[go: up one dir, main page]

CN108900298A - Privately owned block chain honesty entity authentication cut-in method based on quantum cryptography watermark - Google Patents

Privately owned block chain honesty entity authentication cut-in method based on quantum cryptography watermark Download PDF

Info

Publication number
CN108900298A
CN108900298A CN201810754285.6A CN201810754285A CN108900298A CN 108900298 A CN108900298 A CN 108900298A CN 201810754285 A CN201810754285 A CN 201810754285A CN 108900298 A CN108900298 A CN 108900298A
Authority
CN
China
Prior art keywords
quantum cryptography
mobile terminal
quantum
honest
entity authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810754285.6A
Other languages
Chinese (zh)
Other versions
CN108900298B (en
Inventor
吴佳楠
张迪
宋立军
朱德新
陈丽
黄贺艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changchun University
Original Assignee
Changchun University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changchun University filed Critical Changchun University
Priority to CN201810754285.6A priority Critical patent/CN108900298B/en
Publication of CN108900298A publication Critical patent/CN108900298A/en
Application granted granted Critical
Publication of CN108900298B publication Critical patent/CN108900298B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

基于量子密码水印的私有区块链诚实节点认证接入方法,属于量子保密通信领域,该方法能够产生具有真随机性的安全密码,将其应用于数字水印技术中能够有效提高水印算法的安全性和稳健性,再结合具有唯一性和稳定性的指纹识别技术,较为可信的认证节点网络极大地减少了作假和攻击区块链的可能性,权限控制也能极大地减少风险。本发明提出的基于量子密码水印的私有区块链诚实节点认证接入方法可对区块链中的部分或全部接入节点进行诚实节点认证,进而使区块链内部分或全部节点完全可信。

The honest node authentication access method of private blockchain based on quantum cryptographic watermark belongs to the field of quantum secure communication. This method can generate a secure password with true randomness. Applying it to digital watermarking technology can effectively improve the security of watermarking algorithm And robustness, combined with unique and stable fingerprint recognition technology, a more credible authentication node network greatly reduces the possibility of fraud and attacking the blockchain, and authority control can also greatly reduce risks. The honest node authentication access method of the private block chain based on the quantum cryptography watermark proposed by the present invention can perform honest node authentication on some or all access nodes in the block chain, and then make some or all nodes in the block chain fully credible .

Description

基于量子密码水印的私有区块链诚实节点认证接入方法Authentication access method of honest nodes in private blockchain based on quantum cryptography watermark

技术领域technical field

本发明涉及量子保密通信领域,尤其是涉及一种基于量子密码水印的私有区块链诚实节点认证接入方法。The invention relates to the field of quantum secure communication, in particular to a method for authenticating and accessing private blockchain honest nodes based on quantum cryptography watermarks.

背景技术Background technique

区块链是一种去中心化的、不可篡改的、可信的分布式账本,它提供一套安全、稳定、透明、可审计且高效的记录交易以及数据信息交互的方式,可以存储数据,也可以运行应用程序。目前区块链技术主要应用在存在性证明、智能合约、物联网、身份验证、预测市场、资产交易、文件存储等领域。Blockchain is a decentralized, non-tamperable, and credible distributed ledger. It provides a safe, stable, transparent, auditable, and efficient way of recording transactions and data information interaction. It can store data, It is also possible to run applications. At present, blockchain technology is mainly used in proof of existence, smart contracts, Internet of Things, identity verification, prediction markets, asset transactions, file storage and other fields.

其特点如下:Its characteristics are as follows:

1)高度安全,不可篡改的分布式账本。1) Highly secure, non-tamperable distributed ledger.

2)存在于互联网,向所有用户公开。2) It exists on the Internet and is open to all users.

3)帮助人与人、物与物之间实现点对点的交易和互换。3) Help realize point-to-point transactions and exchanges between people and things.

4)无需第三方的介入即可完成价值的交换。4) The exchange of value can be completed without the intervention of a third party.

而区块链的形态主要有三种:公有链、联盟链、私有链。There are three main forms of blockchain: public chain, alliance chain, and private chain.

1)公有链:任何人都能读取区块链信息,发送交易并能被确认,参与共识过程的区块链。1) Public chain: Anyone can read the blockchain information, send transactions and be confirmed, and participate in the consensus process of the blockchain.

2)联盟链:根据一定特征所设定的节点能参与、交易,共识过程受预选节点控制的区块链,虽介于公有链与私有链之间,但实际上仍属于私有链的范畴。2) Consortium chain: Nodes set according to certain characteristics can participate and trade, and the consensus process is controlled by pre-selected nodes. Although it is between the public chain and the private chain, it actually still belongs to the category of the private chain.

3)私有链:写入权限仅在一个组织手里,读取权限可能会被限制的区块链。对公司政府内部的审计测试以及银行机构内的交易结算有很大价值。3) Private chain: The write permission is only in the hands of one organization, and the read permission may be restricted. Of great value for audit testing within corporate governments and for transaction settlement within banking institutions.

和完全开放、无许可必要的公有链不同,联盟链和私有链在信息公开程度和中心控制力度方面有所限制,这些限制可以帮助区块链满足不同类型的应用需求。但是随着范围的缩小,私有链的安全性不可避免的受到怀疑,即使具有共识机制来保证的系统安全性较为可信,但对于范围较小的私有链在共识机制上仍存有如51%攻击等隐患。其中51%攻击是指某个客户端或组织掌握了区块链全网的51%的算力之后,用这些算力来重新计算已经确认过的区块,使区块链产生分叉并且获得利益的行为。Unlike public chains that are completely open and license-free, consortium chains and private chains have restrictions on information disclosure and central control. These restrictions can help blockchains meet different types of application requirements. However, as the scope shrinks, the security of the private chain is inevitably doubted. Even if the system security guaranteed by the consensus mechanism is more credible, there are still 51% attacks on the consensus mechanism of the private chain with a smaller scope. And other hidden dangers. Among them, the 51% attack refers to that after a certain client or organization has mastered 51% of the computing power of the entire blockchain network, it uses these computing power to recalculate the confirmed blocks, causing the blockchain to fork and obtain behavior of interest.

由于私有链仍保留着区块链真实性和部分去中心化的特性,因此在此基础上需要创造出访问权限控制更为严格,修改甚至是读取权限仅限于少数用户的系统,使之兼有去中心化和中心化的特点。同时需设计权限设定和准入机制,以确保区块链的节点基本无害。Since the private chain still retains the authenticity and partial decentralization of the blockchain, on this basis, it is necessary to create a system with stricter access control, and a system in which modification and even reading permissions are limited to a few users. It has the characteristics of decentralization and centralization. At the same time, authority settings and access mechanisms need to be designed to ensure that the nodes of the blockchain are basically harmless.

因此虽然相比于公有链,私有链具有前景广阔、博采众长、减少威胁、灵活等优势,但也同时由于比较封闭、创新能力令人怀疑,存在信任问题。Therefore, although compared with the public chain, the private chain has the advantages of broad prospects, learning from others, reducing threats, and flexibility, but at the same time, due to its relatively closed and doubtful innovation ability, there are trust issues.

量子通信技术的信息安全基于量子密码学,以量子状态作为密钥突破了传统加密方法的束缚,具有不可窃听、不可复制性和理论上的“无条件安全性”。任何截获或测试量子密钥的操作,都会改变量子状态,量子通信能够确保两地之间密钥分配和通信的绝对安全性。The information security of quantum communication technology is based on quantum cryptography, using the quantum state as the key to break through the shackles of traditional encryption methods, and it is non-eavesdropping, non-replicable and theoretically "unconditional security". Any operation that intercepts or tests quantum keys will change the quantum state, and quantum communication can ensure the absolute security of key distribution and communication between the two places.

发明内容Contents of the invention

鉴于区块链技术中存在的共识机制隐患,本发明提出的基于量子密码水印的私有区块链诚实节点认证接入方法可对区块链中的部分或全部接入节点进行诚实节点认证,进而使区块链内部分或全部节点完全可信。In view of the hidden dangers of the consensus mechanism in the blockchain technology, the honest node authentication access method of the private blockchain based on the quantum cryptography watermark proposed by the present invention can perform honest node authentication on some or all of the access nodes in the blockchain, and then Make some or all nodes in the blockchain fully credible.

本发明采用如下技术方案:The present invention adopts following technical scheme:

基于量子密码水印的私有区块链诚实节点认证接入方法,其特征在于,该方法采用的系统包含:量子密码服务区、认证服务区和认证终端区,The honest node authentication access method of private blockchain based on quantum cryptography watermark is characterized in that the system adopted by the method includes: quantum cryptography service area, authentication service area and authentication terminal area,

所述量子密码服务区包含有量子密码分发系统和量子密码云,量子密码云含有量子密码管理服务器,量子密码管理服务器用于接收量子密码申请并分发量子密码、解析移动终端标识码、选择移动终端就近的量子密码分发终端与移动终端匹配,并转发移动终端标识码给该量子密码分发终端;The quantum cryptography service area includes a quantum cryptography distribution system and a quantum cryptography cloud. The quantum cryptography cloud contains a quantum cryptography management server. The quantum cryptography management server is used to receive quantum cryptography applications and distribute quantum cryptography, analyze mobile terminal identification codes, and select mobile terminal The nearest quantum cryptography distribution terminal matches the mobile terminal, and forwards the mobile terminal identification code to the quantum cryptography distribution terminal;

所述认证服务区含有私有区块链诚实节点网络和诚实节点认证服务器,其中,私有区块链诚实节点网络是移动终端申请认证欲接入的网络;诚实节点认证服务器用于认证欲接入私有区块链诚实节点网络的移动终端,诚实节点认证服务器中预存有用户的注册信息及指纹信息;The authentication service area contains a private block chain honest node network and an honest node authentication server, wherein the private block chain honest node network is a network that a mobile terminal applies for authentication to access; the honest node authentication server is used for authentication to access a private The mobile terminal of the blockchain honest node network, the honest node authentication server pre-stores the user's registration information and fingerprint information;

所述认证终端区含有若干个量子密码分发终端和待认证的移动终端,每个量子密码分发终端都有其对应的量子密码分发区域,接收处在该量子密码分发区域内移动终端的量子密码申请请求并分发量子密码,移动终端所处的量子密码分发区域作为区域标识包含在移动终端的移动终端标识码中;移动终端向诚实节点认证服务器提交认证申请时,其根据所处的量子密码分发区域以及自身的唯一标识生成一串移动终端标识码同认证申请一并提交给诚实节点认证服务器;The authentication terminal area contains several quantum cryptography distribution terminals and mobile terminals to be authenticated, each quantum cryptography distribution terminal has its corresponding quantum cryptography distribution area, and receives quantum cryptography applications from mobile terminals in the quantum cryptography distribution area To request and distribute quantum cryptography, the quantum cryptography distribution area where the mobile terminal is located is included in the mobile terminal identification code of the mobile terminal as an area identifier; when the mobile terminal submits an authentication application to the honest node authentication server, it and its own unique identification to generate a string of mobile terminal identification codes and submit them to the honest node authentication server together with the authentication application;

具体认证接入方法包括如下步骤:The specific authentication access method includes the following steps:

1)待认证的移动终端向诚实节点认证服务器发送认证申请及移动终端标识码;1) The mobile terminal to be authenticated sends an authentication application and a mobile terminal identification code to the honest node authentication server;

2)诚实节点认证服务器验证移动终端的用户名及密码,验证成功后,诚实节点认证服务器向量子密码管理服务器转发移动终端标识码并发送申请量子密码请求;2) The honest node authentication server verifies the user name and password of the mobile terminal. After the verification is successful, the honest node authentication server forwards the mobile terminal identification code to the quantum cryptography management server and sends a request for quantum cryptography;

3)量子密码管理服务器接收诚实节点认证服务器向其发送的移动终端标识码和申请量子密码请求,量子密码管理服务器分配一对量子密码KEY并与接收的移动终端标识码配对关联,将量子密码KEY与关联的移动终端标识码答复给诚实节点认证服务器;同时量子密码管理服务器解析移动终端标识码,得到移动终端所处的量子密码分发区域,将量子密码KEY与关联的移动终端标识码发送至相应量子密码分发区域的量子密码分发终端;3) The quantum cryptography management server receives the mobile terminal identification code and the quantum cryptography request sent by the honest node authentication server, the quantum cryptography management server distributes a pair of quantum cryptography KEYs and associates them with the received mobile terminal identification codes, and transfers the quantum cryptography KEY The associated mobile terminal identification code replies to the honest node authentication server; at the same time, the quantum cryptography management server analyzes the mobile terminal identification code, obtains the quantum cryptography distribution area where the mobile terminal is located, and sends the quantum cryptography KEY and the associated mobile terminal identification code to the corresponding The quantum cryptography distribution terminal in the quantum cryptography distribution area;

4)诚实节点认证服务器接收到答复的量子密码KEY后,向移动终端发送量子水印指纹图像的认证提示;4) After the honest node authentication server receives the quantum cryptography KEY of the reply, it sends an authentication prompt of the quantum watermark fingerprint image to the mobile terminal;

5)移动终端接收到认证提示后,向其所在量子密码分发区域的量子密码分发终端发送移动终端标识码提交量子密码申请;5) After receiving the authentication prompt, the mobile terminal sends the mobile terminal identification code to the quantum cryptography distribution terminal in the quantum cryptography distribution area where it is located to submit a quantum cryptography application;

6)量子密码分发终端根据移动终端发送的移动终端标识码在其内部存储中查询与移动终端标识码关联的量子密码KEY,并将量子密码KEY答复给移动终端;6) The quantum cryptography distribution terminal queries the quantum cryptography KEY associated with the mobile terminal identification code in its internal storage according to the mobile terminal identification code sent by the mobile terminal, and replies the quantum cryptography KEY to the mobile terminal;

7)移动终端接收到量子密码KEY后,通过量子密码KEY的末两位向用户提示输入指定的指纹,并将录入的指纹生成指纹图像;同时将量子密码KEY其余部分转换为二值图,根据量子密码KEY提供的嵌入位置信息利用数字水印嵌入算法将二值图嵌入到所述指纹图像中生成量子水印指纹图像,并发送给诚实节点认证服务器,等待认证;7) After receiving the quantum cryptography KEY, the mobile terminal prompts the user to enter the specified fingerprint through the last two digits of the quantum cryptography KEY, and generates a fingerprint image from the entered fingerprint; meanwhile, converts the rest of the quantum cryptography KEY into a binary image, according to The embedding position information provided by the quantum cryptography KEY uses the digital watermark embedding algorithm to embed the binary image into the fingerprint image to generate a quantum watermark fingerprint image, and sends it to the honest node authentication server, waiting for authentication;

8)诚实节点认证服务器接收到量子密码管理服务器答复的量子密码KEY后,根据量子密码KEY的末两位在本地库中调取用户相应的指纹信息,并将量子密码KEY其余部分转换为二值图;8) After the honest node authentication server receives the quantum cryptography KEY replied by the quantum cryptography management server, it retrieves the corresponding fingerprint information of the user in the local database according to the last two digits of the quantum cryptography KEY, and converts the rest of the quantum cryptography KEY into a binary value picture;

9)诚实节点认证服务器根据量子密码KEY中的嵌入位置信息从移动终端发来的量子水印指纹图像提取出指纹图像和二值图;9) The honest node authentication server extracts the fingerprint image and binary image from the quantum watermark fingerprint image sent by the mobile terminal according to the embedded position information in the quantum cryptography KEY;

10)诚实节点认证服务器对提取出的指纹图像和二值图分别进行与本地存储的指纹图像和二值图进行比对,若比对失败则驳回移动终端的认证请求,若比对成功,则将移动终端认证为诚实节点,通过移动终端认证请求。10) The honest node authentication server compares the extracted fingerprint image and binary image with the fingerprint image and binary image stored locally. If the comparison fails, the authentication request of the mobile terminal is rejected. If the comparison is successful, the Authenticate the mobile terminal as an honest node, and pass the mobile terminal authentication request.

其中,步骤7)中所述量子密码KEY的末两位取值为00、01、10或11,00、01、10及11为录入指纹编号,且00、01、10及11分别对应拇指、食指、中指及无名指的指纹信息。Wherein, the value of the last two digits of the quantum cryptography KEY described in step 7) is 00, 01, 10 or 11, 00, 01, 10 and 11 are the entry fingerprint numbers, and 00, 01, 10 and 11 respectively correspond to the thumb, Fingerprint information of the index finger, middle finger and ring finger.

通过上述设计方案,本发明可以带来如下有益效果:本发明提出的基于量子密码水印的私有区块链诚实节点认证接入方法可对区块链中的部分或全部接入节点进行诚实节点认证,进而使区块链内部分或全部节点完全可信。其中,基于量子密码分配机制的量子保密通信系统能够产生具有真随机性的安全密码,将其应用于数字水印技术中能够有效提高水印算法的安全性和稳健性,再结合具有唯一性和稳定性的指纹识别技术,较为可信的认证节点网络极大地减少了作假和攻击区块链的可能性,权限控制也能极大地减少风险。Through the above-mentioned design scheme, the present invention can bring the following beneficial effects: the private block chain honest node authentication access method based on quantum cryptography watermark proposed by the present invention can perform honest node authentication on some or all access nodes in the block chain , and then make some or all nodes in the blockchain fully credible. Among them, the quantum secret communication system based on the quantum password distribution mechanism can generate a secure password with true randomness, and its application in digital watermarking technology can effectively improve the security and robustness of the watermarking algorithm, combined with uniqueness and stability Advanced fingerprint identification technology, a more credible authentication node network greatly reduces the possibility of fraud and attacking the blockchain, and authority control can also greatly reduce risks.

附图说明Description of drawings

下面结合附图说明和具体实施方式对本发明作进一步说明:The present invention will be further described below in conjunction with accompanying drawing description and specific embodiment:

图1为本发明基于量子密码水印的私有区块链诚实节点认证接入方法的网络实施示意图;Fig. 1 is the network implementation schematic diagram of the private block chain honest node authentication access method based on the quantum cryptography watermark of the present invention;

图2为本发明基于量子密码水印的私有区块链诚实节点认证接入方法的工作流程图;Fig. 2 is the working flow chart of the private block chain honest node authentication access method based on the quantum cryptography watermark of the present invention;

图3为本发明基于量子密码水印的私有区块链诚实节点认证接入方法的认证接入时序图;Fig. 3 is the authentication access sequence diagram of the private block chain honest node authentication access method based on the quantum cryptography watermark of the present invention;

图4为量子密码管理服务器处理流程图;Fig. 4 is the processing flowchart of quantum cryptography management server;

图5为量子水印指纹图像生成流程图;Fig. 5 is a flow chart of quantum watermarking fingerprint image generation;

图6为诚实节点认证服务器认证量子水印指纹图像的流程图;Fig. 6 is the flow chart of honest node authentication server authentication quantum watermark fingerprint image;

图7为量子密码结构图。Fig. 7 is a structural diagram of quantum cryptography.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白,下面结合具体实施例,并参照附图,对本发明作进一步的详细说明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

参照图1所示,基于量子密码水印的私有区块链诚实节点认证接入方法采用的系统中有三个区,分别为量子密码服务区,认证服务区和认证终端区,其中,图中各区之间及各部件之间的连接关系中实线连接表示经典有线信道传输数据,虚线连接表示量子信道传输数据,wifi连接表示经典无线信道传输数据,具体说明如下:Referring to Figure 1, there are three areas in the system adopted by the private blockchain honest node authentication access method based on the quantum cryptography watermark, namely the quantum cryptography service area, the authentication service area and the authentication terminal area. In the connection relationship between the components and the connection between the components, the solid line connection indicates the transmission data of the classical wired channel, the dotted line connection indicates the transmission data of the quantum channel, and the wifi connection indicates the transmission data of the classical wireless channel, and the specific description is as follows:

量子密码服务区主要有量子密码分发系统和量子密码云两部分,用于实现量子密码的产生、储存与管理。量子密码分发系统包含Alice发送端和Bob接收端,主要作用是生成具有真随机性的量子密码;量子密码云含有量子密码管理服务器,其作用是处理对量子密码的申请、分发量子密码、解析移动终端标识码、选择移动终端就近的量子密码分发终端并转发移动终端标识码给量子密码分发终端。The quantum cryptography service area mainly includes two parts: the quantum cryptography distribution system and the quantum cryptography cloud, which are used to realize the generation, storage and management of quantum cryptography. The quantum cryptography distribution system includes Alice’s sender and Bob’s receiver, whose main function is to generate quantum cryptography with true randomness; the quantum cryptography cloud contains a quantum cryptography management server, whose role is to process applications for quantum cryptography, distribute quantum cryptography, and analyze mobile terminal identification code, select a quantum cryptography distribution terminal near the mobile terminal, and forward the mobile terminal identification code to the quantum cryptography distribution terminal.

认证服务区含有私有区块链诚实节点网络和诚实节点认证服务器。其中,私有区块链诚实节点网络是移动终端申请认证欲接入的网络,私有区块链诚实节点网络中的节点均可认为是诚实节点,即私有区块链诚实节点网络中节点产生的区块都是可信的;诚实节点认证服务器起到对欲接入私有区块链诚实节点网络的移动终端的认证作用,诚实节点认证服务器中预存有用户的注册信息及指纹信息。The authentication service area contains a private blockchain honest node network and an honest node authentication server. Among them, the private blockchain honest node network is the network that mobile terminals want to access when applying for authentication. All nodes in the private blockchain honest node network can be regarded as honest nodes, that is, the area generated by nodes in the private blockchain honest node network. All blocks are credible; the honest node authentication server plays a role in authenticating mobile terminals that want to access the private blockchain honest node network, and the honest node authentication server pre-stores user registration information and fingerprint information.

认证终端区含有若干个量子密码分发终端,另将待认证的移动终端也划分至该区域。其中每个量子密码分发终端都有其负责的量子密码分发区域,负责其区域内移动终端的量子密码申请,而移动终端所处的量子密码分发区域将体现在其发送的移动终端标识码部分位中,即移动终端所处的量子密码分发区域作为区域标识包含在移动终端的移动终端标识码。移动终端则是一次认证的发起者,也是一次认证的被认证者,在向诚实节点认证服务器提交认证申请时,会根据所处的量子密码分发区域以及自身的唯一标识生成一串移动终端标识码同认证申请一并提交给诚实节点认证服务器。The authentication terminal area contains several quantum cryptography distribution terminals, and mobile terminals to be authenticated are also divided into this area. Among them, each quantum cryptography distribution terminal has its own quantum cryptography distribution area, which is responsible for the quantum cryptography application of mobile terminals in its area, and the quantum cryptography distribution area where the mobile terminal is located will be reflected in the part of the mobile terminal identification code it sends. , that is, the quantum cryptography distribution area where the mobile terminal is located is included in the mobile terminal identification code of the mobile terminal as the area identifier. The mobile terminal is the initiator of an authentication and also the authenticated person of an authentication. When submitting an authentication application to the honest node authentication server, it will generate a string of mobile terminal identification codes according to the quantum cryptography distribution area where it is located and its own unique identifier. Submit to the honest node authentication server together with the authentication application.

结合图2、图3、图4、图5及图6,基于量子密码水印的私有区块链诚实节点认证接入方法具体流程说明如下:Combining Figure 2, Figure 3, Figure 4, Figure 5 and Figure 6, the specific process of the private blockchain honest node authentication access method based on quantum cryptography watermark is described as follows:

1)待认证的移动终端向诚实节点认证服务器发送认证申请及移动终端标识码,诚实节点认证服务器验证移动终端的用户名及密码,验证成功后开始处理移动终端的认证申请;1) The mobile terminal to be authenticated sends the authentication application and the mobile terminal identification code to the honest node authentication server, and the honest node authentication server verifies the user name and password of the mobile terminal, and starts to process the authentication application of the mobile terminal after the verification is successful;

2)诚实节点认证服务器向量子密码管理服务器提交量子密码申请并向其转发移动终端发来的移动终端标识码;2) The honest node authentication server submits a quantum cryptography application to the quantum cryptography management server and forwards the mobile terminal identification code sent by the mobile terminal to it;

3)量子密码管理服务器分配一对量子密码KEY与接收的移动终端标识码配对关联后,量子密码管理服务器将一对量子密码KEY的其中一支发送给诚实节点认证服务器;3) After the quantum cryptography management server assigns a pair of quantum cryptography KEYs to be associated with the received mobile terminal identification code, the quantum cryptography management server sends one of the pair of quantum cryptography KEYs to the honest node authentication server;

4)量子密码管理服务器解析移动终端标识码,得到移动终端所处的量子密码分发区域,将另一支量子密码KEY及其配对的移动终端标识码发送给移动终端就近的量子密码分发区域的量子密码分发终端;4) The quantum cryptography management server analyzes the mobile terminal identification code, obtains the quantum cryptography distribution area where the mobile terminal is located, and sends another quantum cryptography KEY and its paired mobile terminal identification code to the quantum cryptography in the nearby quantum cryptography distribution area of the mobile terminal. password distribution terminal;

5)诚实节点认证服务器接收到量子密码KEY后,向移动终端发送量子水印指纹图像的认证提示;5) After receiving the quantum cryptography KEY, the honest node authentication server sends an authentication prompt of the quantum watermark fingerprint image to the mobile terminal;

6)移动终端接收到认证提示后,向其所在量子密码分发区域的量子密码分发终端发送移动终端标识码提交量子密码申请;6) After receiving the authentication prompt, the mobile terminal sends the mobile terminal identification code to the quantum cryptography distribution terminal in the quantum cryptography distribution area where it is located to submit a quantum cryptography application;

7)量子密码分发终端根据移动终端发送的移动终端标识码在其内部存储中查询与移动终端标识码关联的量子密码KEY,并将量子密码KEY答复给移动终端;7) The quantum cryptography distribution terminal queries the quantum cryptography KEY associated with the mobile terminal identification code in its internal storage according to the mobile terminal identification code sent by the mobile terminal, and replies the quantum cryptography KEY to the mobile terminal;

8)移动终端收到量子密码KEY后,依据量子密码KEY的末两位向用户提示录入对应编号的指纹,并将量子密码KEY其余部分转换为二值图;8) After receiving the quantum cryptography KEY, the mobile terminal prompts the user to enter the fingerprint of the corresponding number according to the last two digits of the quantum cryptography KEY, and converts the rest of the quantum cryptography KEY into a binary image;

9)移动终端结合量子密码KEY提供的嵌入位置信息利用数字水印嵌入算法将二值图嵌入到指纹图像中生成量子水印指纹图像,并发送给诚实节点认证服务器,等待认证;9) The mobile terminal uses the digital watermark embedding algorithm to embed the binary image into the fingerprint image in combination with the embedding position information provided by the quantum cryptography KEY to generate a quantum watermark fingerprint image, and sends it to the honest node authentication server, waiting for authentication;

10)诚实节点认证服务器接收到量子密码管理服务器答复的量子密码KEY后,根据量子密码KEY的末两位在本地库中调取用户相应的指纹信息,并将量子密码KEY其余部分转换为二值图;10) After the honest node authentication server receives the quantum cryptography KEY replied by the quantum cryptography management server, it retrieves the corresponding fingerprint information of the user in the local database according to the last two digits of the quantum cryptography KEY, and converts the rest of the quantum cryptography KEY into a binary value picture;

11)诚实节点认证服务器根据量子密码KEY中的嵌入位置信息从移动终端发来的量子水印指纹图像提取出指纹图像和二值图;11) The honest node authentication server extracts the fingerprint image and binary image from the quantum watermark fingerprint image sent by the mobile terminal according to the embedded position information in the quantum cryptography KEY;

12)诚实节点认证服务器对提取出的指纹图像和二值图分别进行与本地存储的指纹图像和二值图进行比对,若比对失败则驳回移动终端的认证请求,若比对成功,则将移动终端认证为诚实节点,通过移动终端认证请求。12) The honest node authentication server compares the extracted fingerprint image and binary image with the fingerprint image and binary image stored locally. If the comparison fails, the authentication request of the mobile terminal is rejected. If the comparison is successful, the Authenticate the mobile terminal as an honest node, and pass the mobile terminal authentication request.

图7示出基于量子密码水印的私有区块链诚实节点认证接入方法的量子密码结构图,具体说明如下:Figure 7 shows the quantum cryptography structure diagram of the private blockchain honest node authentication access method based on the quantum cryptography watermark, and the specific description is as follows:

1)一份被用于基于量子密码水印的私有区块链诚实节点认证接入方法的量子密码应有(n×m+n+2)位字符,共分为(n+1)部分,前n部分的每部分有(m+1)位字符;1) A quantum cipher used in the private blockchain honest node authentication access method based on quantum cryptography watermark should have (n×m+n+2) characters, which are divided into (n+1) parts. Each of the n parts has (m+1) characters;

2)前n部分的每部分前m位字符作为量子数字水印嵌入位置信息,第(m+1)位字符作为生成量子数字水印的像素值;2) The first m characters of each part of the first n parts are used as the quantum digital watermark to embed the position information, and the (m+1)th character is used as the pixel value for generating the quantum digital watermark;

3)量子密码的第(n+1)部分是指纹选择位,共有2位量子密码,其可能取值分别为00、01、10及11,00、01、10及11为录入指纹编号,且00、01、10及11分别对应拇指、食指、中指及无名指的指纹信息;3) The (n+1) part of the quantum cipher is the fingerprint selection bit. There are 2 quantum ciphers in total. The possible values are 00, 01, 10 and 11 respectively. 00, 01, 10 and 11 are the fingerprint numbers, and 00, 01, 10 and 11 correspond to the fingerprint information of the thumb, index finger, middle finger and ring finger respectively;

4)综上,一份(n×m+n+2)位的量子密码可生成一张具有n个像素点的量子数字水印,且每个像素点都有其对应的m位量子密码作为其嵌入指纹图像的位置信息,其中量子数字水印嵌入到的指纹图像由量子密码的指纹选择位决定。4) To sum up, a (n×m+n+2)-bit quantum cryptography can generate a quantum digital watermark with n pixels, and each pixel has its corresponding m-bit quantum cryptography as its Embedding the position information of the fingerprint image, wherein the fingerprint image embedded in the quantum digital watermark is determined by the fingerprint selection bit of the quantum cryptography.

Claims (2)

1. the privately owned block chain honesty entity authentication cut-in method based on quantum cryptography watermark, which is characterized in that this method uses System include:Quantum cryptography service area, authentication service area and certification termination environment,
The quantum cryptography service area includes quantum cryptography dissemination system and quantum cryptography cloud, and it is close that quantum cryptography cloud contains quantum Code management server, quantum cryptography management server is for receiving quantum cryptography application and distributing quantum cryptography, parsing movement eventually The nearest quantum cryptography distribution terminal of end identification code, selection mobile terminal is matched with mobile terminal, and transmitting mobile terminal identifies Code distributes terminal to the quantum cryptography;
Contain privately owned block chain honesty meshed network and honest entity authentication server in the authentication service area, wherein privately owned area Block chain honesty meshed network is the mobile terminal application authentication network to be accessed;Honest entity authentication server is intended to connect for authenticating Enter the mobile terminal of privately owned block chain honesty meshed network, prestored in honest entity authentication server user registration information and Finger print information;
Contain several quantum cryptographys distribution terminal and mobile terminal to be certified, each quantum cryptography point in the certification termination environment Hair terminal has its corresponding quantum cryptography distribution area, the quantum of receiving area's mobile terminal in the quantum cryptography distribution area Quantum cryptography is requested and is distributed in password application, and quantum cryptography distribution area locating for mobile terminal is included in as area identification and moves In the mobile terminal identification code of dynamic terminal;When mobile terminal submits certification application to honest entity authentication server, according to institute The quantum cryptography distribution area at place and the unique identification of itself generate a string of mobile terminal identification codes and mention together with certification application Give honest entity authentication server;
Specific authentication accessing method includes the following steps:
1) mobile terminal to be certified sends certification application and mobile terminal identification code to honest entity authentication server;
2) user name and password of honest entity authentication server authentication mobile terminal, after being proved to be successful, honest entity authentication clothes Business device to quantum password management services transmitting mobile terminal identification code and sends the sub- password request of applications;
3) quantum cryptography management server receives the mobile terminal identification code and application that honest entity authentication server is sent to it Quantum cryptography request, quantum cryptography management server distribution a pair of quantum cryptography KEY simultaneously match with received mobile terminal identification code To association, quantum cryptography KEY and associated mobile terminal identification code are replied into honest entity authentication server;Quantum is close simultaneously Code management server parses mobile terminal identification code, quantum cryptography distribution area locating for mobile terminal is obtained, by quantum cryptography KEY distributes terminal to the quantum cryptography that associated mobile terminal identification code is sent to corresponding quantum cryptography distribution area;
4) after honest entity authentication server receives the quantum cryptography KEY of answer, to mobile terminal quantum watermark fingerprint The authorization prompt of image;
5) after mobile terminal receives authorization prompt, the quantum cryptography distribution terminal of quantum cryptography distribution area where to it is sent Mobile terminal identification code submits quantum cryptography application;
6) the mobile terminal identification code that is sent according to mobile terminal of quantum cryptography distribution terminal store inside it in inquire and shifting The dynamic associated quantum cryptography KEY of host ID, and quantum cryptography KEY is replied into mobile terminal;
7) after mobile terminal receives quantum cryptography KEY, prompt the user with what input was specified by two, the end of quantum cryptography KEY Fingerprint, and the fingerprint of typing is generated into fingerprint image;Quantum cryptography KEY rest part is converted into binary map simultaneously, according to amount Binary map is embedded into the fingerprint image raw by the embedded position information that sub- password KEY is provided using Digital Watermarking Embedded Algorithm At quantum watermark fingerprint image, and it is sent to honest entity authentication server, waited to be certified;
8) after honest entity authentication server receives the quantum cryptography KEY that quantum cryptography management server replies, according to quantum Two, the end of password KEY corresponding finger print information of calling and obtaining user in local library, and quantum cryptography KEY rest part is converted to Binary map;
9) the quantum water that honest entity authentication server is sent according to the embedded position information in quantum cryptography KEY from mobile terminal Print fingerprint image extracts fingerprint image and binary map;
10) fingerprint image that honest entity authentication server is carried out and is locally stored respectively to the fingerprint image and binary map that extract Picture and binary map are compared, and the certification request of mobile terminal are rejected if comparing failure, if comparing successfully, by mobile terminal Certification is honest node, is requested by mobile terminal authentication.
2. the privately owned block chain honesty entity authentication cut-in method according to claim 1 based on quantum cryptography watermark, It is characterized in that:It is typing that two, the end value of quantum cryptography KEY described in step 7), which is 00,01,10 or 11,00,01,10 and 11, Fingerprint number, and 00,01,10 and 11 finger print informations for respectively corresponding thumb, index finger, middle finger and the third finger.
CN201810754285.6A 2018-07-11 2018-07-11 Quantum cipher watermark-based private block chain honest node authentication access method Active CN108900298B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810754285.6A CN108900298B (en) 2018-07-11 2018-07-11 Quantum cipher watermark-based private block chain honest node authentication access method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810754285.6A CN108900298B (en) 2018-07-11 2018-07-11 Quantum cipher watermark-based private block chain honest node authentication access method

Publications (2)

Publication Number Publication Date
CN108900298A true CN108900298A (en) 2018-11-27
CN108900298B CN108900298B (en) 2020-09-18

Family

ID=64348808

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810754285.6A Active CN108900298B (en) 2018-07-11 2018-07-11 Quantum cipher watermark-based private block chain honest node authentication access method

Country Status (1)

Country Link
CN (1) CN108900298B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109672518A (en) * 2019-03-02 2019-04-23 西安邮电大学 The node data processing of the block chain of anti-quantum attack
CN109951511A (en) * 2019-01-08 2019-06-28 上海大学 Generation method of buyer-seller secure digital watermark protocol based on blockchain platform
CN110147683A (en) * 2019-04-26 2019-08-20 江苏信实云安全技术有限公司 Safety of image sharing platform construction method based on block chain
CN111183444A (en) * 2019-08-27 2020-05-19 阿里巴巴集团控股有限公司 System and method for registering subscribable substates in a blockchain
CN113765665A (en) * 2021-11-10 2021-12-07 济南量子技术研究院 Blockchain network and data security transmission method based on quantum key
US11336462B1 (en) 2019-09-10 2022-05-17 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11334667B1 (en) 2020-01-17 2022-05-17 Wells Fargo Bank, N.A. Systems and methods for disparate quantum computing threat detection
US11366897B1 (en) 2020-01-17 2022-06-21 Wells Fargo Bank, N.A. Systems and methods for layered quantum computing detection
CN116828459A (en) * 2023-03-02 2023-09-29 胡睿 A trusted intelligent communication terminal and complete system and application
US12126713B1 (en) 2020-01-17 2024-10-22 Wells Fargo Bank, N.A. Systems and methods for quantum computing threat detection

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729256A (en) * 2008-10-24 2010-06-09 深圳宝嘉电子设备有限公司 Security certificate method based on fingerprint, cryptographic technology and fragile digital watermark
US20130315395A1 (en) * 2012-05-25 2013-11-28 The Johns Hopkins University Embedded Authentication Protocol for Quantum Key Distribution Systems
CN105812367A (en) * 2016-03-15 2016-07-27 浙江神州量子网络科技有限公司 Authentication system and authentication method of network access device in quantum network
US20160248586A1 (en) * 2013-09-30 2016-08-25 Los Alamos National Security, Llc Streaming authentication and multi-level security for communications networks using quantum cryptography
CN106357396A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 Digital signature method, digital signature system and quantum key card

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729256A (en) * 2008-10-24 2010-06-09 深圳宝嘉电子设备有限公司 Security certificate method based on fingerprint, cryptographic technology and fragile digital watermark
US20130315395A1 (en) * 2012-05-25 2013-11-28 The Johns Hopkins University Embedded Authentication Protocol for Quantum Key Distribution Systems
US20160248586A1 (en) * 2013-09-30 2016-08-25 Los Alamos National Security, Llc Streaming authentication and multi-level security for communications networks using quantum cryptography
CN105812367A (en) * 2016-03-15 2016-07-27 浙江神州量子网络科技有限公司 Authentication system and authentication method of network access device in quantum network
CN106357396A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 Digital signature method, digital signature system and quantum key card

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
NICOLAS BUCHMANN: "Enhancing Breeder Document Long-Term Security using Blockchain Technology", 《IEEE》 *
吴佳楠: "融合量子密钥真随机性的二值图像水印", 《光学 精密工程》 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951511A (en) * 2019-01-08 2019-06-28 上海大学 Generation method of buyer-seller secure digital watermark protocol based on blockchain platform
CN109672518A (en) * 2019-03-02 2019-04-23 西安邮电大学 The node data processing of the block chain of anti-quantum attack
CN110147683A (en) * 2019-04-26 2019-08-20 江苏信实云安全技术有限公司 Safety of image sharing platform construction method based on block chain
CN111183444A (en) * 2019-08-27 2020-05-19 阿里巴巴集团控股有限公司 System and method for registering subscribable substates in a blockchain
CN111183444B (en) * 2019-08-27 2023-12-12 创新先进技术有限公司 Systems and methods for registering subscriberable substates in a blockchain
US11736303B1 (en) 2019-09-10 2023-08-22 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US12069186B2 (en) 2019-09-10 2024-08-20 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11336462B1 (en) 2019-09-10 2022-05-17 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11736302B1 (en) 2019-09-10 2023-08-22 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11914707B1 (en) 2020-01-17 2024-02-27 Wells Fargo Bank, N.A. Systems and methods for disparate quantum computing threat detection
US11366897B1 (en) 2020-01-17 2022-06-21 Wells Fargo Bank, N.A. Systems and methods for layered quantum computing detection
US11334667B1 (en) 2020-01-17 2022-05-17 Wells Fargo Bank, N.A. Systems and methods for disparate quantum computing threat detection
US12126713B1 (en) 2020-01-17 2024-10-22 Wells Fargo Bank, N.A. Systems and methods for quantum computing threat detection
US12248568B2 (en) 2020-01-17 2025-03-11 Wells Fargo Bank, N.A. Systems and methods for disparate quantum computing threat detection
CN113765665A (en) * 2021-11-10 2021-12-07 济南量子技术研究院 Blockchain network and data security transmission method based on quantum key
CN116828459A (en) * 2023-03-02 2023-09-29 胡睿 A trusted intelligent communication terminal and complete system and application

Also Published As

Publication number Publication date
CN108900298B (en) 2020-09-18

Similar Documents

Publication Publication Date Title
CN108900298B (en) Quantum cipher watermark-based private block chain honest node authentication access method
US11496310B2 (en) Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication
JP7181539B2 (en) METHOD AND APPARATUS FOR MANAGING USER IDENTIFICATION AND AUTHENTICATION DATA
CN111429254B (en) Business data processing method and device and readable storage medium
CN108876332B (en) A blockchain security transaction method and device based on biometric signature authentication
CN107925581B (en) Biometric authentication system and authentication server
CN114868143A (en) Destination addressing for transactions associated with a distributed ledger
JP5710439B2 (en) Template delivery type cancelable biometric authentication system and method
CN104270338A (en) Method and system for electronic identity registration and authentication login
TWI648679B (en) License management system and method using blockchain
CN107277059A (en) A kind of one-time password identity identifying method and system based on Quick Response Code
CN113348455A (en) Apparatus and method for providing authentication, non-repudiation, managed access, and twin discrimination of data using data control signatures
CN113826096A (en) User authentication and signature device and method using user biometric identification data
CN109639711A (en) A kind of Distributed C AS authentication method based on privately owned chain session id
Len et al. ELEKTRA: Efficient lightweight multi-dEvice key TRAnsparency
Ahmed et al. A self-sovereign identity architecture based on blockchain and the utilization of customer’s banking cards: The case of bank scam calls prevention
Ernst et al. A framework for UC secure privacy preserving biometric authentication using efficient functional encryption
CN117332396B (en) Identity verification method, device, equipment and storage medium
CN104657860A (en) Mobile banking security authentication method
US12020692B1 (en) Secure interactions in a virtual environment using electronic voice
Wang et al. Not yet another digital ID: privacy-preserving humanitarian aid distribution
Kuznetsov et al. A Comprehensive Decentralized Digital Identity System: Blockchain, Artificial Intelligence, Fuzzy Extractors, and NFTs for Secure Identity Management.
KR102517001B1 (en) System and method for processing digital signature on a blockchain network
Hariharasudan et al. A Review on Blockchain Based Identity Management System
AU2021101878A4 (en) Computerized design model for encryption in blockchain transaction systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant