Identity verification system based on cavity type photorefractive crystal PUF
1. An identity verification system based on cavity formula photorefractive crystal PUF which characterized in that: the device comprises a light intensity modulation module, an optical PUF module (4) and a lens module which are sequentially arranged along a light path from left to right, and also comprises a data processing module;
the light intensity modulation module comprises a light source (1), a beam expanding collimation system PBES (2) and a spatial modulator SLM (3), wherein the light source (1) is a pumping light source and generates pumping light, and the pumping light enters the spatial modulator SLM (3) through the beam expanding collimation system PBES (2) and then enters the optical PUF module;
the optical PUF module (4) is of a cavity type structure and is composed of two optical PUF scattering sheets and four plane reflectors, and each optical PUF scattering sheetLiNbO lithium niobate double-doped by two glass plates and ferrozirconium3Fe and Zr granular crystals, two glass plates are parallel to each other, the opposite inner surfaces of the two glass plates are plated with film layers with the reflectivity of R =30%, the outer surfaces of the two glass plates are plated with high-permeability films, and the lithium niobate LiNbO with double-doped zirconium and iron is prepared by3Fe and Zr granular crystals are uniformly paved between the two glass flat plates, and the spatial positions of the crystals are randomly distributed and filled; the two optical PUF scattering sheets are perpendicular to the light path and arranged in parallel along the light path, and the two optical PUF scattering sheets are wrapped by four plane reflectors up, down, front and back to form a cavity type structure;
the lens module comprises a positive lens (5), and the data processing module comprises a CCD camera (6) and a computer (7); light enters a CCD camera (6) through a positive lens (5) after being scattered by an optical PUF module (4), the CCD camera (6) is connected to a computer (7) through a serial data port, and the computer (7) contains an extraction program.
2. The identity verification system based on the cavity type photorefractive crystal PUF, according to claim 1, wherein: the glass plate of the optical PUF scattering sheet can be replaced by a quartz plate.
3. The identity verification system based on the cavity type photorefractive crystal PUF, according to claim 1, wherein: the light source (1) is a laser.
4. The identity verification system based on the cavity type photorefractive crystal PUF, according to claim 1, wherein: the LiNbO3In Fe, Zr crystals, doped Zr4+Ion concentration of 4mol% and Fe3+The concentration is 0.03wt%, the shape is similar to tetrahedron, hexahedron, octahedron and ellipsoid, and the crystal is a micron-scale photorefractive crystal.
5. The identity verification system based on the cavity type photorefractive crystal PUF, according to claim 1, wherein: glass plate of the optical PUF scattering sheetThe size of the plate is as follows: the thickness is 0.6mm, the area is 20mm multiplied by 20mm, and the zirconium-iron double-doped lithium niobate LiNbO3The filling thickness of Fe and Zr crystals is 0.8mm, so that the whole thickness of the optical PUF scattering sheet is 2mm, and the area is 20mm multiplied by 20 mm; the area of the plane reflector is 20mm multiplied by 40mm, and the size of the formed cavity type structure is 20mm multiplied by 44 mm3。
6. The identity authentication method of an identity authentication system based on a cavity type photorefractive crystal PUF, according to claim 1, wherein: the method comprises two authentication methods which are respectively as follows:
firstly, a user holds a PUF module: the method comprises two working stages, namely a registration stage and an authentication stage, and is realized by the following steps:
1) a registration stage:
firstly, a light source (1) is used as a pumping light source and outputs a light beam with a certain polarization state and intensity;
secondly, the light beam passes through a beam expanding collimation system PBES (2) to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;
the outgoing light beam with certain width after beam expansion and collimation irradiates on a spatial modulator SLM (3), the light beam phase is influenced by a modulation information matrix to change the light intensity distribution and generate the excitation light with certain angle and light field distribution, wherein the excitation light is modulated by a modulation information matrix CkCharacterized by excitation matrix, k =1, 2, 3 … n, specifically { C, as drawn by the systemKMatrix cluster decision;
excitation light enters the ith optical PUF module (4), i =1, 2 and 3 … m, and the optical PUF module (4) is used as an authentication credential of the optical PUF verification system to generate response light;
emergent light from the ith optical PUF module (4) passes through the positive lens (5) to reduce the divergence angle of scattered light beams;
sixthly, emergent light from the positive lens (5) is incident on the CCD camera (6), after 3-4 s, the CCD camera (6) collects the 2D speckle image, and the steady speckle image is processed into 01 by utilizing an extraction program in the computer (7) "Digital binary matrix as response matrix P of response signalsik;
Seventhly, determining a required excitation-response logarithm number n according to a safety requirement, and repeating the steps of the first step to the sixth step;
eighthly, manufacturing and registering m optical PUF modules according to actual use conditions, repeating the steps from the first step to the seventh step, and then responding to a matrix PikK =1, 2, 3 … n, i =1, 2, 3 … m, together with the modulation information matrix characterizing the excitation signal in step (C), as excitation-response pairs { Ck-PikK =1, 2, 3 … n, i =1, 2, 3 … m, which are stored in correspondence in a computer database;
2) and (3) an authentication stage:
setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;
secondly, starting a security authentication system, and waiting for the user to put in an ith optical PUF module (4), namely an 'identity card'; at this point, the computer calls an arbitrary excitation matrix C stored in the databasekK =1, 2, 3 … n, modulation information matrix C that will characterize the excitation signalk-loading into a spatial modulator SLM (3) generating excitation light; the excitation light acts on the optical PUF module (4) to generate response light, and the response light is converted into a response signal by an extraction program of the CCD camera (6) and the computer (7), wherein the response signal is represented by a binary matrix of ' 01 ' number and becomes a response matrix P 'ik,k=1、2、3…n,i= 1、2、3…m;
③ the computer (7) will process the processed ' 01 ' response matrix P 'ikAnd the response matrix P of 01 taken out from the databaseikComparing the bit number d of the difference bits with a threshold delta, judging whether the bit number d of the difference bits passes through the threshold delta, and if the bit number d of the difference bits is larger than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is passed;
if the accuracy of the authentication result is to be improved, a plurality of excitation matrix excitation optical PUF modules can be used at one time, the step III is repeated, the generated response is compared with the registration response data stored in the library, and authentication is carried out by utilizing a majority matching principle;
the second authentication method is to fix the optical PUF module in the system, and the user carries a plaintext pattern (such as a fingerprint) to authenticate in the security system, and comprises two working stages, namely an enrollment stage and an authentication stage, and the authentication method is realized through the following steps:
1) a registration stage:
firstly, a light source (1) is used as a pumping light source and outputs a light beam with a certain polarization state and intensity;
secondly, the light beam passes through a beam expanding collimation system PBES (2) to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;
the outgoing light beam with certain width after beam expansion and collimation irradiates on a spatial modulator SLM (3), the light beam phase is influenced by a modulation information matrix to change the light intensity distribution, and excitation light carrying identity information with certain angle and light field distribution is generated, wherein the excitation signal of the excitation light is modulated by a modulation information matrix CkCharacterization, as excitation matrix, k =1, 2, 3 … n, determined specifically by the plain text pattern given by the user;
excitation light enters the optical PUF module (4), and the optical PUF module (4) is used as an authentication credential of the optical PUF verification system to generate response light;
emergent light from the optical PUF module (4) passes through the positive lens (5) to reduce the divergence angle of scattered light beams;
sixthly, emergent light from the positive lens (5) is incident on the CCD camera (6), after 3-4 s, the CCD camera (6) collects the 2D speckle image, the stable speckle image is processed into a '01' digital binary matrix by utilizing an extraction program in the computer (7), and the stable scattering light spot image is processed into a '01' digital binary matrix as a response matrix P of a response signalk;
Seventhly, repeating the steps from the first step to the sixth step according to the user, loading n plaintext patterns, recording n response signal matrixes, and responding to the response signals P at the momentkK =1, 2, 3 … n, stored in a computer database;
2) and (3) an authentication stage:
setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;
starting a security authentication system, and waiting for the user to put a kth plaintext pattern, namely an identity card; at this point, a modulation information matrix C characterizing the excitation signalkAnd the excitation light is loaded to the spatial modulator SLM (3) to generate excitation light, k =1, 2, 3 … n, the excitation light is acted on the optical PUF module (4) to generate response light, and the response light is converted into a response signal by the CCD camera (6) and a computer (7) extraction program, wherein the response signal is represented by a binary matrix of ' 01 ' numbers and becomes a response matrix P 'k,k=1、2、3…n;
③ the computer (7) will process the processed ' 01 ' response matrix P 'kAnd the response matrix P of 01 taken out from the databasekComparing the bit number d of the difference bits with a threshold delta, judging whether the bit number d of the difference bits passes through the threshold delta, and if the bit number d of the difference bits is larger than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is passed;
if the accuracy of the authentication result is to be improved, a plurality of plaintext patterns can be used at one time, the step III is repeated, the generated response is compared with the registration response data stored in the library, and authentication is performed by utilizing a majority of matching principles.
Background
With the development of technologies and networks, security systems for "personal identity" authentication have become widespread in people's lives. However, security issues with authentication continue to plague us, such as: system deciphered, token cloned, identity information tampered, etc. Therefore, it is urgent to develop new authentication methods and tools.
Physically Unclonable Functions (PUFs) are Physical entities that introduce randomness during the manufacturing process, and it is very difficult to completely control micro-and nano-scale manufacturing differences in Physical media because their random Physical differences have natural characteristics that are difficult to clone or counterfeit. Therefore, a Physical Unclonable Function (PUF) based on random differences of physical entities eliminates the risk of key duplication from the physical level, and becomes the leading direction of authentication research.
Currently, research on PUFs mainly focuses on electronic PUFs and optical PUFs, which are implemented by introducing random differences during the fabrication process of integrated circuits, for example: SRAM PUF based on voltage divider circuit cells and APUF based on delay cells. But the PUF can be predicted by using a mode of matching the digital template attack and the side channel attack, and the safety is low. In contrast, an optical PUF implemented based on complex scattering, reflection, absorption, and non-linearity behaviors is more difficult to predict and clone. Therefore, the subsequent researchers have turned their eyes to the optical PUF, and the optical PUF method is becoming a hot spot in the fields of information security and authentication.
Since the 2001 proposal by Pappu et al for implementing an optical PUF with doped light scattering particles as a physical one-way function, optical PUF authentication systems implemented in various ways have been presented in succession, for example: the PUF authentication system is realized based on a quantum optical mode and is realized based on a space optical interferometry. The PUF authentication system realized based on the quantum optical mode has the advantages of high safety and low cost, but the system is extremely easily influenced by noise and has poor stability. The PUF system realized based on the space optical interferometry has the advantages of high stability and large CRP space, but because the doped material is glass, the output speckle patterns are 'linear' superposition, and the safety needs to be improved. Therefore, for the above reasons, it is necessary to develop a new authentication system to achieve the purposes of high security and high anti-tamper level.
Disclosure of Invention
The invention provides an identity verification system based on a cavity type photorefractive crystal PUF, aiming at solving the problems of poor safety or low anti-deciphering degree of the existing optical PUF identity verification system.
The invention is realized by the following technical scheme: an identity verification system based on a cavity type photorefractive crystal PUF comprises a light intensity modulation module, an optical PUF module and a lens module which are sequentially arranged along a light path from left to right, and also comprises a data processing module; the light intensity modulation module comprises a light source, a beam expanding collimation system PBES and a spatial modulator SLM, wherein the light source is a pumping light source and generates pumping light, and the pumping light enters the spatial modulator SLM through the beam expanding collimation system PBES and then enters the optical PUF module; the optical PUF module is of a cavity type structure and is composed of two optical PUF scattering sheets and four plane reflectors, wherein each optical PUF scattering sheet is composed of two glass plates and lithium niobate LiNbO doped with ferrozirconium3Fe and Zr granular crystals, two glass plates are parallel to each other, the opposite inner surfaces of the two glass plates are plated with film layers with the reflectivity of R =30%, the outer surfaces of the two glass plates are plated with high-permeability films, and the lithium niobate LiNbO with double-doped zirconium and iron is prepared by3Fe and Zr granular crystals are evenly laid on the two glass platesThe space positions of the crystals are randomly distributed and filled between the plates; the two optical PUF scattering sheets are perpendicular to the light path and arranged in parallel along the light path, and the two optical PUF scattering sheets are wrapped by four plane reflectors up, down, front and back to form a cavity type structure; the lens module comprises a positive lens, and the data processing module comprises a CCD camera and a computer; the light enters the CCD camera through the positive lens after being scattered by the optical PUF module, the CCD camera is connected to a computer through a serial data port, and the computer contains an extraction program.
An identity verification system based on a cavity type photorefractive crystal PUF comprises a light intensity modulation module, an optical PUF module and a lens module which are sequentially arranged from left to right along a light path, and also comprises a data processing module. The light intensity modulation module comprises a light source, a beam expanding collimation system PBES and a spatial modulator SLM, wherein the light source is a pumping light source and generates pumping light, and the pumping light enters the spatial modulator SLM through the beam expanding collimation system PBES and then enters the optical PUF module; the optical PUF module is of a cavity type structure and is composed of two optical PUF scattering sheets and four plane reflectors, wherein each optical PUF scattering sheet is composed of two glass plates and lithium niobate LiNbO doped with ferrozirconium3Fe and Zr granular crystals, two glass plates are parallel to each other, the opposite inner surfaces of the two glass plates are plated with film layers with the reflectivity of R =30%, the outer surfaces of the two glass plates are plated with high-permeability films, and the lithium niobate LiNbO with double-doped zirconium and iron is prepared by3Fe and Zr granular crystals are uniformly paved between the two glass flat plates, and the spatial positions of the crystals are randomly distributed and filled; the two optical PUF scattering sheets are perpendicular to the light path and arranged in parallel along the light path, and the two optical PUF scattering sheets are wrapped by four plane reflectors up, down, front and back to form a cavity type structure; the lens module comprises a positive lens, and the data processing module comprises a CCD camera and a computer; the light enters the CCD camera through the positive lens after being scattered by the optical PUF module, the CCD camera is connected to a computer through a serial data port, and the computer contains an extraction program.
The invention provides an identity verification system based on a cavity type photorefractive crystal PUF (physical unclonable function), which comprises lights which are sequentially arranged from left to right along a light pathThe system comprises a strong modulation module, an optical PUF module, a lens module and a data processing module, wherein the light intensity modulation module is used for emitting light, performing beam expansion collimation and then modulating a light beam in a spatial domain, and comprises a light source, a beam expansion collimation system PBES and a spatial modulator SLM (SLM), the light source is a pumping light source and generates pumping light, the pumping light is expanded by the beam expansion collimation system PBES and collimated and enters the spatial modulator SLM, the SLM needs to be systematically or artificially loaded with plaintext patterns, the light intensity distribution is changed, namely the light intensity distribution carries 'identity information', excitation light of the system is generated and enters the optical PUF module; the optical PUF module is an authentication credential of a verification system, response light can be generated when excitation light is incident on the optical PUF module, the response light contains internal structure information of the optical PUF module, the optical PUF module is of a cavity type structure and is composed of two optical PUF scattering sheets and four plane reflectors, and each optical PUF scattering sheet is composed of two glass flat plates and lithium niobate LiNbO doped with zirconium and iron3The two glass plates are parallel to each other, the opposite inner surfaces of the two glass plates are coated with film layers with the reflectivity of R =30%, partial reflection and transmission of light beams are achieved, and the outer surfaces of the two glass plates are coated with high-transmission films, so that the light beams are transmitted in a low-loss mode. Zirconium-iron double-doped lithium niobate LiNbO3Fe and Zr granular crystals are uniformly filled between the two glass flat plates, and the spatial positions of the crystals are randomly distributed; the two optical PUF scattering sheets are perpendicular to the light path and arranged in parallel along the light path, the optical PUF scattering sheets are equivalent to a simple F-P interferometer, and the purpose is to enable light beams to be reflected for multiple times in a cavity, and laid ferrozirconium double-doped lithium niobate LiNbO3The granular Fe and Zr crystals have good photorefractive property and response time of taur=1.8 seconds, sensitivity S of 13.4cm/J, and can be at 250mw/cm2The P-polarized light beam generates a photorefractive effect, and the working principle of the optical PUF scattering sheet is as follows: one is as follows: when excitation light irradiates on the surface of the optical PUF module, the incident surface of the optical PUF scattering sheet is used as a wave surface of the excitation light, and a plurality of micro-beams can be emitted, and the micro-beams are subjected to complex scattering and refraction due to the scattered crystal structure in the PUF; the specific action mechanism is as follows: one micro-beam will be reflected and refracted by the crystal particles to other crystal particlesThe micro-beam interference detector and the micro-beam interference detector are combined to act together with the light beam generated by the original micro-beam to enable the crystal to generate a nonlinear effect and change the scattering and refraction characteristics of the original micro-beam, so that the interaction between different micro-beams is established, and the emitted speckle images are subjected to nonlinear superposition; the second step is as follows: crystal particle shape structure is similar to tetrahedron, hexahedron, octahedron and ellipsoid etc. plays local effect to light, after the microbeam incides crystal particle inside, takes place multiple reflection in inside surface to unable outgoing in the short time realizes the effect of local light, promotes the inside light intensity of crystal particle, strengthens its photorefractive effect, thereby makes speckle pattern complexity promote. And thirdly: the inner surface of the optical PUF scattering sheet is plated with a R (R =30%) reflection film layer, so that multiple reflection of a micro-beam between two parallel flat plates can be realized, and the specific action mechanism is as follows: when a plurality of micro beams on the incident wave surface meet crystal particles and are scattered and refracted, part of the beams can act on crystals at other positions; the rest part can be scattered to the inner surfaces of the two flat plates, and due to the existence of the film layer, the light beams on the inner surfaces of the two flat plates can be partially reflected and act back to the crystal particles, so that the effect between the micro light beams and the crystal particles is further improved, and the unpredictability of the speckles is improved. The two optical PUF scattering sheets are wrapped and fixed by four plane reflectors in the upper part, the lower part and the front part and the rear part to form a cavity type structure, namely the optical PUF scattering sheets are used as the front end surface and the rear end surface of a cavity, the plane reflectors are used as cavity surfaces, excitation light is changed into quasi-response light with certain light intensity distribution after passing through the front-section PUF scattering sheets, and the quasi-response light contains internal structure information of the front-section PUF scattering sheets; the quasi-response light is reflected by the cavity surface reflector and generates response light through the rear-end optical PUF scattering sheet, and the module utilizes multiple reflection and scattering of light beams between glass flat plates, the scattering degree of crystals in the PUF structure and the photorefractive effect of the photorefractive crystals, so that emergent light has high nonlinearity, and the unpredictability and the complexity of information light spots are increased. The cavity structure prolongs the reflection length of the light beam by utilizing cavity surface reflection, and improves the reflection and scattering times of the light beamThe number of the actions of the micro-beam and the crystal action between the two optical PUF scattering sheets is greatly increased. The non-linear complexity of the final response speckle is made higher on the basis of a single optical PUF scattering sheet. The lens module comprises a positive lens, the positive lens is used for reducing the divergence angle of scattered light beams, the data processing module comprises a CCD camera and a computer, the light enters the CCD camera through the positive lens after being scattered by the optical PUF module, the CCD camera collects 2D speckle images, the CCD camera is connected to the computer through a serial data port, the CCD camera collects steady-state response light spot images passing through the optical PUF module and transmits the steady-state response light spot images to the computer, and in the computer, the images are converted into a 01 digital binary matrix by utilizing an extraction program and used for representing response signals. In the working process of the verification system, two authentication methods are included according to different hand-held objects of a user, and the specific process is as follows:
firstly, a user holds a PUF: the method comprises two working stages, namely a registration stage and an authentication stage, and is realized by the following steps:
1) a registration stage:
firstly, a light source is used as a pumping light source and outputs a light beam with a certain polarization state and intensity;
secondly, the light beam passes through a beam expanding collimation system PBES to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;
irradiating the emergent light beam with certain width after beam expansion and collimation on the SLM, changing light intensity distribution by the influence of the modulation information matrix to generate exciting light with certain angle and light field distribution, wherein the exciting light is modulated by the modulation information matrix CkCharacterized by excitation matrix, k =1, 2, 3 … n, specifically { C, as drawn by the systemKMatrix cluster decision;
excitation light enters the ith optical PUF module, i =1, 2, 3 … m, and the optical PUF module is used as an authentication credential of the optical PUF verification system to generate response light;
the emergent light from the ith optical PUF module passes through the positive lens to reduce the divergence angle of the scattered light beam;
sixth, the emergent light from the positive lens is incident on the CCD camera for 3-4 sThe CCD camera collects the 2D speckle image, and the stable speckle image is processed into a '01' digital binary matrix as a response matrix P of a response signal by utilizing an extraction program in a computerik;
Seventhly, determining a required excitation-response logarithm number n according to a safety requirement, and repeating the steps of the first step to the sixth step;
eighthly, manufacturing and registering m optical PUF modules according to actual use conditions, repeating the steps from the first step to the seventh step, and then responding to a matrix PikK =1, 2, 3 … n, i =1, 2, 3 … m, together with the modulation information matrix characterizing the excitation signal in step (C), as excitation-response pairs { Ck-PikK =1, 2, 3 … n, i =1, 2, 3 … m, which are stored in correspondence in a computer database;
2) and (3) an authentication stage:
setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;
secondly, starting a security authentication system, and waiting for the user to put in an ith optical PUF module, namely an 'identity card'; at this point, the computer calls an arbitrary excitation matrix C stored in the databasekK =1, 2, 3 … n, modulation information matrix C that will characterize the excitation signalkLoading the excitation light to a spatial modulator (SLM) to generate excitation light; the excitation light acts on the optical PUF module to generate response light, and the response light is converted into a response signal by an extraction program of the CCD camera and the computer, wherein the response signal is represented by a binary matrix of ' 01 ' number and becomes a response matrix P 'ik,k=1、2、3…n,i= 1、2、3…m;
③ the computer responds to the matrix P ' with the processed ' 01 'ikAnd the response matrix P of 01 taken out from the databaseikComparing the bit number d of the difference bits with a threshold delta, judging whether the bit number d of the difference bits passes through the threshold delta, and if the bit number d of the difference bits is larger than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is passed;
and fourthly, if the accuracy of the authentication result is improved, a plurality of excitation matrix excitation optical PUF modules can be used at one time, the steps from the third step to the fourth step are repeated, the generated response is compared with the registration response data stored in the library, and authentication is carried out by utilizing a majority matching principle.
The second authentication method is to fix the optical PUF module in the system, and the user carries a plaintext pattern (such as a fingerprint) to authenticate in the security system, and comprises two working stages, namely an enrollment stage and an authentication stage, and the authentication method is realized through the following steps:
1) a registration stage:
firstly, a light source is used as a pumping light source and outputs a light beam with a certain polarization state and intensity;
secondly, the light beam passes through a beam expanding collimation system PBES to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;
the outgoing light beam with certain width after beam expansion and collimation irradiates on the SLM, the phase of the light beam is influenced by the modulation information matrix to change the light intensity distribution and generate the excitation light carrying the identity information with certain angle and light field distribution, wherein the excitation signal of the excitation light is modulated by the modulation information matrix CkCharacterization, referred to as excitation matrix, k =1, 2, 3 … n, determined in particular by the plain text pattern given by the user, such as the "user" own fingerprint pattern;
excitation light enters the optical PUF module, and the optical PUF module is used as an authentication credential of the optical PUF verification system to generate response light;
emergent light from the optical PUF module passes through the positive lens to reduce the divergence angle of scattered light beams;
sixthly, emergent light from the positive lens is incident on the CCD camera, after 3-4 s, the CCD camera collects 2D speckle images, stable speckle images are processed into '01' digital binary matrix by utilizing an extraction program in a computer, and stable scattering light spot images are processed into '01' digital binary matrix as a response matrix P of response signalsk;
Seventhly, repeating the steps from the first step to the sixth step according to the user, loading n plaintext patterns, recording n response signal matrixes, and responding to the response signals P at the momentkK =1, 2, 3 … n, stored in a computer database;
2) and (3) an authentication stage:
setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as n;
starting a security authentication system, and waiting for the user to put a kth plaintext pattern, namely an identity card; at this point, a modulation information matrix C characterizing the excitation signalk-loading the spatial modulator SLM to generate excitation light, k =1, 2, 3 … n, acting on the optical PUF module to generate response light, which is converted into a response signal by means of a CCD camera and a computer extraction program, wherein the response signal is represented by a binary matrix of "01" digits, referred to as the response matrix P'k,k=1、2、3…n;
③ the computer responds to the matrix P ' with the processed ' 01 'kAnd the response matrix P of 01 taken out from the databasekComparing the bit number d of the difference bits with a threshold delta, judging whether the bit number d of the difference bits passes through the threshold delta, and if the bit number d of the difference bits is larger than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is passed;
if the accuracy of the authentication result is to be improved, a plurality of plaintext patterns can be used at one time, the step III is repeated, the generated response is compared with the registration response data stored in the library, and authentication is performed by utilizing a majority of matching principles.
Preferably, the glass plate of the optical PUF scattering sheet may be replaced with a quartz plate.
Preferably, the light source is a laser.
Preferably, the LiNbO3In Fe, Zr crystals, doped Zr4+Ion concentration of 4mol% and Fe3+The concentration is 0.03wt%, the shape is similar to tetrahedron, hexahedron, octahedron, ellipsoid and the like, the crystal is a micron-scale photorefractive crystal, and the response time can reach taur=1.8 seconds, sensitivity S of 13.4cm/J, and can be at 250mw/cm2The photorefractive effect is generated under the P polarized light beam.
Compared with the prior art, the invention has the following beneficial effects: the invention providesAn identity authentication system based on a cavity type photorefractive crystal PUF is provided, which is based on a core component PUF module of the system, changes a doping material and a structure, and has higher safety and strong anti-deciphering performance. The optical PUF is different from other optical PUFs, the doping material adopted in the PUF scattering sheet is a photorefractive crystal, and particularly, the doped material is a zirconium-iron double-doped lithium niobate series (LiNbO) with excellent photorefractive characteristic3Fe, Zr) crystal having a property that a refractive index changes with light intensity distribution, i.e., a photorefractive effect; when optical scattering exists in the PUF scattering sheet, micro light beams at different space points can generate mutual influence due to a photorefractive effect, so that a response result is complex nonlinear superposition; the crystal has a granular structure, photons can be limited to a certain extent, the capacity of local light is enhanced, and the working pumping threshold is reduced; the inner surface of the optical PUF scattering sheet is plated with a film layer, so that light beams can be reflected for multiple times, the combined action between micro light beams of different space points is established, and the influence on crystal particles is increased. The optical PUF module adopted by the invention is of a cavity structure, the emergent light of the front-end PUF scattering sheet is reflected to the rear-end PUF scattering sheet by using the reflector, the acting times of micro-beams and crystals in the two optical PUF scattering sheets are greatly increased, the nonlinear complexity of the final response speckles is higher on the basis of a single optical PUF scattering sheet, and the optical PUF scattering sheet has strong anti-deciphering performance and high safety.
Drawings
Fig. 1 is a schematic structural diagram of an identity authentication system based on a cavity type photorefractive crystal PUF.
Fig. 2 is a flow chart of the working process of an identity authentication system based on a cavity type photorefractive crystal PUF.
Fig. 3 is a diagram of a cavity structure of an optical PUF module.
The figures are labeled as follows: the device comprises a 1-light source, a 2-beam expanding collimation system PBES, a 3-spatial modulator SLM, a 4-optical PUF module, a 5-positive lens, a 6-CCD camera, a 7-computer and 8-11-plane reflectors.
Detailed Description
The present invention is further illustrated by the following specific examples.
An identity verification system based on a cavity type photorefractive crystal PUF is disclosed in figures 1-3: the device comprises a light intensity modulation module, an optical PUF module 4 and a lens module which are sequentially arranged along a light path from left to right, and also comprises a data processing module; the light intensity modulation module comprises a light source 1, a beam expanding collimation system PBES2 and a spatial modulator SLM3, wherein the light source 1 is a pump light source and generates pump light, the pump light enters the spatial modulator SLM3 through the beam expanding collimation system PBES2 and then enters the optical PUF module; the optical PUF module 4 is of a cavity type structure and is composed of two optical PUF scattering sheets and four plane reflectors, wherein each optical PUF scattering sheet is composed of two glass plates and lithium niobate LiNbO doped with ferrozirconium3Fe and Zr granular crystals, two glass plates are parallel to each other, the opposite inner surfaces of the two glass plates are plated with film layers with the reflectivity of R =30%, the outer surfaces of the two glass plates are plated with high-permeability films, and the lithium niobate LiNbO with double-doped zirconium and iron is prepared by3Fe and Zr granular crystals are uniformly paved between the two glass flat plates, and the spatial positions of the crystals are randomly distributed and filled; the two optical PUF scattering sheets are perpendicular to the light path and arranged in parallel along the light path, and the two optical PUF scattering sheets are wrapped by four plane reflectors up, down, front and back to form a cavity type structure; the lens module comprises a positive lens 5, and the data processing module comprises a CCD camera 6 and a computer 7; light enters a CCD camera 6 through a positive lens 5 after being scattered by an optical PUF module 4, the CCD camera 6 is connected to a computer 7 through a serial data port, and the computer 7 internally contains an extraction program.
In the following examples: the light source 1 is a laser; the LiNbO3In Fe, Zr crystals, doped Zr4+Ion concentration of 4mol% and Fe3+The concentration is 0.03wt%, the shape is similar to tetrahedron, hexahedron, octahedron, ellipsoid and the like, and the crystal is a micron-scale photorefractive crystal; the size of the glass plate of the optical PUF scattering sheet is as follows: the thickness is 0.6mm, the area is 20mm multiplied by 20mm, and the lithium niobate LiNbO with double doped zirconium and iron is prepared3The filling thickness of Fe and Zr crystals is 0.8mm, so that the whole thickness of the optical PUF scattering sheet is 2mm, and the area is 20mm multiplied by 20 mm; the area of the plane reflector is 20mm multiplied by 40mm, and the size of the formed cavity type structureIs 20X 44 mm3。
According to different authentication methods, two embodiments are provided, which are respectively as follows:
example one
An identity verification system based on a cavity type photorefractive crystal PUF, a PUF is held by a user: the method comprises two working stages, namely a registration stage and an authentication stage, and is realized by the following steps:
1) a registration stage:
firstly, a light source 1 is used as a pumping light source, a vertical polarization laser with the wavelength of 632.8nm is adopted, and a P polarization state Gaussian beam with the beam intensity of 2w is generated;
secondly, the light beam passes through a beam expanding collimation system PBES2 to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;
thirdly, the emergent light beam with certain width after beam expansion and collimation irradiates on the SLM3, the phase of the light beam is influenced by the modulation information matrix to change the light intensity distribution and generate the excitation light with certain angle and light field distribution, wherein the excitation light is modulated by the modulation information matrix CkCharacterized by excitation matrix, k =1, 2, 3 … n, specifically { C, as drawn by the systemKMatrix cluster decision;
excitation light enters the ith optical PUF module 4, i =1, 2, 3 … m, and the optical PUF module 4 is used as an authentication credential of the optical PUF verification system to generate response light;
the emergent light from the ith optical PUF module 4 passes through the positive lens 5 to reduce the divergence angle of the scattered light beam;
sixthly, emergent light from the positive lens 5 is incident on the CCD camera 6, after 3s-4s, the CCD camera 6 collects the 2D speckle image, and the steady speckle image is processed into a '01' digital binary matrix as a response matrix P of a response signal by utilizing an extraction program in the computer 7ik;
Seventhly, determining a required excitation-response logarithm number n according to a safety requirement, and repeating the steps of the first step to the sixth step;
eighthly, manufacturing and registering m optical PUF modules according to actual use conditions, repeating the steps from the first step to the seventh step, and then responding to a matrix PikK =1, 2, 3 … n, i =12, 3 … m, as well as the modulation information matrix characterizing the excitation signal in step (C) as an excitation-response pair { Ck-PikK =1, 2, 3 … n, i =1, 2, 3 … m, which are stored in correspondence in a computer database;
2) and (3) an authentication stage:
setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;
secondly, starting a security authentication system, and waiting for the user to put in the ith optical PUF module 4, namely an 'identity card'; at this point, the computer calls an arbitrary excitation matrix C stored in the databasekK =1, 2, 3 … n, modulation information matrix C that will characterize the excitation signalkLoading to the spatial modulator SLM3 to generate excitation light; the excitation light acts on the optical PUF module 4 to generate response light, and the response light is converted into a response signal by an extraction program of the CCD camera 6 and the computer 7, wherein the response signal is represented by a binary matrix of "01" numerals, and becomes a response matrix P'ik,k=1、2、3…n,i= 1、2、3…m;
Computer 7 will process the processed "01" response matrix P'ikAnd the response matrix P of 01 taken out from the databaseikComparing the bit number d of the difference bits with a threshold delta, judging whether the bit number d of the difference bits passes through the threshold delta, and if the bit number d of the difference bits is larger than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is passed;
and fourthly, if the accuracy of the authentication result is improved, a plurality of excitation matrix excitation optical PUF modules can be used at one time, the steps from the third step to the fourth step are repeated, the generated response is compared with the registration response data stored in the library, and authentication is carried out by utilizing a majority matching principle.
Example two
An identity authentication system based on a cavity type photorefractive crystal PUF is characterized in that a user holds a plaintext pattern; an optical PUF module in the system is fixed, a user carries a plaintext pattern and carries out authentication on a safety system, the authentication system comprises two working stages, namely an enrollment stage and an authentication stage, and the authentication method is realized through the following steps:
1) a registration stage:
firstly, a light source 1 is used as a pumping light source, a vertical polarization laser with the wavelength of 632.8nm is adopted, and a P polarization state Gaussian beam with the beam intensity of 2w is generated;
secondly, the light beam passes through a beam expanding collimation system PBES2 to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;
thirdly, the emergent light beam with certain width after beam expansion and collimation irradiates on the SLM3, the phase of the light beam is influenced by the modulation information matrix to change the light intensity distribution and generate the excitation light carrying the identity information with certain angle and light field distribution, wherein the excitation signal of the excitation light is modulated by the modulation information matrix CkCharacterization, as excitation matrix, k =1, 2, 3 … n, determined specifically by the plain text pattern given by the user;
excitation light enters the optical PUF module 4, and the optical PUF module 4 is used as an authentication credential of the optical PUF verification system to generate response light;
the emergent light from the optical PUF module 4 passes through the positive lens 5 to reduce the divergence angle of the scattered light beam;
sixthly, emergent light from the positive lens 5 is incident on the CCD camera 6, after 3-4 s, the CCD camera 6 collects a 2D speckle image, the stable speckle image is processed into a '01' digital binary matrix by utilizing an extraction program in the computer 7, and the stable scattering light spot image is processed into a '01' digital binary matrix as a response matrix P of a response signalk;
Seventhly, repeating the steps from the first step to the sixth step according to the user, loading n plaintext patterns, recording n response signal matrixes, and responding to the response signals P at the momentkK =1, 2, 3 … n, stored in a computer database;
2) and (3) an authentication stage:
setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;
starting a security authentication system, and waiting for the user to put a kth plaintext pattern, namely an identity card; at this point, the laser will be characterizedModulation information matrix C of excitation signalkAnd a spatial modulator SLM3 loaded to generate excitation light, k =1, 2, 3 … n, which is applied to the optical PUF module 4 to generate response light, which is converted into a response signal by means of a CCD camera 6 and a computer 7 extraction program, wherein the response signal is represented by a binary matrix of "01" numbers and becomes a response matrix P'k,k=1、2、3…n;
Computer 7 will process the processed "01" response matrix P'kAnd the response matrix P of 01 taken out from the databasekComparing the difference bit with a threshold delta, judging whether the difference bit passes or not, and if the bit number d of the difference bit is greater than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is passed;
if the accuracy of the authentication result is to be improved, a plurality of plaintext patterns can be used at one time, the step III is repeated, the generated response is compared with the registration response data stored in the library, and authentication is performed by utilizing a majority of matching principles.
The scope of the invention is not limited to the above embodiments, and various modifications and changes may be made by those skilled in the art, and any modifications, improvements and equivalents within the spirit and principle of the invention should be included in the scope of the invention.
- 上一篇:石墨接头机器人自动装卡簧、装栓机
- 下一篇:一种密码管理方法、装置和输入终端
