Search

CN-121984711-A - Equipment safety authentication method and equipment safety authentication system

CN121984711ACN 121984711 ACN121984711 ACN 121984711ACN-121984711-A

Abstract

The application discloses a device security authentication method and a device security authentication system. The equipment security authentication method is used for a first terminal and comprises the steps of responding to a login request, calling a first quantum key device of the first terminal to generate first verification information, sending the first verification information to a quantum password service platform, and finishing login according to an encryption target key library, wherein the first terminal and the second terminal are both bound with the encryption target key library. Thus, the double-quantum key device of the first terminal and the second terminal cooperatively participate in identity authentication, and combines the validity verification of the quantum cryptography service platform to construct double hardware security guarantee, so that the problem that a single identity authentication mode is easy to steal or impersonate is effectively solved, the identity authentication security of new equipment login is improved to a certain extent, and the requirement of using the same application safely by multiple pieces of equipment of a user is met.

Inventors

  • ZHU YUFENG

Assignees

  • 中电信量子信息科技集团有限公司

Dates

Publication Date
20260505
Application Date
20251226

Claims (11)

  1. 1. A method of device security authentication, the method being for a first terminal, the method comprising: Responding to a login request, calling a first quantum key device of the first terminal to generate first verification information, and sending the first verification information to a quantum cryptography service platform, wherein a second terminal calls a second quantum key device of the second terminal to sign the first verification information, generates a signature value and sends the signature value to the quantum cryptography service platform, and the quantum cryptography service platform carries out validity check on the signature value and sends an encryption target key bank to the first terminal under the condition that the validity check is passed; and finishing login according to the encryption target key bank, wherein the first terminal and the second terminal are both bound with the encryption target key bank.
  2. 2. The method of claim 1, wherein the invoking the first quantum key device of the first terminal to generate first authentication information and transmitting the first authentication information to the quantum cryptography service platform in response to the login request comprises: responding to the login request, and calling a quantum random number generator of the first quantum key device to generate a quantum random number; invoking an anti-quantum cryptographic algorithm coprocessor of the first quantum key device to generate a first terminal public key and a first terminal private key; and sending the first terminal public key, the quantum random number and the session identifier to the quantum cryptography service platform.
  3. 3. The method according to claim 2, wherein the method further comprises: Performing coding processing on the session identifier, the quantum random number and the first terminal public key to generate a first verification code, wherein the second terminal performs analysis processing on the first verification code to obtain the session identifier and the quantum random number, performs signature processing on the session identifier and the quantum random number according to the second quantum key device private key to generate the signature value, and sends the signature value, the session identifier and the second terminal identifier to the quantum cryptography service platform, and the quantum cryptography service platform determines the second quantum key device public key according to the second terminal identifier, verifies the validity of the signature value according to the second quantum key device public key, and sends the encryption target key bank to the first terminal under the condition that the validity verification is passed; And finishing login according to the encryption target key library.
  4. 4. A method according to claim 2 or 3, characterized in that the method further comprises: The encryption target key library is sent to the first quantum key device, wherein the quantum cryptography service platform determines the first terminal public key according to the session identifier under the condition that the validity check is passed, encrypts the target key library according to the first terminal public key to generate the encryption target key library, and sends the encryption target key library to the first terminal; Invoking the anti-quantum cryptography algorithm coprocessor, and decrypting the encrypted target key library according to the first terminal private key to obtain the target key library; and finishing login according to the target key bank, wherein the first terminal is bound with the target key bank.
  5. 5. A method of device security authentication, the method for a second terminal, the method comprising: Invoking a second quantum key device of the second terminal to perform signature processing on first verification information, generating a signature value and sending the signature value to a quantum cipher service platform, wherein the first terminal responds to a login request, invokes the first quantum key device of the first terminal to generate the first verification information and sends the first verification information to the quantum cipher service platform, the quantum cipher service platform performs validity verification processing on the signature value, and sends an encryption target key bank to the first terminal under the condition that the validity verification is passed, and the first terminal and the second terminal are bound with the encryption target key bank according to the encryption target key bank.
  6. 6. The method of claim 5, wherein invoking the second quantum key device of the second terminal to sign the first verification information, generating a signature value and sending the signature value to a quantum cryptography service platform comprises: Analyzing a first verification code to obtain a session identifier and a quantum random number, wherein the first terminal responds to the login request, calls a quantum random number generator of the first quantum key device to generate the quantum random number, calls an anti-quantum cryptographic algorithm coprocessor of the first quantum key device to generate a first terminal public key and a first terminal private key, sends the first terminal public key, the quantum random number and the session identifier to the quantum cryptographic service platform, and carries out encoding processing on the session identifier, the quantum random number and the first terminal public key to generate the first verification code; Carrying out signature processing on the session identifier and the quantum random number according to the private key of the second quantum key device to generate the signature value; And sending the signature value, the session identifier and the second terminal identifier to the quantum cryptography service platform, wherein the quantum cryptography service platform determines the public key of the second quantum key device according to the second terminal identifier, verifies the validity of the signature value according to the public key of the second quantum key device, and sends the encryption target key library to the first terminal under the condition that the signature value is valid, and the first terminal completes login according to the encryption target key library.
  7. 7. A method for device security authentication, the method for a quantum cryptography service platform, the method comprising: Performing validity verification processing on a signature value, wherein a first terminal responds to a login request, calls a first quantum key device of the first terminal to generate first verification information, and sends the first verification information to the quantum cryptography service platform, and a second terminal calls a second quantum key device of the second terminal to perform signature processing on the first verification information, so as to generate the signature value and send the signature value to the quantum cryptography service platform; And under the condition that the validity verification is passed, sending an encryption target key bank to the first terminal, wherein the first terminal completes login according to the encryption target key bank, and the first terminal and the second terminal are both bound with the encryption target key bank.
  8. 8. The method of claim 7, wherein the performing a validity check process on the signature value comprises: Determining a second quantum key device public key according to a second terminal identifier, wherein the first terminal responds to the login request, calls a quantum random number generator of the first quantum key device to generate a quantum random number, calls an anti-quantum cryptographic algorithm coprocessor of the first quantum key device to generate a first terminal public key and a first terminal private key, sends the first terminal public key, the quantum random number and a session identifier to the quantum cryptographic service platform, carries out coding processing on the session identifier, the quantum random number and the first terminal public key to generate a first verification code, carries out analysis processing on the first verification code by the second terminal to obtain the session identifier and the quantum random number, carries out signature processing on the session identifier and the quantum random number according to the second quantum key device private key to generate the signature value, and sends the signature value, the session identifier and the second terminal identifier to the quantum cryptographic service platform; And checking the validity of the signature value according to the public key of the second quantum key device.
  9. 9. The method according to claim 8, wherein the sending the encryption target keystore to the first terminal if the validity check passes includes: Determining the first terminal public key according to the session identifier; Encrypting the target key library according to the first terminal public key to generate the encrypted target key library; And sending the encryption target key library to the first terminal, wherein the first terminal sends the encryption target key library to the first quantum key device, calls the anti-quantum cryptographic algorithm coprocessor, decrypts the encryption target key library according to the first terminal private key to obtain the target key library, and completes login according to the target key library, wherein the first terminal is bound with the target key library.
  10. 10. A device security authentication method, wherein the method is used for a device security authentication system, the system comprises a first terminal, a second terminal and a quantum cryptography service platform, and the method comprises: The first terminal responds to a login request, calls a first quantum key device of the first terminal to generate first verification information, and sends the first verification information to the quantum cryptography service platform; the second terminal calls a second quantum key device of the second terminal to carry out signature processing on the first verification information, generates a signature value and sends the signature value to the quantum cryptography service platform; the quantum cryptography service platform performs validity verification processing on the signature value, and sends an encryption target key bank to the first terminal under the condition that the validity verification is passed; and the first terminal completes login according to the encryption target key bank, wherein the first terminal and the second terminal are both bound with the encryption target key bank.
  11. 11. A device security authentication system is characterized in that the system comprises a first terminal, a second terminal and a quantum cryptography service platform, wherein, The first terminal is configured to respond to a login request, call a first quantum key device of the first terminal to generate first verification information, and send the first verification information to the quantum cryptography service platform; The second terminal is configured to call a second quantum key device of the second terminal to sign the first verification information, generate a signature value and send the signature value to the quantum cryptography service platform; The quantum cryptography service platform is configured to perform validity verification processing on the signature value, and send an encryption target key bank to the first terminal when the validity verification is passed; The first terminal is configured to complete login according to the encryption target keystore, wherein the first terminal and the second terminal are both bound with the encryption target keystore.

Description

Equipment safety authentication method and equipment safety authentication system Technical Field The present application relates to the field of information security technologies, and in particular, to a device security authentication method and a device security authentication system. Background With the popularity of mobile offices, users have a need to use the same application on multiple devices. In the related art, when a new device logs in to the same application, a single identity authentication mode such as a password, a short message verification code and the like is generally relied on. However, the single identity authentication mode is easy to steal or impersonate, and has certain potential safety hazard. Disclosure of Invention The application provides a device security authentication method and a device security authentication system. The embodiment of the application provides a device security authentication method, which is used for a first terminal and comprises the following steps: Responding to a login request, calling a first quantum key device of the first terminal to generate first verification information, and sending the first verification information to a quantum cryptography service platform, wherein a second terminal calls a second quantum key device of the second terminal to sign the first verification information, generates a signature value and sends the signature value to the quantum cryptography service platform, and the quantum cryptography service platform carries out validity check on the signature value and sends an encryption target key bank to the first terminal under the condition that the validity check is passed; and finishing login according to the encryption target key bank, wherein the first terminal and the second terminal are both bound with the encryption target key bank. Thus, the double-quantum key device of the first terminal and the second terminal cooperatively participate in identity authentication, and combines the validity verification of the quantum cryptography service platform to construct double hardware security guarantee, so that the problem that a single identity authentication mode is easy to steal or impersonate is effectively solved, the identity authentication security of new equipment login is improved to a certain extent, and the requirement of using the same application safely by multiple pieces of equipment of a user is met. In some embodiments, the responding to the login request, invoking the first quantum key device of the first terminal to generate first verification information, and sending the first verification information to a quantum cryptography service platform, including: responding to the login request, and calling a quantum random number generator of the first quantum key device to generate a quantum random number; invoking an anti-quantum cryptographic algorithm coprocessor of the first quantum key device to generate a first terminal public key and a first terminal private key; and sending the first terminal public key, the quantum random number and the session identifier to the quantum cryptography service platform. In this way, the quantum random number, the first terminal public key and the session identifier are combined to form the first verification information, so that the first verification information has randomness, quantum resistance and uniqueness, the attack actions of an attacker for forging and falsifying the verification information are effectively resisted, the safety and reliability of the first verification information are improved to a certain extent, and reliable original safety data are provided for links such as follow-up signature verification, key bank encryption and the like. In certain embodiments, the method further comprises: Performing coding processing on the session identifier, the quantum random number and the first terminal public key to generate a first verification code, wherein the second terminal performs analysis processing on the first verification code to obtain the session identifier and the quantum random number, performs signature processing on the session identifier and the quantum random number according to the second quantum key device private key to generate the signature value, and sends the signature value, the session identifier and the second terminal identifier to the quantum cryptography service platform, and the quantum cryptography service platform determines the second quantum key device public key according to the second terminal identifier, verifies the validity of the signature value according to the second quantum key device public key, and sends the encryption target key bank to the first terminal under the condition that the validity verification is passed; And finishing login according to the encryption target key library. In this way, the integrity and confidentiality of information transmission are guaranteed by encoding the verification information, and dou