Group device bulk authentication and authorization method based on quantum trust anchor
By constructing a group quantum trust architecture with root anchor-sub-anchor bidirectional binding and quantum teleportation technology, the problems of low efficiency and insufficient security in batch authentication and authorization of group devices are solved, and efficient and secure group device management is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Filing Date
- 2026-05-29
- Publication Date
- 2026-07-14
AI Technical Summary
In existing technologies, batch authentication and authorization of group devices suffer from inefficiency and insufficient security. Traditional trust anchors are easily forged and tampered with, and there is a lack of an overall trust control mechanism, making it difficult to meet the needs of rapid access for a large number of devices.
A group quantum trust architecture with root anchor-sub-anchor bidirectional binding is constructed. A real-time trust synchronization channel is established by combining quantum teleportation technology. Through the quantum no-cloning theorem and the deep binding of sub-anchors with the physical fingerprints of device hardware, unified management and synchronization are achieved, thereby improving authentication efficiency and security.
It significantly improves the efficiency of batch authentication of group devices, eliminates the risk of trust anchor forgery and tampering, realizes overall trust control at the group level, and meets the needs of secure and efficient access and management of large-scale devices.
Smart Images

Figure CN122394792A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of group device authentication and authorization technology, specifically a group device batch authentication and authorization method based on quantum trust anchors. Background Technology
[0002] A group of devices refers to a collection of terminal devices that are functionally related, belong to the same management entity, or serve the same application scenario. This is commonly seen in IoT sensor clusters, industrial control system terminal groups, and smart park terminal collections. Batch authentication and authorization of group devices refers to the process of simultaneously verifying the identity and legitimacy of a large number of devices within a group and granting them corresponding operating permissions according to preset rules. Its core significance lies in ensuring the secure and controllable collaborative operation of group devices, reducing the complexity of large-scale device access and management, and is a key technology supporting the implementation of large-scale device application scenarios.
[0003] As the scale of device networking continues to expand, the security shortcomings of traditional authentication and authorization technologies are becoming increasingly apparent. The emergence of quantum trust anchors offers a new approach to solving this problem. Based on core properties of quantum mechanics such as the no-cloning theorem and the uncertainty principle, the quantum trust anchor generates quantum features that possess natural resistance to forgery and cracking. Applying quantum trust anchors to batch authentication and authorization of group devices can fundamentally overcome the security bottlenecks of traditional trust mechanisms based on software encryption or single hardware identifiers, providing a higher level of security for establishing trust among group devices.
[0004] However, existing technologies for batch authentication and authorization of group devices have certain shortcomings. They mostly adopt a single-device independent trust anchor deployment mode, where each device needs to perform key negotiation and identity verification processes separately. The authentication steps are cumbersome and inefficient, making it difficult to adapt to the rapid access needs of large-scale group devices. Traditional trust anchors mostly rely on software encryption algorithms or simple hardware identifiers, which are easily forged and tampered with. The security of the trust anchors themselves is insufficient, leading to security vulnerabilities in the authentication and authorization system. The lack of effective trust synchronization and unified management mechanisms between independently deployed trust anchors makes it impossible to achieve overall trust control at the group level, further exacerbating the contradiction between security and efficiency in batch authentication. Therefore, developing a batch authentication and authorization method for group devices based on quantum trust anchors is of great significance. Summary of the Invention
[0005] The purpose of this invention is to overcome the shortcomings of existing technologies and provide a group device batch authentication and authorization method based on quantum trust anchors. It can significantly improve the efficiency of group device batch authentication by constructing a group quantum trust architecture with root anchor-sub-anchor bidirectional binding and establishing a real-time trust synchronization channel in combination with quantum teleportation technology. By utilizing the quantum no-cloning theorem and the deep binding between sub-anchors and device hardware physical fingerprints, the risk of trust anchor forgery and tampering is eliminated at the physical layer, thereby improving the security of the authentication and authorization system. Through the unified management and quantum state synchronization of all sub-anchors by the main quantum trust anchor root node, overall trust control at the group level is achieved.
[0006] To solve the above-mentioned technical problems, the present invention provides the following technical solution: a method for batch authentication and authorization of group devices based on quantum trust anchors, the method comprising the following steps: S1. Construct a group quantum trust architecture, deploy the main quantum trust anchor root node in the group control center, assign distributed sub-anchor points with quantum entanglement characteristics to each device in the group, and deeply bind each sub-anchor point to the hardware physical fingerprint of the corresponding device. S2. Employing quantum teleportation technology, the master quantum trust anchor root node establishes a real-time trust synchronization channel with all distributed sub-anchors, enabling real-time interaction and updating of quantum state information between the two. S3. When a group of devices initiates a batch authentication request, the group control center verifies the validity of the quantum state association between the sub-anchor points and the root node of each device through the main quantum trust anchor root node. When the quantum state association between the sub-anchor points and the root node meets the preset trust conditions, the corresponding device is deemed to be legitimate, and the batch identity confirmation is completed. S4. Based on the batch authentication results, the main quantum trust anchor root node sends authorization instructions to the sub-anchors corresponding to all legitimate devices. After receiving the authorization instructions, the sub-anchors grant the corresponding devices preset operation permissions.
[0007] Furthermore, step S1 includes the following steps when constructing the group quantum trust architecture: The group control center initializes and configures the root node of the master quantum trust anchor, generates a root node-specific quantum reference state, and presets the quantum key pool and trust rules; Based on the quantum reference state of the root node, several sets of matching distributed quantum states are generated through quantum entanglement distribution technology. Each set of distributed quantum states serves as the core feature of the sub-anchor point of the corresponding single device. Extract the original hardware physical fingerprint information of each device, irreversibly fuse the core quantum features of the sub-anchor point with the original information, complete the binding of the sub-anchor point with the device, activate the sub-anchor point and feed its status information back to the main quantum trust anchor root node for filing. The core feature calculation formula for fusion processing is: ,in, This refers to the fusion feature value of the sub-anchor point and the hardware physical fingerprint. The core quantum characteristic quantization value of the sub-anchor point. The quantized value of the raw information of the hardware physical fingerprint. The fusion coefficient is... Based on the correlation analysis between the hardware type of group devices and the stability of quantum features, it is determined that the quantum feature drift data and hardware fingerprint consistency data of the same type of devices are collected offline and fitted by the least squares method.
[0008] Furthermore, step S2, when establishing a real-time trusted synchronization channel, includes the following steps: The master quantum trust anchor root node sends a quantum teleportation channel establishment request to all bound sub-anchors, and the request carries the root node's quantum identity identifier. After receiving the request, each sub-anchor point generates a quantum response packet based on the device information it is bound to. The quantum response packet contains the quantum state fragment of the sub-anchor point and the device hardware identifier digest. The quantum response packet is then fed back to the root node. The root node performs consistency verification on the quantum response packets of all sub-anchors. After the verification is successful, an independent quantum transmission link is allocated to each sub-anchor, a point-to-point real-time trusted synchronization channel is constructed, and the quantum state synchronization period is set.
[0009] Furthermore, step S3, in verifying the validity of quantum state correlations, includes the following steps: The devices to be authenticated within the group simultaneously send batch authentication requests to the group control center. Each authentication request carries the quantum state verification fragment of the corresponding sub-anchor point and the device identifier. The group control center aggregates all authentication requests, associates the quantum state verification fragment in the request with the device identifier, and transmits it to the master quantum trust anchor root node; The root node calls its own stored quantum reference state and sub-anchor point registration information to perform association matching operations on the quantum state verification fragment of each sub-anchor point; Based on the calculation results, determine whether the quantum state association between the sub-anchor point and the root node meets the preset conditions, classify and summarize the authentication results of all devices, complete the identity confirmation and authorization determination of all devices, and feed back to the group control center; The formula for calculating the association matching operation is: ,in, This represents the value of the quantum state correlation matching result. This is the calculated value for quantum state fidelity. This is a measurement of quantum entanglement. and To match weights, and The security requirements for application scenarios based on group devices are prioritized and determined by the group control center through dynamic calibration of trust parameters during the quantum key negotiation process, based on preset trust rules and the security level standards of the industry to which the devices belong.
[0010] Furthermore, in step S1, the deep binding between the sub-anchor point and the device hardware physical fingerprint adopts a hardware-level writing method. The chip physical defect characteristics, circuit transmission delay characteristics, and hardware interface characteristics of the device are extracted as the core components of the hardware physical fingerprint. The quantum characteristics of the sub-anchor point and the core components are fused together using a quantum encryption algorithm to form an inseparable binding relationship. The binding process is completed offline during the device factory initialization stage.
[0011] Furthermore, in step S2, the quantum teleportation channel is deployed using a bidirectional quantum channel. The quantum state information transmitted within the channel is processed using entanglement-assisted quantum error correction coding. The master quantum trust anchor root node and the sub-anchor node are respectively configured with quantum error correction modules. The quantum error correction modules monitor the distortion during the quantum state transmission process and dynamically correct the distorted quantum state by extracting the correlation information of the quantum entangled particle pairs.
[0012] Furthermore, the verification criteria for the validity of quantum state correlation in step S3 include two core indicators: quantum state fidelity and quantum entanglement. Quantum state fidelity is determined by calculating the degree of overlap between the quantum state verification fragment of the sub-anchor point and the quantum reference state of the root node of the master quantum trust anchor. Quantum entanglement is determined by measuring the correlation strength of the quantum entangled particle pairs between the root node and the sub-anchor point. When the quantum state correlation between the sub-anchor point and the root node meets a preset standard, both quantum state fidelity and quantum entanglement reach the corresponding preset threshold. The formula for calculating the comprehensive threshold of the preset standard is as follows: ,in, The comprehensive verification threshold for the validity of quantum state correlations. An independent threshold for quantum state fidelity. This is an independent threshold for the degree of quantum entanglement. For threshold allocation coefficients, The error rates of quantum state fidelity and entanglement in historical authentication data are deduced in reverse. The contribution ratio of the two types of indicators in authentication error cases is obtained by analyzing the confusion matrix of the offline verification dataset.
[0013] Furthermore, the authorization instruction issued in step S4 includes an authorization identifier, authorization validity period, and operation scope restriction information. The authorization instruction is encrypted using the quantum key of the main quantum trust anchor root node. After receiving the authorization instruction, the sub-anchor node decrypts the instruction using a preset quantum decryption algorithm, verifies the quantum signature in the instruction, and stores the authorization information in the device's secure storage area after successful verification. An authorization log is generated and fed back to the group control center. The authorization log includes the device identifier, authorization time, and details of the authorization content.
[0014] Furthermore, step S1, constructing the group quantum trust architecture, and step S2, establishing the real-time trust synchronization channel, also include a dynamic expansion process for the group quantum trust architecture: when a new device joins the group, the main quantum trust anchor root node generates a new sub-anchor point with quantum entanglement characteristics based on its own quantum reference state, and sends the new sub-anchor point to the new device through quantum key encryption transmission. After the new device completes the binding of the sub-anchor point with its own hardware physical fingerprint, it sends binding confirmation information to the root node. After the root node verifies the validity of the confirmation information, it includes the new sub-anchor point in the real-time trust synchronization channel, completing the access of the new device and the update of the group trust system.
[0015] Compared with existing technologies, this group device batch authentication and authorization method based on quantum trust anchors has the following advantages: This invention constructs a group quantum trust architecture with bidirectional binding between root anchors and sub-anchors, and establishes a real-time trust synchronization channel by combining quantum teleportation technology. This avoids the cumbersome key negotiation process of independent authentication for single devices, significantly improving the efficiency of batch authentication for group devices. By utilizing the quantum no-cloning theorem and the deep binding between sub-anchors and the physical fingerprints of device hardware, the risk of trust anchor forgery and tampering is eliminated at the physical layer, greatly improving the security of the authentication and authorization system. Through the unified management and quantum state synchronization of all sub-anchors by the main quantum trust anchor root node, overall trust control at the group level is achieved, effectively solving the core contradiction of difficulty in balancing security and efficiency in traditional technologies, and meeting the needs of secure and efficient access and management of large-scale group devices.
[0016] Other advantages, objectives and features of the invention will be set forth in part in the description which follows, and in part will be apparent to those skilled in the art from the following examination or study, or may be learned from the practice of the invention. Attached Figure Description
[0017] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the accompanying drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are merely some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without any creative effort.
[0018] Figure 1 A flowchart illustrating a group device batch authentication and authorization method based on quantum trust anchors; Figure 2 A flowchart illustrating a group device batch authentication and authorization method based on quantum trust anchors; Figure 3 A flowchart for establishing a real-time trust synchronization channel in a group device batch authentication and authorization method based on quantum trust anchors. Detailed Implementation
[0019] To further illustrate the technical means and effects of the present invention in achieving its intended purpose, the following detailed description of the specific implementation methods, structures, features, and effects of the present invention, in conjunction with the accompanying drawings and preferred embodiments, is provided below.
[0020] The method for batch authentication and authorization of group devices based on quantum trust anchors provided by this invention clarifies the complete technical solution. See [link to relevant documentation]. Figure 1 , Figure 2 and Figure 3 The core content is as follows: This method first constructs a group-based quantum trust architecture, deploys a master quantum trust anchor node in the group control center, assigns distributed sub-anchors with quantum entanglement features to each device in the group, and deeply binds the sub-anchors to the device's hardware physical fingerprint. The binding adopts a hardware-level writing method, extracting core hardware features such as chip physical defects and circuit transmission delays, fusing them into an inseparable relationship through a quantum encryption algorithm, and completing this offline during the device's factory initialization phase.
[0021] Subsequently, quantum teleportation technology is used to establish a real-time trusted synchronization channel between the root node and all sub-anchors. The channel is a two-way quantum channel, and the transmitted information uses entanglement-assisted quantum error correction coding. Both the root node and the sub-anchors are equipped with quantum error correction modules to dynamically correct distorted quantum states, realizing real-time interactive updates of quantum state information.
[0022] When a group of devices initiates a batch authentication request, the group control center verifies the validity of the quantum state association between each sub-anchor point and the root node through the root node. The verification criteria include two core indicators: quantum state fidelity and quantum entanglement. If the preset threshold is met, the device identity is determined to be legitimate, and the batch identity confirmation is completed.
[0023] After successful authentication, the root node sends an authorization command to the sub-anchor points of the legitimate devices. The command contains information such as permission identifier and validity period. After being encrypted with a quantum key, the sub-anchor points decrypt and verify the information, grant the device the preset permissions, and generate an authorization log to be fed back to the control center.
[0024] Furthermore, the solution includes a dynamic expansion process for the group quantum trust architecture. When a new device joins, the root node generates a new sub-anchor point and distributes it in encryption. After the new device completes the binding, it connects to the trust synchronization channel. Simultaneously, the specific operational steps for each stage, such as architecture construction, channel establishment, and association verification, are clearly defined to ensure the feasibility of the method. The security and efficiency of authentication and authorization are guaranteed through the characteristics of quantum technology and hardware binding.
[0025] Example 1 This embodiment applies to a batch authentication and authorization scenario for a cluster of terminal devices in a smart park. This smart park contains a massive number of interconnected terminal devices, including IoT sensors, smart access control terminals, and environmental monitoring equipment. All devices are centrally managed by the park's management center. An efficient and secure batch authentication and authorization mechanism is needed to ensure the secure and controllable collaborative operation of these devices, while also meeting the requirements for large-scale, rapid access and unified management of park devices. (See also...) Figure 1 and Figure 2 The specific content of this embodiment is as follows: First, the group quantum trust architecture is constructed. The park management center, acting as the group control center, deploys the master quantum trust anchor root node internally. Initialization configuration is performed on this root node, generating its own quantum reference state. Simultaneously, a quantum key pool and trust rules are preset, laying the foundation for subsequent authentication and authorization processes. Based on the root node's quantum reference state, quantum entanglement distribution technology is used to generate several sets of matching distributed quantum states. Each set of distributed quantum states serves as the core feature of a sub-anchor point for a corresponding single park terminal device. Subsequently, the original hardware physical fingerprint information of each terminal device is extracted, specifically extracting the device's chip physical defect characteristics, circuit transmission delay characteristics, and hardware interface characteristics as the core components of the hardware physical fingerprint.
[0026] In the specific implementation of this embodiment, the core quantum features of the sub-anchor point and the original information of the hardware physical fingerprint need to be irreversibly fused. The calculation formula for the core features of the fusion process is as follows: .in This refers to the fusion feature value of the sub-anchor point and the hardware physical fingerprint. The core quantum characteristic quantization value of the sub-anchor point. The quantized value of the raw information of the hardware physical fingerprint. This is the fusion coefficient. Based on the correlation analysis between the hardware type of terminal devices within the park and the stability of quantum characteristics, it was determined that the quantum characteristic drift data and hardware fingerprint consistency data of similar devices were collected offline and fitted using the least squares method. After the fusion processing was completed, the sub-anchor points were bound to the corresponding devices, the sub-anchor points were activated, and their status information was fed back to the main quantum trust anchor root node for record-keeping. At this point, the group quantum trust architecture was completed.
[0027] Next, a real-time trust synchronization channel is established. The master quantum trust anchor root node sends a quantum teleportation channel establishment request to all bound sub-anchors, carrying the root node's quantum identity identifier in the request. Upon receiving the request, each sub-anchor generates a quantum response packet based on its bound campus terminal device information. The quantum response packet contains a quantum state fragment of the sub-anchor and a device hardware identifier digest, and then feeds the quantum response packet back to the root node. The root node performs a consistency check on the quantum response packets of all sub-anchors. If the check passes, an independent quantum transmission link is allocated to each sub-anchor, constructing a point-to-point real-time trust synchronization channel and setting the quantum state synchronization period. See also... Figure 3 In this embodiment, the quantum teleportation channel is deployed using a bidirectional quantum channel. The quantum state information transmitted within the channel is processed using entanglement-assisted quantum error correction coding. The main quantum trust anchor root node and the sub-anchor node are respectively configured with quantum error correction modules. The quantum error correction modules monitor the distortion during the quantum state transmission process and dynamically correct the distorted quantum state by extracting the correlation information of the quantum entangled particle pairs, ensuring that the real-time interaction and updating of quantum state information are accurate and reliable.
[0028] When a terminal device within the park needs to access the system, all devices simultaneously send a batch authentication request to the park management center. Each authentication request carries a quantum state verification fragment of the corresponding sub-anchor and a device identifier. The park management center aggregates all authentication requests, associates the quantum state verification fragment with the device identifier in the request, and transmits it to the main quantum trust anchor root node. The root node calls its stored quantum reference state and sub-anchor registration information to perform association matching operations on the quantum state verification fragment of each sub-anchor.
[0029] In the specific implementation of this embodiment, the calculation formula for the association matching operation is as follows: .in This represents the value of the quantum state correlation matching result. This is the calculated value for quantum state fidelity. This is a measurement of quantum entanglement. and For matching weights. and The priority of security requirements for application scenarios based on the park's terminal equipment is determined by the park management center through dynamic calibration of trust parameters during the quantum key negotiation process, based on preset trust rules and the security level standards of the industry to which the equipment belongs. The verification of the validity of quantum state correlation includes two core indicators: quantum state fidelity and quantum entanglement. Quantum state fidelity is determined by calculating the degree of overlap between the quantum state verification fragment of the sub-anchor point and the quantum reference state of the root node of the master quantum trust anchor. Quantum entanglement is determined by measuring the correlation strength of the quantum entangled particle pairs between the root node and the sub-anchor point.
[0030] In the specific implementation of this embodiment, when the quantum state correlation between the sub-anchor point and the root node meets the preset standard, both the quantum state fidelity and the quantum entanglement degree reach the corresponding preset threshold. The formula for calculating the comprehensive threshold of the preset standard is as follows: .in The comprehensive verification threshold for the validity of quantum state correlations. An independent threshold for quantum state fidelity. This is an independent threshold for the degree of quantum entanglement. The threshold allocation coefficient. Based on the error rates of quantum state fidelity and entanglement in historical authentication data, the values are determined by reverse derivation. The contribution percentage of these two indicators in authentication error cases is calculated through confusion matrix analysis of the offline verification dataset. The root node determines whether the quantum state association between the sub-anchor point and the root node meets preset conditions based on the association matching operation results. The authentication results of all devices are then categorized and summarized to complete the identity verification of all devices and report back to the park management center.
[0031] Based on the batch authentication results, the master quantum trust anchor root node issues authorization instructions to the sub-anchor nodes corresponding to all legitimate campus terminal devices. The authorization instructions include permission identifiers, permission validity periods, and operational scope restrictions. These instructions are encrypted using the master quantum trust anchor root node's quantum key. Upon receiving the authorization instructions, the sub-anchor nodes decrypt them using a preset quantum decryption algorithm, verify the quantum signature within the instructions, and, upon successful verification, store the permission information in the device's secure storage area. This grants the corresponding device preset operational permissions, and simultaneously generates an authorization log, which is then sent to the campus management center. The authorization log contains the device identifier, authorization time, and detailed permission information.
[0032] When a new terminal device joins the park's device group, the main quantum trust anchor root node generates a new sub-anchor point with quantum entanglement characteristics based on its own quantum reference state. The new sub-anchor point is then sent to the new device via quantum key encryption. After the new device completes the binding of the sub-anchor point with its own hardware physical fingerprint, it sends a binding confirmation message to the root node. After the root node verifies the validity of the confirmation message, it includes the new sub-anchor point in the real-time trust synchronization channel, thus completing the access of the new device and the update of the group trust system.
[0033] In summary, this embodiment applies a group device batch authentication and authorization method based on quantum trust anchors in a smart park terminal device cluster scenario. It constructs a group quantum trust architecture with root anchor-sub-anchor bidirectional binding and establishes a real-time trust synchronization channel using quantum teleportation technology. This effectively avoids the cumbersome key negotiation process of independent authentication for single devices, significantly improving the batch authentication efficiency of large-scale terminal devices within the park. By leveraging the quantum no-cloning theorem and the deep binding between sub-anchors and device hardware physical fingerprints, the risk of trust anchor forgery and tampering is eliminated at the physical layer, greatly enhancing the security of the authentication and authorization system. Through the unified management and quantum state synchronization of all sub-anchors by the main quantum trust anchor root node, overall trust control at the group level is achieved. This effectively solves the core contradiction of balancing security and efficiency in traditional technologies, meeting the needs of secure, efficient access, and unified management of large-scale terminal devices in smart parks, and providing reliable security for the collaborative operation of park devices.
[0034] Example 2 This embodiment applies to a batch authentication and authorization scenario for an industrial control system terminal group. This industrial control system includes various production control terminals, data acquisition devices, actuators, and other terminal devices. These devices must work collaboratively in strict accordance with industrial safety standards. The system must achieve efficient batch authentication of device access while meeting the stringent requirements of industrial scenarios for authentication and authorization security, stability, and real-time performance. It must also adapt to the dynamic adjustment needs of frequent additions and removals of devices in the industrial environment. (See [link to relevant documentation]). Figure 1 and Figure 2 The specific content of this embodiment is as follows: This embodiment, based on the previous embodiments, optimizes the construction and authentication authorization process of the group quantum trust architecture for industrial scenarios. First, the group quantum trust architecture is built. The industrial control center, acting as the group control center, deploys the main quantum trust anchor root node, completes the root node initialization configuration to generate a quantum reference state, and presets a quantum key pool and trust rules adapted to the industrial security level. Based on the root node quantum reference state, distributed quantum states are generated using quantum entanglement distribution technology as the core features of each industrial device's sub-anchor point. Physical defect features of the device chip, circuit transmission delay features, and hardware interface features are extracted as the core components of the hardware physical fingerprint.
[0035] In the specific implementation of this embodiment, irreversible fusion processing is used to achieve deep binding between sub-anchor points and devices. The core feature calculation formula for the fusion processing is as follows: The binding process employs a hardware-level writing method, fused with a quantum encryption algorithm to form an inseparable relationship. This is completed offline during the device's factory initialization phase. After activating the sub-anchor points, the status information is fed back to the root node for filing, thus completing the architecture construction.
[0036] During the real-time trust synchronization channel establishment phase, the master quantum trust anchor root node sends a channel establishment request carrying its own quantum identity to the bound sub-anchors. Each sub-anchor generates a quantum response packet containing quantum state fragments and a hardware identifier digest based on the bound industrial equipment information and sends it back. After the root node completes the response packet consistency verification, it allocates an independent quantum transmission link to each sub-anchor, constructs a point-to-point real-time trust synchronization channel, and sets the quantum state synchronization period. See also Figure 3 In this embodiment, the channel adopts a bidirectional quantum channel deployment. The transmitted quantum state information is processed by entanglement-assisted quantum error correction encoding. The quantum error correction module configured at the root node and sub-anchor point monitors the quantum state transmission distortion in real time. By extracting the correlation information of quantum entangled particle pairs, the distorted quantum state is dynamically corrected to ensure the stable and reliable interaction of quantum state information in industrial environments.
[0037] When a device within an industrial control system initiates a batch authentication request, all devices simultaneously send requests to the industrial control center. Each request carries a corresponding sub-anchor quantum state verification fragment and a device identifier. The control center then aggregates these requests and associates the quantum state verification fragments with the device identifiers, transmitting them to the main quantum trust anchor root node. The root node then retrieves the stored quantum reference state and sub-anchor registration information, performing association matching operations on each sub-anchor quantum state verification fragment.
[0038] In the specific implementation of this embodiment, the calculation formula for the association matching operation is as follows: The validity verification of quantum state correlation uses quantum state fidelity and quantum entanglement as core indicators. Quantum state fidelity is determined by calculating the degree of overlap between the quantum state verification fragment at the sub-anchor point and the quantum reference state at the root node, while quantum entanglement is determined by measuring the correlation strength of the quantum entangled particle pairs between the two.
[0039] In the specific implementation of this embodiment, the formula for calculating the comprehensive threshold for the correlation between the sub-anchor point and the root node quantum state to meet the preset standard is as follows: The root node determines the legitimacy of the device's identity based on the calculation results, completes batch identity verification, and sends the results back to the industrial control center.
[0040] Based on the authentication result, the root node issues an authorization command to the sub-anchor points of legitimate devices. The command includes the permission identifier, validity period, and operation scope restrictions, and is encrypted using the root node's quantum key. Upon receiving the command, the sub-anchor point decrypts it using a preset quantum decryption algorithm, verifies the quantum signature in the command, and if successful, stores the permission information in the device's secure storage area and grants the preset operation permissions. Simultaneously, it generates an authorization log containing the device identifier, authorization time, and detailed permission content, and sends it back to the control center.
[0041] To address the dynamic adjustment needs of equipment in industrial scenarios, when a new device is added, the root node generates a new sub-anchor point based on its own quantum reference state, which is then transmitted to the new device via quantum key encryption. After the new device completes the binding of the sub-anchor point with its own hardware physical fingerprint, it sends a binding confirmation message. After the root node verifies the legitimacy, it includes the new sub-anchor point in the real-time trust synchronization channel, completing the new device access and group trust system update. When a device leaves, the root node deletes the registration information of the corresponding sub-anchor point, closes the relevant quantum transmission link, and updates the group trust architecture.
[0042] In summary, this embodiment, targeting the application scenario characteristics of industrial control system terminal groups, optimizes the authentication and authorization process and dynamic adaptation mechanism based on the aforementioned embodiments. By constructing a group quantum trust architecture adapted to industrial security requirements and establishing a highly stable real-time trust synchronization channel using quantum teleportation technology, it significantly improves the batch authentication efficiency of large-scale equipment in industrial scenarios, meeting the real-time requirements of industrial environments for authentication and authorization. Leveraging the quantum no-cloning theorem and the deep binding of sub-anchors with the physical fingerprints of device hardware, the risk of trust anchor forgery and tampering is eliminated at the physical layer, meeting the stringent security requirements of industrial scenarios. Through a dynamic expansion and contraction mechanism, the group trust system is rapidly adapted when industrial equipment is added or removed, effectively solving the problems of low efficiency, insufficient security, and poor adaptability in traditional industrial equipment authentication and authorization. This provides reliable security for the collaborative operation of industrial control system equipment, ensuring the stable and continuous operation of industrial production.
[0043] The above description is merely a preferred embodiment of the present invention and is not intended to limit the present invention in any way. Although the present invention has been disclosed above with reference to preferred embodiments, it is not intended to limit the present invention. Any person skilled in the art can make some modifications or alterations to the above-disclosed technical content to create equivalent embodiments without departing from the scope of the present invention. Any simple modifications, equivalent changes and alterations made to the above embodiments based on the technical essence of the present invention without departing from the scope of the present invention shall still fall within the scope of the present invention.
Claims
1. A method for batch authentication and authorization of group devices based on quantum trust anchors, characterized in that, The method includes the following steps: S1. Construct a group quantum trust architecture, deploy the main quantum trust anchor root node in the group control center, assign distributed sub-anchor points with quantum entanglement characteristics to each device in the group, and deeply bind each sub-anchor point to the hardware physical fingerprint of the corresponding device. S2. Employing quantum teleportation technology, the master quantum trust anchor root node establishes a real-time trust synchronization channel with all distributed sub-anchors, enabling real-time interaction and updating of quantum state information between the two. S3. When a group of devices initiates a batch authentication request, the group control center verifies the validity of the quantum state association between the sub-anchor points and the root node of each device through the main quantum trust anchor root node. When the quantum state association between the sub-anchor points and the root node meets the preset trust conditions, the corresponding device is deemed to be legitimate, and the batch identity confirmation is completed. S4. Based on the batch authentication results, the main quantum trust anchor root node sends authorization instructions to the sub-anchors corresponding to all legitimate devices. After receiving the authorization instructions, the sub-anchors grant the corresponding devices preset operation permissions.
2. The method for batch authentication and authorization of group devices based on quantum trust anchors according to claim 1, characterized in that, Step S1, when constructing the group quantum trust architecture, includes the following steps: The group control center initializes and configures the root node of the master quantum trust anchor, generates a root node-specific quantum reference state, and presets the quantum key pool and trust rules; Based on the quantum reference state of the root node, several sets of matching distributed quantum states are generated through quantum entanglement distribution technology. Each set of distributed quantum states serves as the core feature of the sub-anchor point of the corresponding single device. Extract the original hardware physical fingerprint information of each device, irreversibly fuse the core quantum features of the sub-anchor point with the original information, complete the binding of the sub-anchor point to the device, activate the sub-anchor point and feed back its status information to the main quantum trust anchor root node for registration.
3. The method for batch authentication and authorization of group devices based on quantum trust anchors according to claim 1, characterized in that, Step S2, when establishing a real-time trusted synchronization channel, includes the following steps: The master quantum trust anchor root node sends a quantum teleportation channel establishment request to all bound sub-anchors, and the request carries the root node's quantum identity identifier. After receiving the request, each sub-anchor point generates a quantum response packet based on the device information it is bound to. The quantum response packet contains the quantum state fragment of the sub-anchor point and the device hardware identifier digest. The quantum response packet is then fed back to the root node. The root node performs consistency verification on the quantum response packets of all sub-anchors. After the verification is successful, an independent quantum transmission link is allocated to each sub-anchor, a point-to-point real-time trusted synchronization channel is constructed, and the quantum state synchronization period is set.
4. The method for batch authentication and authorization of group devices based on quantum trust anchors according to claim 1, characterized in that, Step S3, when verifying the validity of quantum state correlations, includes the following steps: The devices to be authenticated within the group simultaneously send batch authentication requests to the group control center. Each authentication request carries the quantum state verification fragment of the corresponding sub-anchor point and the device identifier. The group control center aggregates all authentication requests, associates the quantum state verification fragment in the request with the device identifier, and transmits it to the master quantum trust anchor root node; The root node calls its own stored quantum reference state and sub-anchor point registration information to perform association matching operations on the quantum state verification fragment of each sub-anchor point; Based on the calculation results, determine whether the quantum state association between the sub-anchor point and the root node meets the preset conditions, classify and summarize the authentication results of all devices, complete the identity confirmation and authorization determination of all devices, and feed back to the group control center.
5. The method for batch authentication and authorization of group devices based on quantum trust anchors according to claim 1, characterized in that, In step S1, the deep binding of the sub-anchor point and the device hardware physical fingerprint adopts a hardware-level writing method. The chip physical defect characteristics, circuit transmission delay characteristics and hardware interface characteristics of the device are extracted as the core components of the hardware physical fingerprint. The quantum characteristics of the sub-anchor point and the core components are fused together by a quantum encryption algorithm to form an inseparable binding relationship. The binding process is completed offline during the device factory initialization stage.
6. The method for batch authentication and authorization of group devices based on quantum trust anchors according to claim 1, characterized in that, In step S2, the quantum teleportation channel is deployed using a bidirectional quantum channel. The quantum state information transmitted within the channel is processed using entanglement-assisted quantum error correction coding. The main quantum trust anchor root node and the sub-anchor node are respectively configured with quantum error correction modules. The quantum error correction modules monitor the distortion during the quantum state transmission process and dynamically correct the distorted quantum state by extracting the correlation information of the quantum entangled particle pairs.
7. The method for batch authentication and authorization of group devices based on quantum trust anchors according to claim 1, characterized in that, The verification criteria for the validity of quantum state correlation in step S3 include two core indicators: quantum state fidelity and quantum entanglement. Quantum state fidelity is determined by calculating the degree of overlap between the quantum state verification fragment of the sub-anchor point and the quantum reference state of the root node of the master quantum trust anchor. Quantum entanglement is determined by measuring the correlation strength of the quantum entangled particle pairs between the root node and the sub-anchor point. When the quantum state correlation between the sub-anchor point and the root node meets the preset standard, both quantum state fidelity and quantum entanglement reach the corresponding preset threshold.
8. The method for batch authentication and authorization of group devices based on quantum trust anchors according to claim 1, characterized in that, The authorization instruction issued in step S4 includes an authorization identifier, authorization validity period, and operation scope restriction information. The authorization instruction is encrypted using the quantum key of the main quantum trust anchor root node. After receiving the authorization instruction, the sub-anchor node decrypts the instruction using a preset quantum decryption algorithm, verifies the quantum signature in the instruction, and stores the authorization information in the device's secure storage area after successful verification. An authorization log is generated and fed back to the group control center. The authorization log includes the device identifier, authorization time, and details of the authorization content.
9. The method for batch authentication and authorization of group devices based on quantum trust anchors according to claim 1, characterized in that, The steps S1 (constructing the group quantum trust architecture) and S2 (establishing the real-time trust synchronization channel) also include a dynamic expansion process for the group quantum trust architecture: When a new device joins the group, the main quantum trust anchor root node generates a new sub-anchor point with quantum entanglement characteristics based on its own quantum reference state. The new sub-anchor point is sent to the new device through quantum key encryption. After the new device completes the binding of the sub-anchor point with its own hardware physical fingerprint, it sends binding confirmation information to the root node. After the root node verifies the validity of the confirmation information, it includes the new sub-anchor point in the real-time trust synchronization channel, thus completing the access of the new device and the update of the group trust system.