutions directly determines the security and efficiency of Earth-Moon space network communication. How to achieve secure and effective identity authentication for spacecraft nodes has become a core issue that urgently needs to be addressed in the field of Earth-Moon space network security.

[0003] To address the identity authentication requirements of space networks, existing technologies have proposed a satellite communication identity authentication protocol based on elliptic curve cryptography. This protocol sets up two phases: registration and authentication. In the registration phase, the ground network control center verifies the user's identity information and distributes authentication parameters. In the authentication phase, the user initiates an access request, which is relayed to the ground network control center via a low-Earth orbit satellite. The ground center performs identity verification and generates a session key, then sends the verification result and key back to the user via satellite. Ultimately, this achieves two-way authentication and secure communication between the user and the ground center. This scheme leverages the lightweight characteristics of elliptic curve cryptography to achieve relatively efficient identity authentication in low-Earth orbit satellite networks, becoming a typical technical solution for space communication identity authentication.

[0004] However, the aforementioned satellite-ground collaborative authentication scheme based on elliptic curve cryptography relies on the ground network control center to lead the entire authentication process, with the satellite only handling data forwarding. This design has insurmountable technical flaws in the Earth-Moon space scenario. The authentication process is highly dependent on the ground center node and the satellite-ground link. However, the Earth-Moon space link is far apart, and the round-trip time between the satellite and the ground can be more than 2.5 seconds. Relying on the ground center to complete the authentication will result in an overall authentication process delay of more than 5 seconds, which cannot meet the real-time requirements of users' spacecraft for on-demand access. Furthermore, when the ground center fails or the satellite-ground link is interrupted, the onboard node cannot complete the authentication independently, directly affecting the continuity of Earth-Moon space missions. At the same time, frequent satellite-ground data forwarding will excessively consume the limited communication and computing resources on the satellite, making it difficult to adapt to the special link and hardware constraints of Earth-Moon space. Summary of the Invention

[0005] This invention provides an autonomous onboard identity authentication method and system for Earth-Moon space, which can achieve two-way dual identity verification for onboard nodes and user spacecraft. It autonomously completes the entire process of certificate legality verification, radio frequency fingerprint physical matching and cryptographic interaction verification without the need for real-time intervention and control by ground management nodes. This effectively reduces the latency of long-distance communication between Earth and the Moon, reduces the overhead of space authentication interaction, and improves the anti-forgery and anti-replay attack capabilities of identity authentication, thereby realizing automated and secure identity authentication for Earth-Moon space user spacecraft to join the network.

[0006] To achieve the above objectives, the embodiments of the present invention adopt the following technical solutions: Firstly, a method for autonomous identity authentication on a lunar-Earth space satellite is provided, applied to a lunar-Earth space satellite autonomous identity authentication system. The system includes an on-board node, a user spacecraft, and a ground management node. The user spacecraft has pre-registered and initialized through the ground management node, obtaining a digital certificate containing its own radio frequency fingerprint template and a system root public key. The on-board node pre-stores the system root public key and the digital certificate containing its own radio frequency fingerprint template. The method includes: the user spacecraft sending an access request to the on-board node, the access request carrying the user spacecraft's digital certificate, a timestamp, and a first challenge parameter; the on-board node verifying the legitimacy of the access request based on the system root public key, extracting the actual radio frequency characteristics of the user spacecraft, and matching them with the radio frequency fingerprint template in the digital certificate to complete the physical identity verification of the user spacecraft; the on-board node calculating and generating a first response parameter based on its own private key and the first challenge parameter, and simultaneously generating a second challenge parameter. The system sends feedback information to the user spacecraft, carrying the digital certificate, timestamp, first response parameter, and second challenge parameter of the on-board node. The user spacecraft verifies the validity of the feedback information based on the system root public key, extracts the actual radio frequency characteristics of the on-board node, and matches them with the radio frequency fingerprint template in the on-board node's digital certificate to complete the physical authentication of the on-board node. The user spacecraft performs cryptographic validity verification on the first response parameter, then calculates and generates a second response parameter based on its own private key and the second challenge parameter and sends it to the on-board node. The on-board node performs cryptographic validity verification on the second response parameter, completing the two-way cryptographic verification. The user spacecraft and the on-board node negotiate and generate a session key based on the parameters of the two-way cryptographic verification. The on-board node verifies the session key. If the verification is successful, on-board autonomous identity authentication is completed and encrypted communication is established; if the verification fails, the user spacecraft's access request is rejected.

[0007] The method provided by this invention involves the user spacecraft sending an access request carrying a digital certificate, timestamp, and first challenge parameters. The onboard node then verifies the legitimacy of the access request and the physical identity of the user spacecraft. Next, the onboard node and the user spacecraft interact to complete the identity verification and two-way cryptographic verification. Finally, after negotiating and verifying the session key, encrypted communication is established or access is denied. This method leverages a multi-step process involving certificate verification, RF fingerprint matching, and cryptographic interaction verification to achieve autonomous two-way identity authentication onboard. It eliminates the need for real-time control by ground management nodes during the authentication process, effectively adapting to the Earth-Moon space communication scenario. It automates the user spacecraft's access authentication and secure communication construction, preventing unauthorized access and enhancing the autonomy and security of Earth-Moon space identity authentication.

[0008] In one possible implementation of the first aspect, the first challenge parameter is a parameter obtained by performing a scalar multiplication operation between the random number generated by the user spacecraft and the elliptic curve base point; the second challenge parameter is a parameter obtained by performing a scalar multiplication operation between the random number generated by the on-board node and the elliptic curve base point.

[0009] The method provided by this invention obtains a first challenge parameter and a second challenge parameter by performing scalar multiplication operations on the user spacecraft and the on-board node based on generated random numbers and elliptic curve base points, respectively. It can utilize the unpredictability of random numbers and the cryptographic security of elliptic curve scalar multiplication to ensure the uniqueness and anti-forgery of the challenge parameters, prevent the challenge parameters from being easily cracked or counterfeited, lay a secure parameter foundation for subsequent response parameter generation and cryptographic verification, and improve the anti-attack capability of the identity authentication interaction process.

[0010] In one possible implementation of the first aspect, the on-board node verifies the legitimacy of the access request based on the system root public key, including: verifying whether the timestamp in the access request is within a preset valid time window; verifying the signature legitimacy of the user's aircraft digital certificate using the system root public key, and simultaneously checking the validity period information of the digital certificate; and determining that the access request has passed the legitimacy verification only when the timestamp verification is successful, the certificate signature is valid, and the certificate is within its validity period.

[0011] The method provided by this invention verifies the access request by performing timestamp validity window verification, digital certificate signature validity verification, and certificate validity period check. The access request is deemed legitimate only when all three verifications pass. This method can accurately filter out illegal access requests that have timed out, have forged certificates, or have expired certificates. It selects legitimate access initiators from the source, reduces the execution of invalid authentication processes, improves the accuracy and reliability of on-board nodes in verifying the legitimacy of access requests, and reduces the interference of illegal requests on the authentication process.

[0012] In one possible implementation of the first aspect, the on-board node extracts the actual radio frequency (RF) characteristics of the user's spacecraft and matches them with the RF fingerprint template in the digital certificate to complete the physical authentication of the user's spacecraft. This includes: the on-board node extracting the actual RF characteristics from the received RF signal of the user's spacecraft, wherein the actual RF characteristics include at least one of carrier frequency deviation, phase noise, and modulation nonlinear distortion; performing a hash operation on the actual RF characteristics to generate an actual RF fingerprint; performing a similarity match between the actual RF fingerprint and the RF fingerprint template in the digital certificate; and determining that the physical authentication of the user's spacecraft is successful when the similarity is greater than a preset threshold.

[0013] The method provided by this invention extracts at least one actual radio frequency feature from the user's aircraft radio frequency signal, including carrier frequency deviation, phase noise, and modulation nonlinear distortion. After generating an actual radio frequency fingerprint through hash operation, it performs similarity matching with the template in the certificate. It can complete physical identity verification based on the hardware uniqueness of radio frequency features, avoid identity impersonation after digital certificate theft, and improve the accuracy of physical identity verification of user aircraft by determining the verification result through a quantified similarity matching threshold, thus realizing the dual binding of digital authentication and physical authentication.

[0014] In one possible implementation of the first aspect, the first response parameter is the result of the elliptic curve scalar multiplication of the on-board node with its own private key and the first challenge parameter, and the result is concatenated with the timestamp in the feedback information and then hashed; the second response parameter is the result of the elliptic curve scalar multiplication of the user spacecraft with its own private key and the second challenge parameter, and the result is concatenated with the timestamp sent along with the second response parameter and then hashed.

[0015] The method provided by this invention generates a first response parameter and a second response parameter by combining the private key, the corresponding challenge parameter and the timestamp through a hash operation. This binds the key information, the core interaction parameters and the time dimension information, making the response parameters timely and unique, preventing the response parameters from being tampered with or replayed during transmission, ensuring a strong correlation between the response parameters and the authentication interaction scenario, and enhancing the anti-tampering and anti-replay capabilities of the authentication interaction data.

[0016] In one possible implementation of the first aspect, the user spacecraft performs cryptographic validity verification on the first response parameter, including: the user spacecraft performs the same calculation as the on-board node based on its own generated random number, the public key of the satellite node, and the timestamp in the feedback information to obtain a verification parameter; the verification parameter is compared with the received first response parameter for consistency; when the comparison result is consistent, the cryptographic validity verification of the first response parameter is determined to be successful; the satellite node performs cryptographic validity verification on the second response parameter, including: the satellite node performs the same calculation as the user spacecraft based on its own generated random number, the public key of the user spacecraft, and the timestamp sent by the user spacecraft along with the second response parameter to obtain a verification parameter; the verification parameter is compared with the received second response parameter for consistency; when the comparison result is consistent, the cryptographic validity verification of the second response parameter is determined to be successful.

[0017] The method provided by this invention obtains verification parameters by having both parties perform the same operation based on their own random numbers, the other party's public key, and the corresponding timestamp. Then, the parameters are compared with the received response parameters to complete the cryptographic validity verification. This method can verify the legality of the interaction parameters through symmetric operation logic, ensuring that the response parameters of the two-way interaction are generated by legitimate entities. It achieves peer-to-peer cryptographic identity verification, avoids the security vulnerabilities of unilateral authentication, and further enhances the credibility of identity authentication.

[0018] In one possible implementation of the first aspect, the user spacecraft verifies the validity of the feedback information based on the system root public key, including: verifying whether the timestamp in the feedback information is within a preset valid time window; verifying the signature legality of the on-board node digital certificate using the system root public key, and simultaneously checking the validity period information of the digital certificate; and determining that the validity verification of the feedback information is passed only when the timestamp verification is successful, the certificate signature is valid, and the certificate is within its validity period.

[0019] The method provided by this invention verifies the validity of the timestamp window, the legality of the digital certificate signature, and the validity period of the certificate by performing timestamp validity verification, digital certificate signature legality verification, and certificate validity period check on the feedback information of the on-board node. The feedback information is only deemed valid when all three verifications pass. This ensures that the information fed back by the on-board node is from a legitimate source, has not been tampered with, and has not exceeded its validity period. This provides a reliable prerequisite for users' spacecraft to verify the identity of the on-board node and ensures the security and legality of the feedback link in the two-way authentication process.

[0020] In one possible implementation of the first aspect, the user spacecraft extracts the actual radio frequency (RF) features of the on-board node and matches them with the RF fingerprint template in the on-board node's digital certificate to complete the physical authentication of the on-board node. This includes: the user spacecraft extracting the actual RF features from the received on-board node RF signal, wherein the actual RF features include at least one of carrier frequency deviation, phase noise, and modulation nonlinear distortion; performing a hash operation on the actual RF features to generate an actual RF fingerprint; and performing a similarity match between the actual RF fingerprint and the RF fingerprint template in the on-board node's digital certificate. When the similarity is greater than a preset threshold, the physical authentication of the on-board node is determined to be successful.

[0021] The method provided by this invention extracts at least one actual radio frequency feature from the radio frequency signal of the satellite node, including carrier frequency deviation, phase noise, and modulation nonlinear distortion. After generating an actual radio frequency fingerprint through hash operation, it performs similarity matching with the template in the certificate. This enables reverse verification of the physical identity of the satellite node, continues the unique verification logic of radio frequency feature hardware, realizes two-way physical identity authentication between the user's spacecraft and the satellite node, eliminates the risk of identity fraud in one-way authentication, and improves the overall security level of two-way authentication.

[0022] In one possible implementation of the first aspect, the user spacecraft and the on-board node negotiate and generate a session key based on parameters of two-way cryptographic verification, and the on-board node verifies the session key, including: the user spacecraft calculates a first negotiation parameter based on its own generated random number, the on-board node's public key, its own private key, and the second challenge parameter; the on-board node calculates a second negotiation parameter based on its own generated random number, the user spacecraft's public key, its own private key, and the first challenge parameter; the user spacecraft and the on-board node perform hash operations based on the first and second negotiation parameters respectively to generate the same session key; the user spacecraft uses the session key to perform a hash operation on a preset associated parameter to generate a verification parameter and sends it to the on-board node; the on-board node uses its own generated session key to perform a hash operation on the same preset associated parameter to obtain a verification value, wherein the preset associated parameter is a parameter obtained by concatenating its own generated session key with a second response parameter factor; the on-board node compares the verification value with the received verification parameter for consistency, and if the comparison is consistent, the session key verification is determined to be successful.

[0023] The method provided by this invention calculates negotiation parameters based on two-way cryptographic verification parameters, generates a session key through hash operation, and then completes key verification using the association parameters concatenated with the second negotiation parameters and the second response parameters. This ensures that the session key is generated from a legitimate two-way verification result, and confirms key consistency through hash verification of the dedicated association parameters. This ensures that the negotiated session key is legitimate, valid, and tamper-proof, providing secure key support for subsequent encrypted communication between on-board nodes and user spacecraft, and guaranteeing the security of communication data transmission.

[0024] Secondly, this invention provides an on-board autonomous identity authentication system in lunar space. The system includes an on-board node, a user spacecraft, and a ground management node. The user spacecraft has pre-registered and initialized through the ground management node, obtaining a digital certificate containing its own radio frequency fingerprint template and a system root public key. The on-board node pre-stores the system root public key and the digital certificate containing its own radio frequency fingerprint template. The user spacecraft sends an access request to the on-board node, the access request carrying the user spacecraft's digital certificate, timestamp, and first challenge parameters. The on-board node verifies the legitimacy of the access request based on the system root public key and extracts the actual radio frequency characteristics of the user spacecraft, matching them with the radio frequency fingerprint template in the digital certificate to complete the physical identity verification of the user spacecraft. The on-board node calculates and generates a first response parameter based on its own private key and the first challenge parameters, and simultaneously generates a second challenge parameter, sending a response to the user spacecraft. The system provides feedback information carrying the on-board node's digital certificate, timestamp, first response parameters, and second challenge parameters. The user spacecraft verifies the validity of the feedback information based on the system's root public key and extracts the actual radio frequency characteristics of the on-board node, matching them with the radio frequency fingerprint template in the on-board node's digital certificate to complete physical authentication of the on-board node. The user spacecraft also performs cryptographic validity verification on the first response parameters, calculates and generates a second response parameter based on its own private key and the second challenge parameters, and sends it to the on-board node. The on-board node performs cryptographic validity verification on the second response parameters, completing bidirectional cryptographic verification between the two parties. The user spacecraft and the on-board node negotiate and generate a session key based on the bidirectional cryptographic verification parameters. The on-board node verifies the session key; if the verification passes, on-board autonomous identity authentication is completed and encrypted communication is established; if the verification fails, the user spacecraft's access request is rejected.

[0025] Understandably, the beneficial effects that the system of the second aspect described above can achieve can be referenced from the beneficial effects of the first aspect and any of its possible design methods, which will not be repeated here. Attached Figure Description

[0026] Figure 1 A schematic diagram of the system architecture of an authentication system provided in an embodiment of the present invention; Figure 2 A flowchart illustrating an on-board autonomous identity authentication method in Earth-Moon space provided by an embodiment of the present invention; Figure 3 This is a schematic diagram of the interaction process during the registration phase provided by an embodiment of the present invention; Figure 4 This is a schematic diagram of the interaction process during the authentication stage, provided as an embodiment of the present invention. Detailed Implementation

[0027] The technical solutions of the embodiments of the present invention will be described below with reference to the accompanying drawings. In the description of the present invention, unless otherwise stated, " / " indicates that the objects before and after are in an "or" relationship. For example, A / B can represent A or B. The "or" in the present invention is merely a description of the relationship between the related objects, indicating that three relationships can exist. For example, A or B can represent: A alone, A and B simultaneously, and B alone. A and B can be singular or plural. Furthermore, in the description of the present invention, unless otherwise stated, "multiple" refers to two or more. "At least one of the following" or similar expressions refer to any combination of these items, including any combination of single or plural items.

[0028] Furthermore, to facilitate a clear description of the technical solutions of the embodiments of the present invention, the terms "first" and "second" are used in the embodiments of the present invention to distinguish identical or similar items with essentially the same function and effect. Those skilled in the art will understand that the terms "first" and "second" do not limit the quantity or execution order, and that the terms "first" and "second" are not necessarily different.

[0029] In this embodiment of the invention, the terms "exemplary" or "for example" are used to indicate that something is an example, illustration, or description. Any embodiment or design described as "exemplary" or "for example" in this embodiment of the invention should not be construed as superior or more advantageous than other embodiments or designs. Specifically, the use of terms such as "exemplary" or "for example" is intended to present the relevant concepts in a concrete manner for ease of understanding.

[0030] With the rapid development of aerospace technology, space networks are continuously evolving towards deep space. The Earth-Moon space has become a core area of ​​space exploration for various countries. The advancement of space projects such as the International Lunar Research Station and the Lunar Communication Network has led to a significant increase in the number of spacecraft in the Earth-Moon space. The demand for collaborative communication between spacecraft is growing, and the openness and complexity of space information networks are constantly increasing. As the first line of defense for space communication security, the adaptability of its technical solutions directly determines the security and efficiency of Earth-Moon space network communication. How to achieve secure and effective identity authentication for spacecraft nodes has become a core issue that urgently needs to be addressed in the field of Earth-Moon space network security.

[0031] To address the identity authentication requirements of space networks, existing technologies have proposed a satellite communication identity authentication protocol based on elliptic curve cryptography. This protocol sets up two phases: registration and authentication. In the registration phase, the ground network control center verifies the user's identity information and distributes authentication parameters. In the authentication phase, the user initiates an access request, which is relayed to the ground network control center via a low-Earth orbit satellite. The ground center performs identity verification and generates a session key, then sends the verification result and key back to the user via satellite. Ultimately, this achieves two-way authentication and secure communication between the user and the ground center. This scheme leverages the lightweight characteristics of elliptic curve cryptography to achieve relatively efficient identity authentication in low-Earth orbit satellite networks, becoming a typical technical solution for space communication identity authentication.

[0032] However, the aforementioned satellite-ground collaborative authentication scheme based on elliptic curve cryptography relies on the ground network control center to lead the entire authentication process, with the satellite only handling data forwarding. This design has insurmountable technical flaws in the Earth-Moon space scenario. The authentication process is highly dependent on the ground center node and the satellite-ground link. However, the Earth-Moon space link is far apart, and the round-trip time between the satellite and the ground can be more than 2.5 seconds. Relying on the ground center to complete the authentication will result in an overall authentication process delay of more than 5 seconds, which cannot meet the real-time requirements of users' spacecraft for on-demand access. Furthermore, when the ground center fails or the satellite-ground link is interrupted, the onboard node cannot complete the authentication independently, directly affecting the continuity of Earth-Moon space missions. At the same time, frequent satellite-ground data forwarding will excessively consume the limited communication and computing resources on the satellite, making it difficult to adapt to the special link and hardware constraints of Earth-Moon space.

[0033] In view of this, embodiments of the present invention provide an on-board autonomous identity authentication method and system in Earth-Moon space. The method is applied to an on-board autonomous identity authentication system in Earth-Moon space. The system includes an on-board node, a user spacecraft, and a ground management node. The user spacecraft has pre-completed registration and initialization through the ground management node and obtained a digital certificate containing its own radio frequency fingerprint template and a system root public key. The on-board node pre-stores the system root public key and the digital certificate containing its own radio frequency fingerprint template. The method includes: the user spacecraft sending an access request to the on-board node, the access request carrying the user spacecraft's digital certificate, timestamp, and first challenge parameter; the on-board node verifying the legitimacy of the access request based on the system root public key, extracting the actual radio frequency characteristics of the user spacecraft, and matching them with the radio frequency fingerprint template in the digital certificate to complete the physical identity verification of the user spacecraft; the on-board node calculating and generating a first response parameter based on its own private key and the first challenge parameter, and simultaneously generating... The system generates a second challenge parameter and sends feedback information to the user spacecraft, carrying the digital certificate of the on-board node, a timestamp, the first response parameter, and the second challenge parameter. The user spacecraft verifies the validity of the feedback information based on the system root public key and extracts the actual radio frequency characteristics of the on-board node, matching them with the radio frequency fingerprint template in the on-board node's digital certificate to complete the physical authentication of the on-board node. The user spacecraft performs cryptographic validity verification on the first response parameter, then calculates and generates a second response parameter based on its own private key and the second challenge parameter and sends it to the on-board node. The on-board node performs cryptographic validity verification on the second response parameter, completing the two-way cryptographic verification. The user spacecraft and the on-board node negotiate and generate a session key based on the parameters of the two-way cryptographic verification, and the on-board node verifies the session key. If the verification is successful, on-board autonomous identity authentication is completed and encrypted communication is established; if the verification fails, the access request of the user spacecraft is rejected.

[0034] The method provided by this invention involves the user spacecraft sending an access request carrying a digital certificate, timestamp, and first challenge parameters. The onboard node then verifies the legitimacy of the access request and the physical identity of the user spacecraft. Next, the onboard node and the user spacecraft interact to complete the identity verification and two-way cryptographic verification. Finally, after negotiating and verifying the session key, encrypted communication is established or access is denied. This method leverages a multi-step process involving certificate verification, RF fingerprint matching, and cryptographic interaction verification to achieve autonomous two-way identity authentication onboard. It eliminates the need for real-time control by ground management nodes during the authentication process, effectively adapting to the Earth-Moon space communication scenario. It automates the user spacecraft's access authentication and secure communication construction, preventing unauthorized access and enhancing the autonomy and security of Earth-Moon space identity authentication.

[0035] In some embodiments, the on-board autonomous identity authentication method provided by the present invention can be executed by an on-board autonomous identity authentication system 100 (hereinafter referred to as authentication system 100).

[0036] See Figure 1 , Figure 1 This is a schematic diagram of the system architecture of an authentication system according to an embodiment of the present invention. The authentication system 100 includes an on-board node 110, a user spacecraft 120, and a ground management node 130. The user spacecraft 120 has pre-registered and initialized through the ground management node 130 and obtained a digital certificate containing its own radio frequency fingerprint template and a system root public key. The on-board node 110 pre-stores the system root public key and the digital certificate containing its own radio frequency fingerprint template. The user spacecraft 120 is used to send an access request to the on-board node 110. The access request carries the user spacecraft 120's digital certificate, timestamp, and first challenge parameter. The on-board node 110 is used to verify the legitimacy of the access request based on the system root public key, extract the actual radio frequency characteristics of the user spacecraft 120, and match them with the radio frequency fingerprint template in the digital certificate to complete the physical authentication of the user spacecraft 120. The on-board node 110 is used to calculate and generate a first response parameter based on its own private key and the first challenge parameter, and simultaneously generate a second challenge parameter, and feed back to the user spacecraft 120 carrying the on-board node's... The system comprises: a digital certificate of the on-board node 110, a timestamp, and feedback information of the first response parameter and the second challenge parameter; the user spacecraft 120, which verifies the validity of the feedback information based on the system root public key and extracts the actual radio frequency characteristics of the on-board node 110, matching them with the radio frequency fingerprint template in the digital certificate of the on-board node 110 to complete the physical authentication of the on-board node 110; the user spacecraft 120, which performs cryptographic validity verification of the first response parameter, calculates and generates a second response parameter based on its own private key and the second challenge parameter, and sends it to the on-board node 110; the on-board node 110, which performs cryptographic validity verification of the second response parameter to complete the two-way cryptographic verification; the user spacecraft 120 and the on-board node 110, which negotiate and generate a session key based on the parameters of the two-way cryptographic verification; and the on-board node 110, which verifies the session key. If the verification passes, the on-board autonomous identity authentication is completed and encrypted communication is established; if the verification fails, the access request of the user spacecraft 120 is rejected.

[0037] Furthermore, in combination Figure 1The on-board nodes 110 include, but are not limited to, Earth orbit satellites, lunar orbit satellites, long distance retrograde orbit (DRO) satellites, deep space relay satellites, and other on-orbit or off-orbit communication entities deployed in Earth-Moon space. The nodes establish communication with each other through inter-satellite links 140. Each node is equipped with an authentication module, which adopts a dedicated hardware chip design to meet the low power consumption and high reliability requirements of the satellite. The authentication module includes a credential verification unit, a time processing unit, a radio frequency feature extraction unit, a core computing unit, a random number generation unit, and a secure storage unit.

[0038] User spacecraft 120 includes, but is not limited to, autonomous cruise spacecraft, satellites performing exploration, communication or payload missions, and other on-orbit or off-orbit spacecraft entities with space communication capabilities. As the authentication request initiator, it connects to the on-board node 110 and performs identity authentication with the on-board node 110 through the authentication link 160. Each user spacecraft is equipped with an authentication module, and the module structure is the same as that of the authentication module on the on-board node 110.

[0039] Ground management node 130 is deployed at an Earth ground station, employing a high-security server cluster and containing an offline hardware security module. Its core responsibility is the secure initialization and control of the authentication system. Specifically, this includes: generating a root public-private key pair in an absolutely secure, isolated environment via the offline hardware security module. The root private key is stored entirely within the offline hardware security module, without access to any network, and is used solely for digital certificate signing; collecting radio frequency signals from each legitimate user spacecraft 120, extracting radio frequency features, processing them using a hash algorithm to generate a radio frequency fingerprint template, binding it to the public key of the user spacecraft 120, generating a digital certificate, and signing it with the root private key; injecting the root public key and digital certificate into the corresponding user spacecraft 120 via a dedicated secure link; and for on-orbit nodes, sending the root public key and on-board node digital certificates to each on-board node 110 via the space-to-ground link 150.

[0040] The following description, in conjunction with the accompanying drawings, illustrates an embodiment of the autonomous identity authentication method for satellites in Earth-Moon space provided by the present invention.

[0041] Figure 2 This is a flowchart illustrating an autonomous identity authentication method for a satellite in Earth-Moon space, provided as an embodiment of the present invention. Optionally, this method can be... Figure 1 The authentication system 100 shown is executed. The method may include the following steps: S1. The user spacecraft sends an access request to the satellite node. The access request carries the user spacecraft's digital certificate, timestamp, and first challenge parameter.

[0042] In one possible implementation, the first challenge parameter is a parameter obtained by performing a scalar multiplication operation between the random number generated by the user aircraft and the elliptic curve base point.

[0043] Specifically, the random numbers generated by the user spacecraft and the on-board nodes are cryptographically secure random numbers generated based on hardware entropy sources. During the generation process, oscillator jitter noise is used to generate the initial random entropy, which is then used as a seed input to a cryptographically secure pseudo-random number generator to generate random numbers that meet cryptographic security requirements. These random numbers are specifically used for generating the first and second challenge parameters. The elliptic curve base points used in this method are preset base points of the P-256 elliptic curve. Scalar multiplication operations between the random numbers and the elliptic curve base points are all performed based on the P-256 elliptic curve parameters. Compared to traditional public-key cryptography algorithms based on large integer factorization or discrete logarithms, this elliptic curve cryptography mechanism can reduce computational overhead while ensuring cryptographic security, making it suitable for the limited computational and storage resources of on-board nodes and user spacecraft in the Earth-Moon space. In the actual autonomous identity authentication process on the Earth-Moon space satellite, after the user spacecraft generates random numbers, it performs scalar multiplication operations between these random numbers and the elliptic curve base points to directly obtain the first challenge parameters that can be used for identity authentication interaction.

[0044] The method provided in this invention ensures the unpredictability of the parameter source by using random numbers generated by a hardware entropy source. Combined with the cryptographic characteristics of P-256 elliptic curve scalar multiplication, the generated first and second challenge parameters have unique encryption properties. This eliminates the possibility of being cracked or counterfeited from the parameter generation stage, ensuring that the challenge parameters in each authentication interaction process are unique. This fundamentally lays a solid security foundation for the calculation and generation of subsequent response parameters and the two-way cryptographic validity verification. It enables the autonomous identity authentication interaction process on Earth, Moon, and Space to effectively resist various network attacks targeting parameters, thereby improving the attack resistance and security level of the entire identity authentication process from the source.

[0045] It should be noted that, see Figure 3 The registration and initialization process specifically includes: the ground management node (also known as the ground management center) generating a system root public-private key pair in a physically isolated and secure environment. and The root private key The system root public-private key pair is stored in the offline hardware security module and does not participate in network communication. In this embodiment, the system root public-private key pair is generated only during the system initialization phase and is continuously used during normal system operation. The user aircraft autonomously generates the elliptic curve public-private key pair within its internal secure computing environment. and It also sends its public key to the ground management node through a pre-established secure channel. and user aircraft identification information Ground management nodes extract the radio frequency signatures of user aircraft. After processing with a hash algorithm, an RF fingerprint template is generated. Constructing user aircraft digital certificates The certificate includes the user's aircraft public key. Radio frequency fingerprint template Validity information and user aircraft identification information and using the root private key Sign the certificate. Transfer the digital certificate. With root public key Inject into the user's aircraft. S2. The on-board node verifies the legitimacy of the access request based on the system root public key, extracts the actual radio frequency characteristics of the user's aircraft, and matches them with the radio frequency fingerprint template in the digital certificate to complete the physical authentication of the user's aircraft.

[0046] In some embodiments, the on-board node verifies the legitimacy of the access request based on the system root public key, including: Verify whether the timestamp in the access request is within a preset valid time window; verify the signature validity of the user's aircraft digital certificate using the system root public key, and check the validity period information of the digital certificate; only when the timestamp verification is successful, the certificate signature is valid, and the certificate is within its validity period is the access request deemed to have passed the validity verification.

[0047] Specifically, the on-board node's verification of the legitimacy of access requests is completed collaboratively by its own authentication module. The validity verification of the timestamp is handled by the time processing unit, which maintains the local system time of the on-board node and configures a preset effective time window based on the latency characteristics of the Earth-Moon space link.

[0048] For example, in this method, the duration of the effective time window is set to 1 second. The timestamp is generated based on the unified Earth-Moon space time base. During verification, the absolute value of the difference between the timestamp in the received access request and the local system time is calculated. When the absolute value is not greater than 1 second, the timestamp is determined to be within the preset effective time window. The signature validity verification and validity period check of the digital certificate are handled by the credential verification unit. This unit first parses the data structure of the user's aircraft digital certificate, extracting fields such as certificate subject information, public key information, certificate validity period, and certificate signature. Then, it reads the pre-stored system root public key from the secure storage unit and uses this system root public key to verify the digital signature in the certificate. Specifically, it calculates the hash digest of the certificate subject data using SHA-256 operation and verifies the certificate signature using the elliptic curve digital signature verification algorithm to confirm that the certificate was indeed issued by a legitimate ground management node and has not been tampered with during transmission.

[0049] After the signature verification is successful, the credential verification unit will further check the validity information in the certificate by combining it with the current system time provided by the time processing unit to determine whether the certificate is within its validity period. Only when all three conditions are met simultaneously—the timestamp verification result is successful, the digital certificate signature is verified as valid by the system root public key, and the certificate verification result is within its validity period—will the access request be ultimately deemed to have passed the legality verification. If any verification step fails, the subsequent authentication process for the access request will be terminated directly.

[0050] The method provided by this invention verifies the access request by performing timestamp validity window verification, digital certificate signature validity verification, and certificate validity period check. The access request is deemed legitimate only when all three verifications pass. This method can accurately filter out illegal access requests that have timed out, have forged certificates, or have expired certificates. It selects legitimate access initiators from the source, reduces the execution of invalid authentication processes, improves the accuracy and reliability of on-board nodes in verifying the legitimacy of access requests, and reduces the interference of illegal requests on the authentication process.

[0051] In other embodiments, the on-board node extracts the actual radio frequency characteristics of the user's spacecraft and matches them with the radio frequency fingerprint template in the digital certificate to complete the physical authentication of the user's spacecraft, including: The on-board node extracts actual radio frequency features from the received user spacecraft radio frequency signals. The actual radio frequency features include at least one of carrier frequency deviation, phase noise, and modulation nonlinear distortion. The actual radio frequency features are hashed to generate an actual radio frequency fingerprint. The actual radio frequency fingerprint is matched with the radio frequency fingerprint template in the digital certificate. When the similarity is greater than a preset threshold, the physical authentication of the user spacecraft is determined to be successful.

[0052] The physical authentication operation of the on-board node for the user's spacecraft is completed collaboratively by the radio frequency feature extraction unit and the core computing unit in the authentication module. The radio frequency feature extraction unit is responsible for extracting the actual radio frequency features from the received radio frequency signal of the user's spacecraft. During extraction, the radio frequency signal is first down-converted, filtered, and analog-to-digital converted by the receiver front end to obtain the baseband signal. Then, during digital demodulation, the received signal is synchronized by the carrier recovery loop. During the carrier recovery process, the instantaneous phase error signal sequence in the loop is collected in real time, and the sequence is used for feature extraction. Specifically, its power spectral density is calculated by fast Fourier transform, and the spectral energy in multiple frequency ranges is extracted as feature parameters. It can also further extract statistical quantities such as root mean square phase jitter, probability distribution parameters, or autocorrelation features of the phase error signal to construct a radio frequency fingerprint feature vector containing at least one of carrier frequency deviation, phase noise, and modulation nonlinear distortion. Then, the feature vector is normalized. After the actual radio frequency (RF) feature extraction is completed, the core computing unit uses the SHA-256 hash algorithm to perform a hash operation on the normalized RF feature vector, generating a fixed-length actual RF fingerprint. This hash operation method is consistent with the method used by the ground management node to generate the RF fingerprint template during the registration phase. The RF fingerprint template in the digital certificate is a fixed-length feature template generated by the ground management node after extracting the original RF features of the user's aircraft during the registration phase, and it has the same format and length of feature values ​​as the actual RF fingerprint. The core computing unit uses a cosine similarity matching algorithm to perform similarity matching between the generated actual RF fingerprint and the RF fingerprint template in the digital certificate. In this method, the preset threshold value is 0.85. The core computing unit will accurately calculate the cosine similarity value between the two. When the value is greater than 0.85, the physical authentication of the user's aircraft is determined to be successful. The entire feature extraction and matching process is completed locally on the satellite node, requiring only a small amount of additional signal statistical operations, and will not significantly increase the computational burden of the satellite node.

[0053] The method provided in this invention relies on the professional processing flow of the radio frequency feature extraction unit to extract actual radio frequency features with hardware uniqueness from the radio frequency signal. It combines standardized hash operations to generate actual radio frequency fingerprints with a unified format, and then completes physical identity determination through quantized cosine similarity matching and a clear preset threshold. This ensures that each step of physical identity verification has an executable operational standard. By utilizing the strong binding characteristics between radio frequency features and hardware entities, the true identity of the user's spacecraft is confirmed at the physical level. Even if the digital certificate is stolen, the impersonation behavior can be identified through the physical identity verification step. This forms a tight binding relationship between the logical identity authentication of the digital certificate and the physical identity verification of the radio frequency feature, completing the verification of the user's spacecraft identity from a dual dimension. This significantly improves the accuracy of the on-board node's verification of the user's spacecraft identity and gives identity authentication in the Earth-Moon space a stronger anti-impersonation capability.

[0054] S3. The on-board node calculates and generates a first response parameter based on its own private key and the first challenge parameter, and at the same time generates a second challenge parameter, and sends feedback information to the user spacecraft carrying the digital certificate, timestamp, first response parameter and second challenge parameter of the on-board node.

[0055] In one possible implementation, the first response parameter is the result of an elliptic curve scalar multiplication of the on-board node with its own private key and the first challenge parameter, and the result of the operation is concatenated with the timestamp in the feedback information and then hashed.

[0056] The generation of the first response parameters by the on-board node and the generation of the second response parameters by the user spacecraft are both completed within the core computing units of their respective authentication modules. The core computing units employ the SHA-256 hash algorithm to perform combined hash operations. This algorithm is also the unified hash operation method used throughout the entire identity authentication process, ensuring the fixed length and security of the operation result. When generating the first response parameters, the on-board node first retrieves its pre-stored private key from its secure storage unit. This private key is an elliptic curve private key generated autonomously by the on-board node during the registration phase, stored only in its local secure storage unit and using a segmented encrypted storage mechanism; it does not participate in network communication. It then extracts the first challenge parameters obtained from the interaction with the user spacecraft and simultaneously obtains the timestamp from its own generated feedback information. This timestamp is generated based on the unified Earth-Moon spacetime time base. The node performs an elliptic curve scalar multiplication based on its private key and the first challenge parameters, and concatenates this result with the timestamp in the feedback information to form the raw data for the combined operation. The core computing unit performs a SHA-256 hash operation on this raw data, and the resulting fixed-length hash value is the first response parameter.

[0057] The original data calculation formula for the first response parameter is SsEi||T2, where there is an elliptic curve scalar multiplication operation between the private key Ss and the first challenge parameter Ei, resulting in the operation result SsEi.

[0058] S4. The user spacecraft verifies the validity of the feedback information based on the system root public key, extracts the actual radio frequency characteristics of the on-board node, and matches them with the radio frequency fingerprint template in the on-board node's digital certificate to complete the physical authentication of the on-board node.

[0059] In some embodiments, the user spacecraft verifies the validity of the feedback information based on the system root public key, including: verifying whether the timestamp in the feedback information is within a preset valid time window; verifying the signature legality of the on-board node digital certificate using the system root public key, and checking the validity period information of the digital certificate; and determining that the validity verification of the feedback information is passed only when the timestamp verification is successful, the certificate signature is valid, and the certificate is within its validity period.

[0060] The user aircraft's verification of the validity of feedback information is completed collaboratively by its own authentication module. The validity verification of the timestamp is handled by the time processing unit, which maintains the user aircraft's local system time. The preset effective time window, configured based on the Earth-Moon space link latency characteristics, is 1 second in length. The timestamp in the feedback information is generated based on the unified Earth-Moon space time reference. During verification, the time processing unit calculates the absolute value of the difference between the timestamp in the received feedback information and the local system time. If the absolute value is not greater than 1 second, the timestamp is determined to be within the preset effective time window.

[0061] The verification of the signature validity and validity period of the digital certificate of the satellite node is handled by the credential verification unit. This unit first performs a comprehensive analysis of the data structure of the digital certificate of the satellite node, extracting relevant fields such as certificate subject information, public key information, certificate validity period, and certificate signature. Then, it reads the pre-stored system root public key from its own secure storage unit. This system root public key is injected by the ground management node during the registration phase. Subsequently, it uses the system root public key to verify the digital signature in the certificate. Specifically, it calculates the hash digest of the certificate subject data using SHA-256 operation and performs precise verification of the certificate signature using the elliptic curve digital signature verification algorithm, thereby confirming that the digital certificate of the satellite node was indeed issued by a legitimate ground management node and has not been tampered with during transmission.

[0062] After the signature verification is successful, the credential verification unit will further combine the current system time provided by the time processing unit to carefully check the validity period information in the certificate to determine whether the certificate is within the normal validity period. The user spacecraft executes a strict triple verification logic for the validity verification of the feedback information. Only when all three conditions are met simultaneously—the timestamp verification result is successful, the on-board node digital certificate signature is verified as legitimate by the system root public key, and the certificate verification result is within the validity period—will the validity verification of the feedback information be finally determined to be successful. If any verification step fails, the subsequent authentication process for the feedback information will be terminated directly, and the on-board node identity verification operation will not continue.

[0063] In other embodiments, the user spacecraft extracts the actual radio frequency characteristics of the on-board node and matches them with the radio frequency fingerprint template in the on-board node's digital certificate to complete the physical authentication of the on-board node, including: The user spacecraft extracts actual radio frequency features from the received on-board node radio frequency signals. The actual radio frequency features include at least one of carrier frequency deviation, phase noise, and modulation nonlinear distortion. The actual radio frequency features are hashed to generate an actual radio frequency fingerprint. The actual radio frequency fingerprint is matched with the radio frequency fingerprint template in the on-board node digital certificate. When the matching similarity is greater than a preset threshold, the physical authentication of the on-board node is determined to be successful.

[0064] Specifically, the physical authentication operation of the user spacecraft to the on-board node is completed collaboratively by the radio frequency feature extraction unit and the core computing unit in its own authentication module. The radio frequency feature extraction unit is responsible for extracting the actual radio frequency features from the received radio frequency signal of the on-board node. During extraction, the radio frequency signal is first down-converted, filtered, and analog-to-digital converted by the receiver front end to obtain the baseband signal. Then, during digital demodulation, the received signal is synchronized by carrier recovery loop. During carrier recovery, the instantaneous phase error signal sequence in the loop is collected in real time, and feature extraction is performed on the sequence. Specifically, its power spectral density is calculated by fast Fourier transform, and the spectral energy in multiple frequency ranges is extracted as feature parameters. It can also further extract statistical quantities such as root mean square phase jitter, probability distribution parameters, or autocorrelation features of the phase error signal to construct a radio frequency fingerprint feature vector containing at least one of carrier frequency deviation, phase noise, and modulation nonlinear distortion. Then, the feature vector is normalized to give the feature parameters a unified calculation standard. After extracting and normalizing the actual radio frequency (RF) features, the core computing unit uses the SHA-256 hash algorithm to perform a hash operation on the RF fingerprint feature vector, generating a fixed-length actual RF fingerprint. This hash operation is identical to the method used by the ground management node to generate the RF fingerprint template for the on-board node during the registration phase. The RF fingerprint template in the on-board node's digital certificate is a fixed-length feature template generated by the ground management node through the same type of SHA-256 hash operation after extracting the original RF features of the on-board node during the registration phase. It has the same format and length of feature values ​​as the actual RF fingerprint generated by the user's aircraft. The core computing unit then uses a cosine similarity matching algorithm to perform a similarity match between the generated actual RF fingerprint and the RF fingerprint template in the on-board node's digital certificate. In this method, the preset threshold value is 0.85. The core computing unit will accurately calculate the cosine similarity value between the two. When the value is greater than 0.85, it is determined that the physical identity verification of the on-board node is successful. The entire process of feature extraction, hash operation and similarity matching is completed locally on the user spacecraft. Only a small amount of signal statistical operation needs to be added, which will not significantly increase the computing burden of the user spacecraft and can adapt to the limited hardware resources of the user spacecraft in the lunar space.

[0065] The method provided by this invention extracts at least one actual radio frequency feature from the radio frequency signal of the satellite node, including carrier frequency deviation, phase noise, and modulation nonlinear distortion. After generating an actual radio frequency fingerprint through hash operation, it performs similarity matching with the template in the certificate. This enables reverse verification of the physical identity of the satellite node, continues the unique verification logic of radio frequency feature hardware, realizes two-way physical identity authentication between the user's spacecraft and the satellite node, eliminates the risk of identity fraud in one-way authentication, and improves the overall security level of two-way authentication.

[0066] S5. The user spacecraft performs cryptographic validity verification on the first response parameter, then calculates and generates a second response parameter based on its own private key and the second challenge parameter and sends it to the satellite node. The satellite node performs cryptographic validity verification on the second response parameter, thus completing the two-way cryptographic verification between the two parties.

[0067] Specifically, further, the second response parameter is the result of the elliptic curve scalar multiplication obtained by the user aircraft based on its own private key and the second challenge parameter, and the result of the operation is concatenated with the timestamp sent along with the second response parameter and then hashed.

[0068] Specifically, when the user spacecraft generates the second response parameter, it follows the same combined hash operation logic. First, it retrieves its own elliptic curve private key from its local secure storage unit. Then, it extracts the second challenge parameter sent by the on-board node and simultaneously generates a timestamp to be sent along with the second response parameter. This timestamp is also generated based on the unified Earth-Moon spacetime time base. The result of the elliptic curve scalar multiplication of the user's private key and the second challenge parameter is concatenated with the timestamp sent along with the second response parameter to form the raw data for the combined operation. The core computing unit performs a SHA-256 hash operation on the concatenated raw data, and the resulting fixed-length hash value is the second response parameter. The timestamp sent along with the second response parameter is synchronously transmitted to the on-board node, providing data support for subsequent cryptographic validity verification. Throughout the combined hash operation, the private key is the node's exclusive core confidential information, the challenge parameter is a unique parameter dynamically generated during the interaction, and the timestamp is time information with time-sensitive characteristics. The combination of these three gives the computational foundation data a triple attribute of exclusivity, uniqueness, and timeliness.

[0069] The original data calculation formula for the second response parameter is SsEs||T3, where there is an elliptic curve scalar multiplication operation between the private key Ss and the second challenge parameter Es, resulting in the operation result SsEs.

[0070] In this way, the method provided by the present invention deeply integrates the node-specific private key information, the core challenge parameters of the authentication interaction, and the timestamp with time characteristics into the basis of the combined hash operation, enabling the generated response parameters to carry node identity information, interaction scenario information, and time validity information at the same time. Each response parameter becomes the exclusive data in the corresponding authentication interaction process and will not appear repeatedly in other authentication scenarios, endowing the response parameters with extremely strong uniqueness and timeliness in terms of data composition. During the transmission process of identity authentication, even if the response parameters are illegally intercepted, they cannot be tampered with or forged without the corresponding private key, challenge parameters, and timestamp, nor can they be replayed in scenarios beyond the time validity. Fundamentally, the possibility of tampering and replay of the response parameters is cut off, making the response parameter data in the authentication interaction process highly secure, greatly strengthening the anti-tampering ability and anti-replay ability of the interaction data in the entire on-orbit autonomous identity authentication process in the Earth-Moon space, and making the parameter interaction link of two-way authentication more secure.

[0071] In a possible implementation manner, the user aircraft performs cryptographic validity verification on the first response parameter, including: the user aircraft performs the same operation as the on-orbit node based on the random number generated by itself, the public key of the on-orbit node, and the timestamp in the feedback information to obtain a verification parameter; comparing the verification parameter with the received first response parameter for consistency; when the comparison result is consistent, it is determined that the cryptographic validity verification of the first response parameter passes.

[0072] In another possible implementation manner, the on-orbit node performs cryptographic validity verification on the second response parameter, including: the on-orbit node performs the same operation as the user aircraft based on the random number generated by itself, the public key of the user aircraft, and the timestamp sent by the user aircraft together with the second response parameter to obtain a verification parameter; comparing the verification parameter with the received second response parameter for consistency; when the comparison result is consistent, it is determined that the cryptographic validity verification of the second response parameter passes.

[0073] The cryptographic validity verification of the first response parameter by the user spacecraft and the cryptographic validity verification of the second response parameter by the on-board node are both independently completed by the core computing units of their respective authentication modules. Both verification operations follow a completely symmetrical computation and judgment logic. The core computing units execute operations according to the same computational rules used by the on-board node to generate the first response parameter and by the user spacecraft to generate the second response parameter. When verifying the first response parameter, the user spacecraft first retrieves the cryptographically secure random number it generated when generating the first challenge parameter locally. Then, it parses and extracts the on-board node's public key from the digital certificate in the feedback information sent by the on-board node, and simultaneously extracts the timestamp carried in the feedback information. Subsequently, it concatenates the random number, the on-board node's public key, and the timestamp in the feedback information according to the combination order used by the on-board node when generating the first response parameter. The SHA-256 hash algorithm is then used to perform a combined hash operation on the concatenated original data. The resulting fixed-length hash value is the verification parameter. The core computing unit performs an equality comparison between this verification parameter and the received first response parameter, completing a consistency comparison. If the comparison result is completely consistent, the cryptographic validity verification of the first response parameter is deemed successful.

[0074] When verifying the second response parameter, the on-board node retrieves a cryptographically secure random number generated locally when the second challenge parameter was generated. It then extracts the user's public key from the user's digital certificate and the timestamp sent along with the second response parameter. The random number, the user's public key, and the timestamp are concatenated in the order they were combined when the user generated the second response parameter. This concatenation is then processed using the SHA-256 hash algorithm to obtain the verification parameter. The core computing unit compares this verification parameter with the received second response parameter. If the consistency comparison results are the same, the cryptographic validity of the second response parameter is verified. Throughout the entire cryptographic validity verification process, the random numbers used by both parties are locally generated and confidential parameters that are not transmitted over the network. The public keys are extracted from valid digital certificates, and the timestamps are time-sensitive parameters generated during the corresponding interaction. The entire computation process is completed within the node's local core computing unit without involving any additional network data interaction.

[0075] As described above, the method provided by this invention employs a completely symmetrical computation and judgment logic for bidirectional response parameter verification. This allows the user spacecraft and the on-board node to verify the legality of each other's response parameters using the same computational method. This establishes an equal verification system through bidirectional cryptographic verification, breaking the single verification mode of unilateral authentication. The random number used in the verification process is a locally confidential parameter of the node, the public key is a publicly available parameter for legitimate authentication, and the timestamp is an interaction-specific time-limited parameter. The combination of these three computational bases gives the verification parameters a strong unique matching property. Only a legitimate generating entity can obtain verification parameters consistent with the response parameters through the corresponding parameter computation. Illegal entities cannot obtain complete computational parameters and therefore cannot generate matching verification parameters. This accurately verifies whether the response parameters were generated by a legitimate entity, eliminating the possibility of illegally forged response parameters passing verification from the computational logic perspective. This completely avoids the security vulnerabilities of unilateral authentication, making the bidirectional cryptographic verification process for autonomous identity authentication on the Earth-Moon space station more rigorous, significantly improving the credibility of the entire identity authentication process, and ensuring higher reliability of the authentication results.

[0076] S6. The user spacecraft and the on-board node negotiate and generate a session key based on bidirectional cryptographic verification parameters. The on-board node verifies the session key. If the verification is successful, the on-board autonomous identity authentication is completed and encrypted communication is established. If the verification fails, the access request of the user spacecraft is rejected.

[0077] In some embodiments, the user spacecraft and the on-board node negotiate and generate a session key based on parameters of two-way cryptographic verification, and the on-board node verifies the session key, including: the user spacecraft calculating a first negotiation parameter based on its own generated random number, the on-board node's public key, its own private key, and the second challenge parameter; the on-board node calculating a second negotiation parameter based on its own generated random number, the user spacecraft's public key, its own private key, and the first challenge parameter; the user spacecraft and the on-board node performing hash operations based on the first and second negotiation parameters respectively to generate the same session key; the user spacecraft using the session key to perform hash operations on preset associated parameters to generate verification parameters and sending them to the on-board node; the on-board node using its own generated session key to perform hash operations on the same preset associated parameters to obtain a verification value, wherein the preset associated parameters are parameters obtained by concatenating its own generated session key with a second response parameter factor; the on-board node comparing the verification value with the received verification parameters for consistency, and if the comparison is consistent, the session key verification is determined to be successful.

[0078] At the user's spacecraft, the second response parameter factor is generated by multiplying its own private key and the second challenge parameter using an elliptic curve scalar multiplication operation. At the satellite node, the second response parameter factor is generated by multiplying its own randomly generated number and the user's spacecraft's public key using an elliptic curve scalar multiplication operation. The formulas for the generated parameters differ between the two parties, but if verification is successful, the result of the parameter calculation is the same.

[0079] Specifically, the session key negotiation and verification operations between the user spacecraft and the on-board node are all completed by the core computing units of their respective authentication modules. The core computing units rely on elliptic curve cryptography to calculate the negotiation parameters and use the SHA-256 hash algorithm to perform hash operations related to session key generation and verification. All calculations are completed locally on the node without involving additional network data interaction. When the user spacecraft calculates the first negotiation parameters, it retrieves the cryptographically secure random number used to generate the first challenge parameter and its own elliptic curve private key from its local secure storage unit. It also parses and extracts the on-board node's public key from the on-board node's digital certificate and extracts the second challenge parameter sent by the on-board node. The core computing unit combines and calculates the above parameters based on the P-256 elliptic curve parameters to obtain the unique first negotiation parameters.

[0080] When calculating the second negotiation parameters, the on-board node retrieves the cryptographically secure random number used to generate the second challenge parameters and its own elliptic curve private key from the local secure storage unit, extracts the user's public key from the user's digital certificate, and extracts the first challenge parameters sent by the user's spacecraft. It then performs a combination operation according to the same elliptic curve arithmetic rules to obtain the exclusive second negotiation parameters.

[0081] After generating their respective negotiation parameters, the user spacecraft combines the first negotiation parameter with the second negotiation parameter corresponding to the on-board node, and the on-board node combines the second negotiation parameter with the first negotiation parameter corresponding to the user spacecraft. Both parties use the SHA-256 hash algorithm to perform a hash operation on the combined parameters. Based on the parameter consistency of two-way cryptographic verification, they can ultimately generate completely identical session keys. The generated session keys are stored in their respective secure storage units, and a segmented encryption storage mechanism is used to prevent key leakage. When the user spacecraft generates verification parameters, it first concatenates its own generated session key with the second response parameter factor in a preset order to obtain preset associated parameters. Then, it retrieves the negotiated session key from the secure storage unit and uses this session key to perform a SHA-256 hash operation on the preset associated parameters. The resulting fixed-length hash value is the verification parameter, which is then sent to the on-board node.

[0082] After receiving the verification parameters, the on-board node will concatenate its own generated session key with the second response parameter factor in the same order to obtain a preset association parameter that is exactly the same as that of the user's spacecraft. Then, it will retrieve the locally generated session key and perform a SHA-256 hash operation on the preset association parameter to obtain the verification value. The core computing unit will then compare the verification value with the received verification parameters to determine the consistency. When the comparison results are completely consistent, the session key verification is deemed to have passed.

[0083] The method provided in this invention uses the core parameters of the two-way cryptographic verification process as the basis for session key negotiation, deeply binding the generation of the session key with the legitimate two-way identity verification result. This ensures that only user spacecraft and on-board nodes that have completed legitimate two-way authentication can generate the same session key through corresponding parameter calculations, thus guaranteeing the legitimacy and unique matching of the session key from the root. Simultaneously, relying on the unique preset association parameters formed by the cascading of the self-generated session key and the second response parameter factor, a hash verification of the session key is completed. This allows the on-board node to accurately confirm whether the session keys generated by both parties are completely consistent and have not been tampered with. Through this unique verification logic, the possibility of parameter tampering or key inconsistency during key negotiation is completely eliminated, ensuring the validity and security of the negotiated session key. The generated session key is encrypted and stored, providing high-strength key support for subsequent encrypted communication between the on-board node and the user spacecraft in Earth-Moon space. This ensures that the communication data of both parties is effectively encrypted and protected during transmission, thoroughly guaranteeing the security of communication data transmission after autonomous identity authentication on the Earth-Moon space satellite from the key level, forming a complete security closed loop for the entire identity authentication and encrypted communication process.

[0084] In one example, see Figure 4 The authentication process of the method provided in this embodiment of the invention specifically includes the following steps: The user aircraft (also known as the access aircraft (I)) generates random numbers through a random number generation unit. And calculate challenge parameters , will user aircraft certificate timestamp and challenge parameters Send to the satellite node (also known as the Earth-Moon communication node (S)).

[0085] Onboard nodes verify timestamps via time processing units. Whether it is within the allowed time window and uses the root public key through the credential verification unit. Verify the digital signature of the user's aircraft certificate to confirm the validity of the node certificate; if the timestamp is within the valid range and the certificate is valid, proceed with the next steps.

[0086] Onboard nodes extract the actual radio frequency characteristics of the user's spacecraft from the received signals through radio frequency feature extraction units. And calculate based on hash algorithm Subsequently, a judgment was made. Check if it matches the RFID fingerprint template in the user's aircraft certificate; if the match is successful, proceed to the next step.

[0087] On-board node computation and response parameters Then, random numbers are generated through a random number generation unit. y and calculate new challenge parameters Then he presented his certificate. Response parameters timestamp And new challenging parameters Send to the user's aircraft.

[0088] User aircraft verification timestamp and Star Node Certificate The actual radio frequency characteristics of the satellite node are extracted from the received signal by the radio frequency feature extraction unit. After being processed by a hash algorithm, it is generated ,Will Match the RF fingerprint template in the on-board node certificate; if the timestamp and certificate are valid and the RF fingerprint matches successfully, proceed with the next steps.

[0089] User aircraft calculations ,judge If the verification is successful, it confirms that the on-board node holds the legitimate private key corresponding to its certificate, and proceeds with the next steps.

[0090] User aircraft calculations and new response parameters Generate session key Then, use the session key to generate verification parameters. , response parameters timestamp and check parameters Send to the satellite node.

[0091] Onboard nodes verify timestamps via time processing units. Calculate whether it is within the allowed time window. ,judge If the timestamp is within the valid range and the equality check passes, a session key is generated. .

[0092] On-board nodes use the session key they have calculated to perform calculations. ,judge If the verification is successful, the session key negotiation is confirmed to be successful, the identity authentication is completed and encrypted communication is established; otherwise, the user's aircraft access is rejected and an authentication failure message is returned.

[0093] It should be understood that the specific meanings of the symbols provided in the embodiments of the present invention are shown in Table 1.

[0094] Table 1 As can be seen from S1-S6 above, the method provided by this embodiment of the invention sends an access request carrying a digital certificate, timestamp, and first challenge parameter from the user spacecraft. The on-board node completes the verification of the access request's legality and the user spacecraft's physical identity verification. Then, the on-board node's identity verification and two-way cryptographic verification are completed interactively. Finally, after negotiating and verifying the session key, encrypted communication is established or access is denied. It can achieve autonomous two-way identity authentication on the satellite by relying on multiple processes such as certificate verification, radio frequency fingerprint matching, and cryptographic interactive verification. There is no need for the ground management node to control the authentication process in real time. It is effectively adapted to the Earth-Moon space communication scenario, automates the access authentication and secure communication construction of the user spacecraft, eliminates illegal access behavior from the process, and improves the autonomy and security of Earth-Moon space identity authentication.

[0095] From another perspective, the beneficial effects provided by this invention are as follows: This invention constructs an autonomous on-board identity authentication mechanism in the Earth-Moon space, transforming the traditional authentication mode that relies on ground servers into a mode where only the registration phase requires the participation of the ground management center, while the authentication phase is completed autonomously by the on-board nodes; at the same time, it introduces a physical layer radio frequency fingerprint authentication mechanism, realizing the verification of the authenticity and uniqueness of the physical entity of the communication device on the basis of traditional cryptographic authentication, which can effectively resist device imitation, signal replay, and remote simulation attacks; this solution is designed for the Earth-Moon space network scenario, adapting to the on-demand access needs of user spacecraft in deep space environments such as low orbit, high orbit, and near-lunar orbit, breaking through the limitation of traditional space-ground collaborative authentication being only applicable to ground terminals; and it constructs a multi-layer authentication system, integrating digital certificate verification, physical layer feature matching, and elliptic curve cryptography challenge response verification, realizing dual verification of logical identity and physical device, greatly improving authentication security; in addition, it adopts a lightweight elliptic curve cryptography mechanism to complete authentication and key negotiation, reducing computation and storage overhead while ensuring security, perfectly adapting to the resource constraints of Earth-Moon space on-board nodes and user spacecraft.

[0096] This invention also provides a computer-readable storage medium storing at least one computer instruction, which is loaded and executed by a processor to implement the methods of the various embodiments described above. Explanations of the relevant content and descriptions of the beneficial effects of any of the computer-readable storage media provided above can be found in the corresponding embodiments described above, and will not be repeated here.

[0097] This invention also provides a chip. This chip integrates a control circuit for implementing the functions of the authentication system 100 described above, and one or more ports. Optionally, the functions supported by this chip are as described above, and will not be repeated here.

[0098] Those skilled in the art will understand that the program for implementing all or part of the steps of the above embodiments, which can be executed by a program instructing related hardware, can be stored in a computer-readable storage medium. The storage medium mentioned above can be a read-only memory, a random access memory, etc. The processing unit or processor mentioned above can be a central processing unit, a general-purpose processor, an application-specific integrated circuit (ASIC), a microprocessor (DSP), a field-programmable gate array (FPGA), or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof.

[0099] This invention also provides a computer program product containing instructions that, when executed on a computer, cause the computer to perform any of the methods described in the above embodiments. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or part of the flow or function according to the embodiments of this invention is generated. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another. For example, computer instructions can be transmitted from one website, computer, server, or data center to another via wired (e.g., coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium accessible to a computer or a data storage device such as a server or data center that integrates one or more available media. The available medium can be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., SSD), etc.

[0100] It should be noted that the devices for storing computer instructions or computer programs provided in the embodiments of the present invention, such as, but not limited to, the aforementioned memory, computer-readable storage medium, and communication chip, are all non-transitory. Those skilled in the art should recognize that the functions described in the embodiments of the present invention in one or more of the above examples can be implemented using hardware, software, firmware, or any combination thereof. When implemented using software, these functions can be stored in a computer-readable storage medium or transmitted as one or more instructions or code on a computer-readable storage medium. Computer-readable storage media include computer storage media and communication media, wherein communication media include any medium that facilitates the transmission of computer programs from one place to another. Storage media can be any available medium accessible to general-purpose or special-purpose computers.

[0101] Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention. Those skilled in the art can make changes, modifications, substitutions and variations to the above embodiments within the scope of the present invention.

Claims

1. A method for autonomous identity authentication on a satellite in Earth-Moon space, characterized in that, An autonomous identity authentication system for Earth-Moon space is applied, comprising an on-board node, a user spacecraft, and a ground management node. The user spacecraft has pre-completed registration and initialization through the ground management node and obtained a digital certificate containing its own radio frequency fingerprint template and a system root public key. The on-board node pre-stores the system root public key and the digital certificate containing its own radio frequency fingerprint template. The method includes: The user spacecraft sends an access request to the on-board node, the access request carrying the user spacecraft's digital certificate, timestamp, and first challenge parameter; The on-board node verifies the legitimacy of the access request based on the system root public key, extracts the actual radio frequency characteristics of the user's aircraft, and matches them with the radio frequency fingerprint template in the digital certificate to complete the physical authentication of the user's aircraft. The on-board node calculates and generates a first response parameter based on its own private key and the first challenge parameter, and at the same time generates a second challenge parameter, and sends feedback information to the user spacecraft carrying the digital certificate, timestamp, first response parameter and second challenge parameter of the on-board node; The user spacecraft verifies the validity of the feedback information based on the system root public key, extracts the actual radio frequency characteristics of the on-board node, and matches them with the radio frequency fingerprint template in the on-board node's digital certificate to complete the physical authentication of the on-board node. The user spacecraft performs cryptographic validity verification on the first response parameter, then calculates and generates a second response parameter based on its own private key and the second challenge parameter and sends it to the satellite node. The satellite node performs cryptographic validity verification on the second response parameter, thus completing the two-way cryptographic verification between the two parties. The user spacecraft and the on-board node negotiate and generate a session key based on bidirectional cryptographic verification parameters. The on-board node verifies the session key. If the verification is successful, on-board autonomous identity authentication is completed and encrypted communication is established. If the verification fails, the user spacecraft's access request is rejected.

2. The method according to claim 1, characterized in that, The first challenge parameter is a parameter obtained by performing a scalar multiplication operation between the random number generated by the user spacecraft and the elliptic curve base point; the second challenge parameter is a parameter obtained by performing a scalar multiplication operation between the random number generated by the on-board node and the elliptic curve base point.

3. The method according to claim 1, characterized in that, The on-board node verifies the legitimacy of the access request based on the system root public key, including: Verify whether the timestamp in the access request is within a preset valid time window; The signature validity of the user's aircraft digital certificate is verified using the system's root public key, and the validity period information of the digital certificate is checked at the same time. The access request is deemed valid only if the timestamp verification is successful, the certificate signature is valid, and the certificate is within its validity period.

4. The method according to claim 1, characterized in that, The on-board node extracts the actual radio frequency characteristics of the user's spacecraft and matches them with the radio frequency fingerprint template in the digital certificate to complete the physical authentication of the user's spacecraft, including: The on-board node extracts actual radio frequency features from the received user spacecraft radio frequency signals. The actual radio frequency features include at least one of carrier frequency deviation, phase noise, and modulation nonlinear distortion. Perform a hash operation on the actual radio frequency characteristics to generate an actual radio frequency fingerprint; The actual radio frequency fingerprint is matched with the radio frequency fingerprint template in the digital certificate. When the similarity is greater than a preset threshold, the physical authentication of the user's aircraft is determined to be successful.

5. The method according to claim 1, characterized in that, The first response parameter is the result of the elliptic curve scalar multiplication of the on-board node with its own private key and the first challenge parameter, and the result is concatenated with the timestamp in the feedback information and then hashed. The second response parameter is the result of the elliptic curve scalar multiplication of the user spacecraft with its own private key and the second challenge parameter, and the result is concatenated with the timestamp sent along with the second response parameter and then hashed.

6. The method according to claim 5, characterized in that, The user aircraft performs cryptographic validity verification on the first response parameter, including: The user spacecraft performs the same calculations as the on-board node based on its own generated random number, the public key of the on-board node, and the timestamp in the feedback information to obtain verification parameters; the verification parameters are compared with the received first response parameters; when the comparison results are consistent, the cryptographic validity verification of the first response parameters is determined to be successful. The on-board node performs cryptographic validity verification on the second response parameter, including: The on-board node performs the same calculations as the user spacecraft based on its own generated random number, the user spacecraft's public key, and the timestamp sent by the user spacecraft along with the second response parameter, to obtain the verification parameter; the verification parameter is then compared with the received second response parameter for consistency; when the comparison results are consistent, the cryptographic validity verification of the second response parameter is deemed successful.

7. The method according to claim 1, characterized in that, The user aircraft verifies the validity of the feedback information based on the system root public key, including: Verify whether the timestamp in the feedback information is within a preset valid time window; The signature validity of the on-board node digital certificate is verified using the system root public key, and the validity period information of the digital certificate is checked at the same time. The validity of the feedback information is deemed to have been verified only if the timestamp verification is successful, the certificate signature is valid, and the certificate is within its validity period.

8. The method according to claim 1, characterized in that, The user spacecraft extracts the actual radio frequency characteristics of the on-board node and matches them with the radio frequency fingerprint template in the on-board node's digital certificate to complete the physical authentication of the on-board node, including: The user spacecraft extracts actual radio frequency features from the received on-board node radio frequency signals. The actual radio frequency features include at least one of carrier frequency deviation, phase noise, and modulation nonlinear distortion. Perform a hash operation on the actual radio frequency characteristics to generate an actual radio frequency fingerprint; The actual radio frequency fingerprint is matched with the radio frequency fingerprint template in the digital certificate of the satellite node. When the similarity is greater than a preset threshold, the physical authentication of the satellite node is determined to be successful.

9. The method according to claim 1, characterized in that, The user spacecraft and the on-board node negotiate and generate a session key based on bidirectional cryptographic verification parameters, and the on-board node verifies the session key, including: The user spacecraft calculates a first negotiation parameter based on its own generated random number, the on-board node's public key, its own private key, and the second challenge parameter; the on-board node calculates a second negotiation parameter based on its own generated random number, the user spacecraft's public key, its own private key, and the first challenge parameter. The user spacecraft and the on-board node perform hash operations based on the first negotiation parameter and the second negotiation parameter respectively to generate the same session key; The user spacecraft uses the session key to perform a hash operation on the preset associated parameters to generate verification parameters and sends them to the on-board node. The on-board node uses its own generated session key to perform a hash operation on the same preset associated parameters to obtain a verification value. The preset associated parameters are parameters obtained by concatenating its own generated session key with the second response parameter factor. The on-board node compares the verification value with the received verification parameters for consistency. If the comparison is consistent, the session key verification is deemed successful.

10. An autonomous identity authentication system for satellites in Earth-Moon space, characterized in that, The system includes on-board nodes, user aircraft, and ground management nodes. The user aircraft has pre-completed registration and initialization through the ground management nodes and obtained a digital certificate containing its own radio frequency fingerprint template and the system root public key. The on-board nodes pre-store the system root public key and the digital certificate containing its own radio frequency fingerprint template. The user spacecraft is used to send an access request to the on-board node. The access request carries the user spacecraft's digital certificate, timestamp, and first challenge parameter. The on-board node is used to verify the legitimacy of access requests based on the system root public key, and to extract the actual radio frequency characteristics of the user's aircraft and match them with the radio frequency fingerprint template in the digital certificate to complete the physical identity verification of the user's aircraft. The on-board node is used to calculate and generate a first response parameter based on its own private key and the first challenge parameter, and at the same time generate a second challenge parameter, and send feedback information to the user's spacecraft carrying the on-board node's digital certificate, timestamp, first response parameter and second challenge parameter; The user aircraft is used to verify the validity of feedback information based on the system root public key, and to extract the actual radio frequency characteristics of the on-board node and match them with the radio frequency fingerprint template in the on-board node's digital certificate to complete the physical authentication of the on-board node. The user spacecraft is used to perform cryptographic validity verification on the first response parameter, and then calculate and generate the second response parameter based on its own private key and the second challenge parameter and send it to the satellite node. The on-board node is used to perform cryptographic validity verification on the second response parameter, thus completing two-way cryptographic verification between the two parties. The user spacecraft and the on-board node are used to negotiate parameters based on two-way cryptographic verification to generate a session key; The on-board node is used to verify the session key. If the verification is successful, the on-board autonomous identity authentication is completed and encrypted communication is established. If the verification fails, the access request from the user's spacecraft is rejected.