阅读说明：本技术 一种基于光折变晶体puf的双程干涉式身份验证系统 (Double-pass interference type identity verification system based on photorefractive crystal PUF ) 是由 王安帮 王晨 常朋发 郭园园 赵彤 王龙生 贾志伟 于 2021-07-17 设计创作，主要内容包括：本发明公开了一种基于光折变晶体PUF的双程干涉式身份验证系统,涉及信息安全与身份验证领域。该系统包括从左到右依次布置的光强调制模块、偏振分束模块、光学PUF模块、光束透镜模块,同时还包括数据处理模块；光强调制模块包括光源、扩束准直系统PBES和空间调制器SLM,偏振分束模块包括偏振分束棱镜PBS,光学PUF模块由两块玻璃平板和锆铁双掺的铌酸锂LiNbO-(3)Fe,Zr颗粒状晶体构成,光束透镜模块包括正透镜Ⅰ、1/4λ波片和反射镜组,反射镜组由正透镜Ⅱ和凹面镜组成；数据处理模块包括CCD相机和计算机；CCD相机通过串行数据口连接于计算机,计算机含有提取程序。本发明让身份验证系统具有了更高的安全性和抗破译性。(The invention discloses a double-pass interference type identity verification system based on a photorefractive crystal PUF, and relates to the field of information security and identity verification. The system comprises a light intensity modulation module, a polarization beam splitting module, an optical PUF module and a beam lens module which are sequentially arranged from left to right, and also comprises a data processing module; the light intensity modulation module comprises a light source, a beam expanding collimation system PBES and a spatial modulator SLM, the polarization beam splitting module comprises a polarization beam splitting prism PBS, and the optical PUF module is composed of two glass plates and LiNbO which is formed by doping ferrozirconium 3 The light beam lens module comprises a positive lens I, an 1/4 lambda plate and a reflector group, and the reflector group consists of a positive lens II and a concave mirror; the data processing module comprises a CCD camera and a computer; the CCD camera is connected to the computer through serial data portThe computer contains an extraction program. The invention ensures that the identity authentication system has higher safety and anti-deciphering performance.)

1. The utility model provides a two-pass interferometric authentication system based on photorefractive crystal PUF which characterized in that: the device comprises a light intensity modulation module, a polarization beam splitting module, an optical PUF module (5), a beam lens module and a data processing module which are sequentially arranged from left to right;

the light intensity modulation module comprises a light source (1), a beam expanding collimation system PBES (2) and a spatial modulator SLM (3), wherein the light source (1) is a pumping light source and generates pumping light, and the pumping light enters the spatial modulator SLM (3) through the beam expanding collimation system PBES (2) and then enters the optical PUF module;

the polarization beam splitting module comprises a polarization beam splitting prism PBS (4), and the bevel edge of the polarization beam splitting prism PBS (4) forms a certain angle with the main optical axis;

the optical PUF module (5) is lithium niobate LiNbO which is formed by double doping of two glass plates and ferrozirconium₃Fe and Zr granular crystals, two glass plates are parallel to each other, the opposite inner surfaces of the two glass plates are plated with film layers with the reflectivity of R =30%, the outer surfaces of the two glass plates are plated with high-permeability films, and the lithium niobate LiNbO with double-doped zirconium and iron is prepared by₃Fe and Zr granular crystals are uniformly paved between the two glass flat plates, and the spatial positions of the crystals are randomly distributed and filled;

the light beam lens module comprises a positive lens I (6), an 1/4 lambda plate (7) and a reflector group (8), wherein the reflector group consists of a positive lens II (801) and a concave mirror (802); the lenses in the beam lens module are a positive lens I (6), an 1/4 lambda plate (7), a positive lens II (801) and a concave mirror (802) in sequence from left to right along the optical path;

the data processing module comprises a CCD camera (9) and a computer (10); the light is turned back through the reflector group (8), is output from the front surface of the optical PUF module (5), and then is collected by the CCD camera (9) through the polarized beam splitter prism PBS (4), the CCD camera (9) is connected to the computer (10) through a serial data port, and the computer (10) contains an extraction program.

2. The system of claim 1, wherein the photorefractive crystal PUF-based two-pass interferometric identity verification system comprises: the light source (1) is a laser.

3. The system of claim 1, wherein the photorefractive crystal PUF-based two-pass interferometric identity verification system comprises: the LiNbO₃In Fe, Zr crystals, doped Zr⁴⁺Ion concentration of 4mol% and Fe³⁺The concentration is 0.03wt%, the shape is similar to tetrahedron, hexahedron, octahedron and ellipsoid, and the crystal is a micron-scale photorefractive crystal.

4. The system of claim 1, wherein the photorefractive crystal PUF-based two-pass interferometric identity verification system comprises: the size of the glass plate of the optical PUF module (5) is as follows: the thickness is 0.6mm, and the area is 20mm multiplied by 20 mm; the lithium niobate LiNbO doped with zirconium and iron₃The filling thickness of the Fe and Zr granular crystals is 0.8mm, the overall thickness of the optical PUF module (5) is 2mm, and the area is 20mm x 20 mm.

5. The identity authentication method of the double-pass interferometric identity authentication system based on the photorefractive crystal PUF, according to claim 1, characterized in that: the method comprises two authentication methods which are respectively as follows:

the first authentication method is characterized in that a user carries an optical PUF module and authenticates in a security system, and the authentication method comprises two working stages, namely an enrollment stage and an authentication stage, and is realized through the following steps:

1) a registration stage:

firstly, a light source (1) is used as a pumping light source and outputs a light beam with a certain polarization state and intensity;

secondly, the light beam passes through a beam expanding collimation system PBES (2) to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;

the outgoing light beam with certain width after beam expansion and collimation irradiates on a spatial modulator SLM (3), the light beam phase is influenced by a modulation information matrix to change the light intensity distribution and generate the excitation light with certain angle and light field distribution, wherein the excitation light is modulated by a modulation information matrix C_kCharacterized by excitation matrix, k =1, 2, 3 … n, specifically { C, as drawn by the system_KMatrix cluster decision;

adjusting an included angle between the prism bevel edge of the polarizing beam splitter PBS (4) and the main optical axis, reducing the loss of the excitation light when the excitation light penetrates through the polarizing beam splitter PBS (4), and emitting the excitation light from the rear end surface after multiple scattering inside the ith optical PUF module (5), wherein i =1, 2 and 3 … m;

emergent light from the optical PUF module (5) passes through a positive lens I (6) and an 1/4 lambda plate (7) and enters a reflector set; through a positive lens II (801), a concave mirror (802) and an 1/4 lambda wave plate (7), the reflecting mirror group reflects emergent light to the emergent surface of the optical PUF module (5), and the angles of the reflected front and rear micro-beams are changed, so that the acting points on the same surface are changed;

because the light path is turned back, the optical PUF module (5) outputs a steady scattering light spot from the front surface and is incident to the polarizing beam splitter prism PBS (4), the light beam passes through the 1/4 lambda wave plate (7) twice before and after reflection, the polarization direction of the light beam is changed, and the polarizing beam splitter prism PBS (4) reflects the output light of the optical PUF module (5);

the PBS (4) reflects the output light of the optical PUF module (5) to a CCD camera (9) at the tail end of a reflection light path; the CCD camera (9) collects the steady-state scattering light spots, and the steady-state scattering light spot images are processed into a digital binary matrix of '01' by utilizing an extraction program in the computer (10) and taken as a response matrix P_ik；

Determining a required excitation-response logarithm number n according to a safety requirement, and repeating the steps from (i) - (c);

ninthly, according to the actual use condition, making and registering m optical PUF modules, repeating the steps of (first) to (phi), and responding to the matrix P_ikK =1, 2, 3 … n, i =1, 2, 3… m, as well as the modulation information matrix characterizing the excitation signal in step (C) as the excitation-response pair { C_k-P_ikK =1, 2, 3 … n, i =1, 2, 3 … m, which are stored in correspondence in a computer database;

2) and (3) an authentication stage:

setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;

starting a security authentication system, and waiting for the user to put in the ith optical PUF module (5), namely the identity card; at this point, the computer calls an arbitrary excitation matrix C stored in the database_kK =1, 2, 3 … n, modulation information matrix C that will characterize the excitation signal_kLoading to a spatial modulator SLM (3) to generate excitation light, acting on the optical PUF module (5), acting back to the optical PUF module (5) through the beam lens module to generate response light, and converting the response light into a response signal by using an extraction program of a CCD camera (9) and a computer (7), wherein the response signal is represented by a binary matrix of ' 01 ' number and becomes a response matrix P '_ik，k=1、2、3…n，i= 1、2、3…m；

③ the computer (10) will process the processed ' 01 ' response matrix P '_ikAnd the response matrix P of 01 taken out from the database_ikComparing the bit number d of the difference bit with a threshold delta, judging whether the bit number d of the difference bit passes or not, and if the bit number d of the difference bit is larger than the delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than delta, determining that the difference bits pass;

if the accuracy of the authentication result is to be improved, a plurality of excitation matrix excitation optical PUF modules can be used at one time, the step III is repeated, the generated response is compared with the registration response data stored in the library, and authentication is carried out by utilizing a majority matching principle;

the second authentication method is to fix the optical PUF module in the system, and the user carries a plaintext pattern (such as a fingerprint) to authenticate in the security system, and comprises two working stages, namely an enrollment stage and an authentication stage, and the authentication method is realized through the following steps:

1) a registration stage:

firstly, a light source (1) is used as a pumping light source and outputs a light beam with a certain polarization state and intensity;

secondly, the light beam passes through a beam expanding collimation system PBES (2) to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;

the outgoing light beam with certain width after beam expansion and collimation irradiates on a spatial modulator SLM (3), the light beam phase is influenced by a modulation information matrix to change the light intensity distribution, and excitation light carrying identity information with certain angle and light field distribution is generated, wherein the excitation signal of the excitation light is modulated by a modulation information matrix C_kCharacterization, as excitation matrix, k =1, 2, 3 … n, determined specifically by the plain text pattern given by the user;

adjusting an included angle between the prism bevel edge of the polarizing beam splitter PBS (4) and the main optical axis, reducing the loss of the excitation light when the excitation light penetrates through the polarizing beam splitter PBS (4), and emitting the excitation light from the surface of the rear end after the excitation light is scattered for multiple times in the optical PUF module (5);

emergent light from the optical PUF module (5) passes through a positive lens I (6) and an 1/4 lambda plate (7) and enters a reflector set; through a positive lens II (801), a concave mirror (802) and an 1/4 lambda wave plate (7), the reflecting mirror group reflects emergent light to the emergent surface of the optical PUF module (5), and the angles of the reflected front and rear micro-beams are changed, so that the acting points on the same surface are changed;

because the light path is turned back, the optical PUF module (5) outputs a steady scattering light spot from the front surface and is incident to the polarizing beam splitter prism PBS (4), the light beam passes through the 1/4 lambda wave plate (7) twice before and after reflection, the polarization direction of the light beam is changed, and the polarizing beam splitter prism PBS (4) reflects the output light of the optical PUF module (5);

the PBS (4) reflects the output light of the optical PUF module (5) to a CCD camera (9) at the tail end of a reflection light path; the CCD camera (9) collects the steady state scattering light spots, and the steady state scattering light spot images are processed into 01-shaped digital images by utilizing an extraction program in the computer (10)Binary matrix as response matrix P of response signals_k；

Eighthly, repeating the steps from the first step to the seventh step according to the user, loading n plaintext patterns, recording n response signal matrixes, and responding to the response signals P at the moment_kK =1, 2, 3 … n, stored in a computer database;

2) and (3) an authentication stage:

setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;

starting a security authentication system, and waiting for the user to put a kth plaintext pattern, namely an identity card; at this point, an excitation matrix C characterizing the excitation signal will be formed_k-loading into a spatial modulator SLM (3) to generate excitation light, k =1, 2, 3 … n, acting on the optical PUF module (5) through a beam lens module back to the optical PUF module (5) to produce response light, converting the response light into a response signal by means of an extraction program of a CCD camera (9) and a computer (10), wherein the response signal is represented by a binary matrix of "01" digits, being a response matrix P'_k，k=1、2、3…n；

③ the computer (10) will process the processed ' 01 ' response matrix P '_kAnd the response matrix P of 01 taken out from the database_kComparing the bit number d of the difference bits with a threshold delta, judging whether the bit number d of the difference bits passes through the threshold delta, and if the bit number d of the difference bits is larger than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is passed;

if the accuracy of the authentication result is to be improved, a plurality of plaintext patterns can be used at one time, the step III is repeated, the generated response is compared with the registration response data stored in the library, and authentication is performed by utilizing a majority of matching principles.

Technical Field

The invention relates to the field of information security and identity verification, in particular to a double-pass interference type identity verification system based on a photorefractive crystal PUF.

Background

With the development of technologies and networks, security systems for "personal identity" authentication have become widespread in people's lives. However, security issues with authentication continue to plague us, such as: system deciphered, token cloned, identity information tampered, etc. Therefore, it is very important to develop new authentication methods and tools.

Physically Unclonable Functions (PUFs) are Physical entities that introduce randomness during the manufacturing process, and it is very difficult to completely control micro-and nano-scale manufacturing differences in Physical media because their random Physical differences have natural characteristics that are difficult to clone or counterfeit. Therefore, a Physical Unclonable Function (PUF) based on random differences of physical entities eliminates the risk of key duplication from the physical level, and becomes the leading direction of authentication research.

Currently, research on PUFs mainly focuses on electronic PUFs and optical PUFs, which are implemented by introducing random differences during the fabrication process of integrated circuits, for example: SRAM PUF based on voltage divider circuit cells and APUF based on delay cells. But the PUF can be predicted by using a mode of matching the digital template attack and the side channel attack, and the safety is low. In contrast, an optical PUF implemented based on complex scattering, reflection, absorption, and non-linearity behaviors is more difficult to predict and clone. Therefore, the subsequent researchers have turned their eyes to the optical PUF, and the optical PUF method is becoming a hot spot in the fields of information security and authentication.

Since the 2001 proposal by Pappu et al for implementing an optical PUF with doped light scattering particles as a physical one-way function, optical PUF authentication systems implemented in various ways have been presented in succession, for example: the PUF authentication system is realized based on a quantum optical mode and is realized based on a space optical interferometry. The PUF authentication system realized based on the quantum optical mode has the advantages of high safety and low cost, but the system is extremely easily influenced by noise and has poor stability. The PUF system realized based on the space optical interferometry has the advantages of high stability and large CRP space, but because the doped material is glass, the output speckle patterns are 'linear' superposition, and the safety needs to be improved. Therefore, for the above reasons, it is necessary to develop a new authentication system to achieve the purposes of high security and high anti-tamper level.

Disclosure of Invention

The invention provides a double-pass interference type identity authentication system based on a photorefractive crystal PUF, aiming at solving the problems of poor safety or low anti-deciphering degree of the existing optical PUF identity authentication system.

The invention is realized by the following technical scheme: a double-pass interference type identity verification system based on a photorefractive crystal PUF comprises a light intensity modulation module, a polarization beam splitting module, an optical PUF module and a light beam lens module which are sequentially arranged from left to right, and also comprises a data processing module; the light intensity modulation module comprises a light source, a beam expanding collimation system PBES and a spatial modulator SLM, wherein the light source is a pumping light source and generates pumping light, and the pumping light enters the spatial modulator SLM through the beam expanding collimation system PBES and then enters the optical PUF module; the polarization beam splitting module comprises a polarization beam splitting prism PBS, and the bevel edge of the polarization beam splitting prism PBS forms a certain angle with the main optical axis; the optical PUF module is lithium niobate LiNbO doubly doped by two glass plates and ferrozirconium₃Fe, Zr granular crystal, two parallel glass plates with reflectivity R =platedon their inner surfaces30 percent of film layer, the outer surfaces of the two glass plates are plated with high-permeability films, and the lithium niobate LiNbO with double doped zirconium and iron₃Fe and Zr granular crystals are uniformly paved between the two glass flat plates, and the spatial positions of the crystals are randomly distributed and filled; the light beam lens module comprises a positive lens I, an 1/4 lambda plate and a reflector group, wherein the reflector group consists of a positive lens II and a concave mirror; the lenses in the beam lens module are a positive lens I, an 1/4 lambda wave plate, a positive lens II and a concave mirror in sequence from left to right along the light path; the data processing module comprises a CCD camera and a computer; the light is turned back through the reflector group, is output from the front surface of the optical PUF module and then is collected by the CCD camera through the Polarized Beam Splitter (PBS), the CCD camera is connected to a computer through a serial data port, and the computer contains an extraction program.

The invention provides a double-pass interference type identity verification system based on a photorefractive crystal PUF, which comprises a light intensity modulation module, a polarization beam splitting module, an optical PUF module, a light beam lens module and a data processing module, wherein the light intensity modulation module, the polarization beam splitting module, the optical PUF module and the light beam lens module are sequentially arranged along a light path from left to right, the light intensity modulation module is used for emitting light, expanding and collimating the light and modulating a light beam in a spatial domain, the light intensity modulation module comprises a light source, a beam expanding and collimating system PBES and a spatial modulator SLM (SLM), the light source is a pumping light source and generates pumping light which passes through the beam expanding and collimating system PBES and enters the spatial modulator SLM, the SLM needs to be loaded with a plaintext pattern by a system or artificially, the light intensity distribution is changed, identity information is carried, excitation light of the system enters a polarization beam splitting Prism (PBS), the light beam meeting specific polarization characteristics is transmitted through the PBS, other reflections are used for adjusting the bevel edge of the PBS prism to form a certain angle with a main optical axis, the loss of excitation light when passing through the PBS is reduced. The light beam enters the optical PUF module; the optical PUF module is an authentication credential of the verification system, when excitation light passes through the optical PUF module and the lens module and acts back to the optical PUF module, response light can be generated, the response light contains internal structure information of the optical PUF module, and the optical PUF module is composed of two glass plates and lithium niobate LiNbO doped with zirconium and iron₃Fe, Zr granular crystal, two parallel glass plates coated with a coating with reflectivity R =30% on their opposite inner surfacesFilm layer, two glass plates with high permeability film coated on their outer surfaces, and LiNbO₃Fe and Zr granular crystals are uniformly paved between the two glass flat plates, and the spatial positions of the crystals are randomly distributed; the optical PUF module is equivalent to a simple F-P interferometer, and in order to enable light beams to reflect in the PUF module for multiple times, the LiNbO which is doped with zirconium and iron and is laid is LiNbO₃The granular crystal of Fe and Zr has good photorefractive property, and the working principle is as follows: one is as follows: when excitation light irradiates the surface of the optical PUF module, the incident surface is used as a wave surface of the excitation light, a plurality of micro beams can be emitted, and the micro beams generate complex scattering and refraction due to the scattered crystal structure in the PUF; the specific action mechanism is as follows: one micro light beam is reflected and refracted to other crystal particles by the crystal particles and acts with the light beam generated by the original micro light beam at the position to enable the crystal to generate a nonlinear effect, so that the scattering and refraction characteristics of the original micro light beam at the position are changed, the interaction among different micro light beams is established, and the emitted speckle images are subjected to nonlinear superposition; the second step is as follows: the crystal particle shape structure is similar to class tetrahedron, hexahedron, octahedron, ellipsoid and the like, plays local effect to light, after the internal portion of crystal particle is incided to the microbeam, takes place multiple reflection in inside surface, realizes the effect of local light, promotes the inside light intensity of crystal particle, strengthens its photorefractive effect to make speckle pattern complexity promote. The lens module includes a positive lens for reducing a divergence angle of the scattered light beam. The light beam lens module comprises a positive lens I, an 1/4 lambda plate and a reflector group, the positive lens I reduces the divergence angle of scattered light beams, and the 1/4 lambda plate changes the polarization state of the light beams corresponding to pi/2 of the phase of light waves; the reflector group consists of a positive lens II and a concave mirror and is used for reflecting emergent light of the optical PUF module; the lenses in the beam lens module are a positive lens I, an 1/4 lambda plate, a positive lens II and a concave mirror in sequence from left to right along the optical path. The data processing module comprises a CCD camera and a computer; the light is turned back through the reflector group, is output from the front surface of the optical PUF module, is reflected by the PBS and is collected by the CCD camera, the CCD camera is connected with the computer through the serial data port, and the calculation is carried outThe CCD camera collects the steady-state response light spot image, transmits the steady-state response light spot image to the computer and processes data in the computer. In the working process of the verification system, two authentication methods are included, wherein in the first authentication method, a user carries an optical PUF module and performs authentication in a security system; in the second authentication method, a user carries a plaintext pattern and authenticates in a security system; both authentication methods include two phases, registration and authentication. The specific process is as follows:

the first authentication method is characterized in that a user carries an optical PUF module and authenticates in a security system, and the authentication method comprises two working stages, namely an enrollment stage and an authentication stage, and is realized through the following steps:

1) a registration stage:

firstly, a light source is used as a pumping light source and outputs a light beam with a certain polarization state and intensity;

secondly, the light beam passes through a beam expanding collimation system PBES to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;

irradiating the emergent light beam with certain width after beam expansion and collimation on the SLM, changing light intensity distribution by the influence of the modulation information matrix to generate exciting light with certain angle and light field distribution, wherein the exciting light is modulated by the modulation information matrix C_kCharacterized by excitation matrix, k =1, 2, 3 … n, specifically { C, as drawn by the system_KMatrix cluster decision;

adjusting an included angle between the prism bevel edge of the Polarizing Beam Splitter (PBS) and the main optical axis, reducing the loss of the excitation light when the excitation light penetrates through the Polarizing Beam Splitter (PBS), and after multiple scattering inside the ith optical PUF module, emitting the excitation light out of the rear end surface, wherein i =1, 2 and 3 … m;

emergent light from the optical PUF module passes through the positive lens I and the 1/4 lambda wave plate and enters the reflector group; through the positive lens II, the concave mirror and the 1/4 lambda wave plate, the reflecting mirror group reflects emergent light to the emergent surface of the optical PUF module, and the angles of the micro-beams before and after reflection are changed, so that the acting point on the same surface is changed;

because the light path is turned back, the optical PUF module outputs a steady scattering light spot from the front surface and is incident to the polarizing beam splitter prism PBS, the light beam passes through the 1/4 lambda wave plate twice before and after reflection, the polarization direction of the light beam is changed, and the polarizing beam splitter prism PBS reflects the output light of the optical PUF module;

the PBS reflects the output light of the optical PUF module to the CCD camera at the tail end of the reflection light path; the CCD camera collects the steady-state scattering light spots, and the steady-state scattering light spot image is processed into a digital binary matrix of '01' as a response matrix P by utilizing an extraction program in a computer_ik；

Determining a required excitation-response logarithm number n according to a safety requirement, and repeating the steps from (i) - (c);

ninthly, according to the actual use condition, making and registering m optical PUF modules, repeating the steps of (first) to (phi), and responding to the matrix P_ikK =1, 2, 3 … n, i =1, 2, 3 … m, together with the modulation information matrix characterizing the excitation signal in step (C), as excitation-response pairs { C_k-P_ikK =1, 2, 3 … n, i =1, 2, 3 … m, which are stored in correspondence in a computer database;

2) and (3) an authentication stage:

setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;

secondly, starting a security authentication system, and waiting for the user to put in an ith optical PUF module, namely an 'identity card'; at this point, the computer calls an arbitrary excitation matrix C stored in the database_kK =1, 2, 3 … n, modulation information matrix C that will characterize the excitation signal_kLoading the spatial modulator SLM to generate excitation light, applying the excitation light to the optical PUF module, applying the excitation light back to the optical PUF module through the beam lens module to generate response light, and converting the response light into a response signal by using an extraction program of the CCD camera and the computer, wherein the response signal is represented by a binary matrix of ' 01 ' number and becomes a response matrix P '_ik，k=1、2、3…n，i= 1、2、3…m；

③ the computer responds to the matrix P ' with the processed ' 01 '_ikTaken from database "01' response matrix P_ikComparing the bit number d of the difference bits with a threshold delta, judging whether the bit number d of the difference bits passes through the threshold delta, and if the bit number d of the difference bits is larger than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is passed;

and fourthly, if the accuracy of the authentication result is improved, a plurality of excitation matrix excitation optical PUF modules can be used at one time, the steps from the third step to the fourth step are repeated, the generated response is compared with the registration response data stored in the library, and authentication is carried out by utilizing a majority matching principle.

The second authentication method is to fix the optical PUF module in the system, and the user carries a plaintext pattern (such as a fingerprint) to authenticate in the security system, and comprises two working stages, namely an enrollment stage and an authentication stage, and the authentication method is realized through the following steps:

1) a registration stage:

firstly, a light source is used as a pumping light source and outputs a light beam with a certain polarization state and intensity;

secondly, the light beam passes through a beam expanding collimation system PBES to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;

the outgoing light beam with certain width after beam expansion and collimation irradiates on the SLM, the phase of the light beam is influenced by the modulation information matrix to change the light intensity distribution and generate the excitation light carrying the identity information with certain angle and light field distribution, wherein the excitation signal of the excitation light is modulated by the modulation information matrix C_kCharacterization, as excitation matrix, k =1, 2, 3 … n, determined in particular by the plain text pattern given by the user, such as the user's own fingerprint pattern;

adjusting an included angle between the prism bevel edge of the Polarizing Beam Splitter (PBS) and the main optical axis, reducing the loss of the excitation light when the excitation light penetrates through the Polarizing Beam Splitter (PBS), and emitting the excitation light from the surface of the rear end after the excitation light is scattered for multiple times inside the optical PUF module;

emergent light from the optical PUF module passes through the positive lens I and the 1/4 lambda wave plate and enters the reflector group; through the positive lens II, the concave mirror and the 1/4 lambda wave plate, the reflecting mirror group reflects emergent light to the emergent surface of the optical PUF module, and the angles of the micro-beams before and after reflection are changed, so that the acting point on the same surface is changed;

because the light path is turned back, the optical PUF module outputs a steady scattering light spot from the front surface and is incident to the polarizing beam splitter prism PBS, the light beam passes through the 1/4 lambda wave plate twice before and after reflection, the polarization direction of the light beam is changed, and the polarizing beam splitter prism PBS reflects the output light of the optical PUF module;

the PBS reflects the output light of the optical PUF module to the CCD camera at the tail end of the reflection light path; the CCD camera collects the steady-state scattering light spots, and the steady-state scattering light spot images are processed into a digital binary matrix of 01 by utilizing an extraction program in a computer and taken as a response matrix P of response signals_k；

Eighthly, repeating the steps from the first step to the seventh step according to the user, loading n plaintext patterns, recording n response signal matrixes, and responding to the response signals P at the moment_kK =1, 2, 3 … n, stored in a computer database;

2) and (3) an authentication stage:

setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;

starting a security authentication system, and waiting for the user to put a kth plaintext pattern, namely an identity card; at this point, an excitation matrix C characterizing the excitation signal will be formed_kLoading to a spatial modulator SLM generates excitation light, k =1, 2, 3 … n, which acts on the optical PUF module through a beam lens module back to the optical PUF module to produce response light, which is converted into a response signal by an extraction program of a CCD camera and a computer, wherein the response signal is represented by a binary matrix of "01" numbers, which becomes a response matrix P'_k，k=1、2、3…n；

③ the computer responds to the matrix P ' with the processed ' 01 '_kAnd the response matrix P of 01 taken out from the database_kComparing the bit number d of the difference bits with a threshold delta, judging whether the bit number d of the difference bits passes through the threshold delta, and if the bit number d of the difference bits is larger than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is madeIs passing;

if the accuracy of the authentication result is to be improved, a plurality of plaintext patterns can be used at one time, the step III is repeated, the generated response is compared with the registration response data stored in the library, and authentication is performed by utilizing a majority of matching principles.

Preferably, the light source is a laser.

Preferably, the LiNbO₃In Fe, Zr crystals, doped Zr⁴⁺Ion concentration of 4mol% and Fe³⁺0.03wt% concentration, and is similar to tetrahedron, hexahedron, octahedron, ellipsoid, etc. and micron level photorefractive crystal with excellent photorefractive property and response time up to tau_r=1.8 seconds, sensitivity S of 13.4cm/J, and can be at 250mw/cm²The photorefractive effect is generated under the P polarized light beam.

Compared with the prior art, the invention has the following beneficial effects: the double-pass interference type identity verification system based on the photorefractive crystal PUF changes the doping material and structure from the core component PUF module of the system, so that the identity verification system has higher safety and strong anti-deciphering performance. The optical PUF module of the present invention is different from other optical PUFs in that the doping material used is a photorefractive crystal, specifically, a zirconium-iron double-doped lithium niobate series (LiNbO) with excellent photorefractive characteristics₃Fe, Zr) crystal having a property that a refractive index changes with light intensity distribution, i.e., a photorefractive effect; when optical scattering exists in the PUF module, micro light beams at different space points can generate mutual influence due to a photorefractive effect, so that a response result is complex nonlinear superposition; the crystal has a granular structure, photons can be limited to a certain extent, the capacity of local light is enhanced, and the working pumping threshold is reduced; the inner surface of the optical PUF module is plated with the film layer, so that light beams can be reflected for multiple times, the combined action between micro light beams of different space points is established, and the influence on crystal particles is increased. The light path adopted by the invention has the return characteristic, the emergent light of the PUF module is reflected to other positions on the emergent surface of the PUF by utilizing an external optical structure, so that the micro-beams at different spatial positions are further influenced,the response result has higher safety and anti-decoding degree; meanwhile, a simple parallel plate similar to an F-P interferometer is adopted for laying the optical PUF module, and the optical PUF module is matched with a concave mirror structure with reflection characteristics for use, so that the manufacturing process is clear and reasonable; the interaction of different space position points in the PUF structure is greatly increased by utilizing the photorefractive effect, reflection and scattering, so that the crystal particles generate a nonlinear result; the light intensity distribution of the final 'steady-state' light spot has strong anti-decoding performance and high safety.

Drawings

Fig. 1 is a schematic diagram of a PUF verification system based on a photorefractive crystal.

Figure 2 is a flow diagram of the operation of a photorefractive crystal based PUF verification system.

Fig. 3 is a schematic diagram of the structure of an optical PUF module.

The figures are labeled as follows: the device comprises a 1-light source, a 2-beam expanding collimation system PBES, a 3-spatial modulator SLM, a 4-polarization beam splitter prism PBS, a 5-optical PUF module, a 6-positive lens I, a 7-1/4 lambda plate, an 8-reflector group, a 801-positive lens II, an 802-concave lens, a 9-CCD camera and a 10-computer.

Detailed Description

The present invention is further illustrated by the following specific examples.

A double-pass interference type identity verification system based on a photorefractive crystal PUF is disclosed in figures 1-3: the device comprises a light intensity modulation module, a polarization beam splitting module, an optical PUF module 5 and a beam lens module which are sequentially arranged from left to right, and also comprises a data processing module; the light intensity modulation module comprises a light source 1, a beam expanding collimation system PBES2 and a spatial modulator SLM3, wherein the light source 1 is a pump light source and generates pump light, the pump light enters the spatial modulator SLM3 through the beam expanding collimation system PBES2 and then enters the optical PUF module; the polarization beam splitting module comprises a polarization beam splitting prism PBS4, and the oblique side of the polarization beam splitting prism PBS4 forms a certain angle with the main optical axis; the optical PUF module 5 is lithium niobate LiNbO doubly doped by two glass plates and ferrozirconium₃Fe and Zr granular crystals, two glass plates are parallel to each other, and the opposite inner surfaces are coated with film layers with the reflectivity R =30%The outer surfaces of the two glass plates are plated with high-permeability films, and the lithium niobate LiNbO with double doped zirconium and iron is₃Fe and Zr granular crystals are uniformly paved between the two glass flat plates, and the spatial positions of the crystals are randomly distributed and filled; the light beam lens module comprises a positive lens I6, an 1/4 lambda plate 7 and a reflector group 8, wherein the reflector group consists of a positive lens II 801 and a concave mirror 802; the lenses in the beam lens module are a positive lens I6, an 1/4 lambda wave plate 7, a positive lens II 801 and a concave mirror 802 in sequence from left to right along the optical path; the data processing module comprises a CCD camera 9 and a computer 10; the light is turned back by the reflector group 8, is output from the front surface of the optical PUF module 5, and is collected by the CCD camera 9 through the polarization beam splitter PBS4, the CCD camera 9 is connected to the computer 10 through the serial data port, and the computer 10 contains an extraction program.

In the following examples: the light source 1 is a laser; the LiNbO₃In Fe, Zr crystals, doped Zr⁴⁺Ion concentration of 4mol% and Fe³⁺The concentration is 0.03wt%, the shape is similar to tetrahedron, hexahedron, octahedron, ellipsoid and the like, and the crystal is a micron-scale photorefractive crystal; the size of the glass plate of the optical PUF module 5 is: the thickness is 0.6mm, the area is 20mm multiplied by 20mm, and the lithium niobate LiNbO with double doped zirconium and iron is prepared₃The filling thickness of the Fe and Zr granular crystals is 0.8mm, the overall thickness of the optical PUF module 5 is 2mm, and the area is 20mm x 20 mm.

According to different authentication methods, two embodiments are provided, which are respectively as follows:

example one

The utility model provides a two-way interference formula authentication system based on photorefractive crystal PUF, the user carries optics PUF module, authenticates at the safety coefficient, includes two working phases, is registration phase and authentication phase respectively, realizes through following step:

1) a registration stage:

firstly, a light source 1 is used as a pumping light source, a vertical polarization laser with the wavelength of 632.8nm is adopted, and a P polarization state Gaussian beam with the beam intensity of 2w is generated;

secondly, the light beam passes through a beam expanding collimation system PBES2 to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;

thirdly, the emergent light beam with certain width after beam expansion and collimation irradiates on the SLM3, the phase of the light beam is influenced by the modulation information matrix to change the light intensity distribution and generate the excitation light with certain angle and light field distribution, wherein the excitation light is modulated by the modulation information matrix C_kCharacterized by excitation matrix, k =1, 2, 3 … n, specifically { C, as drawn by the system_KMatrix cluster decision;

adjusting the included angle between the prism bevel edge of the polarizing beam splitter PBS4 and the main optical axis to form an included angle of 45 degrees; the loss of the excitation light when the excitation light transmits through the polarization beam splitter PBS4 is reduced, the i-th optical PUF module 5 emits light from the rear end surface after multiple scattering, and i =1, 2, 3 … m;

emergent light from the optical PUF module 5 passes through a positive lens I6 and an 1/4 lambda wave plate 7, the divergence angle is reduced, pi/2 phase delay is generated, the polarization state of the emergent light is changed into circular polarization from a P state, and the circular polarization is reflected by a concave reflector; the emergent light is reflected to the emergent surface of the optical PUF module 5 by the reflector group through the positive lens II 801, the concave mirror 802 and the 1/4 lambda wave plate 7, and the polarization state of the light is changed from circular polarization to S-state polarization at the moment; the micro-beam angle before and after reflection changes, so that the action point on the same surface changes;

because the light path is turned back, the optical PUF module 5 outputs a steady scattering light spot from the front surface and enters the polarizing beam splitter PBS4, the light beam passes through the 1/4 lambda wave plate 7 twice before and after reflection, the polarization direction of the light beam is changed, and the polarizing beam splitter PBS4 reflects the output light of the optical PUF module 5;

the polarization beam splitter prism PBS4 reflects the output light of the optical PUF module 5 to the CCD camera 9 at the end of the reflection light path; after 3s-4s, the CCD camera 9 collects the steady-state scattering light spots, and the steady-state scattering light spot image is processed into a digital binary matrix of '01' as a response matrix P by utilizing an extraction program in the computer 10_ik；

Determining a required excitation-response logarithm number n according to a safety requirement, and repeating the steps from (i) - (c);

ninthly, manufacturing and registering m optical PUF modules according to actual use conditions, and repeatingStep one to eight, the response matrix P at the moment_ikK =1, 2, 3 … n, i =1, 2, 3 … m, together with the modulation information matrix characterizing the excitation signal in step (C), as excitation-response pairs { C_k-P_ikK =1, 2, 3 … n, i =1, 2, 3 … m, which are stored in correspondence in a computer database;

2) and (3) an authentication stage:

setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;

secondly, starting a security authentication system, and waiting for the user to put in the ith optical PUF module 5, namely an 'identity card'; at this point, the computer calls an arbitrary excitation matrix C stored in the database_kK =1, 2, 3 … n, modulation information matrix C that will characterize the excitation signal_kThe excitation light is applied to the spatial modulator SLM3 to generate excitation light, which is applied to the optical PUF module 5, and the excitation light is applied back to the optical PUF module 5 via the beam lens module to generate response light, which is converted into a response signal by the extraction program of the CCD camera 9 and the computer 7, wherein the response signal is represented by a binary matrix of "01" number and becomes a response matrix P'_ik，k=1、2、3…n，i= 1、2、3…m；

③ computer 10 will process the "01" response matrix P'_ikAnd the response matrix P of 01 taken out from the database_ikComparing the bit number d of the difference bits with a threshold delta, judging whether the bit number d of the difference bits passes through the threshold delta, and if the bit number d of the difference bits is larger than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is passed;

and fourthly, if the accuracy of the authentication result is improved, a plurality of excitation matrix excitation optical PUF modules can be used at one time, the steps from the third step to the fourth step are repeated, the generated response is compared with the registration response data stored in the library, and authentication is carried out by utilizing a majority matching principle.

Example two

The utility model provides a two-pass interference formula authentication system based on photorefractive crystal PUF, optics PUF module is certain in the system, and the user carries the plaintext pattern, authenticates at the safety coefficient, includes two working phase, is registration phase and authentication phase respectively, realizes through following step:

1) a registration stage:

firstly, a light source 1 is used as a pumping light source, a vertical polarization laser with the wavelength of 632.8nm is adopted, and a P polarization state Gaussian beam with the beam intensity of 2w is generated;

secondly, the light beam passes through a beam expanding collimation system PBES2 to be expanded and collimated, and the polarization state of the light beam is not influenced in the process;

thirdly, the emergent light beam with certain width after beam expansion and collimation irradiates on the SLM3, the phase of the light beam is influenced by the modulation information matrix to change the light intensity distribution and generate the excitation light carrying the identity information with certain angle and light field distribution, wherein the excitation signal of the excitation light is modulated by the modulation information matrix C_kCharacterization, as excitation matrix, k =1, 2, 3 … n, determined in particular by the plain text pattern given by the user, such as the user's own fingerprint pattern;

adjusting the included angle between the prism bevel edge of the polarizing beam splitter PBS4 and the main optical axis to form an included angle of 45 degrees; the loss of the excitation light when the excitation light penetrates through the polarizing beam splitter prism PBS4 is reduced, and the excitation light is emitted from the surface of the rear end after being scattered for multiple times inside the optical PUF module 5;

emergent light from the optical PUF module 5 passes through a positive lens I6 and an 1/4 lambda wave plate 7, the divergence angle is reduced, pi/2 phase delay is generated, the polarization state of the emergent light is changed into circular polarization from a P state, and the circular polarization is reflected by a concave reflector; the emergent light is reflected to the emergent surface of the optical PUF module 5 by the reflector group through the positive lens II 801, the concave mirror 802 and the 1/4 lambda wave plate 7, and the polarization state of the light is changed from circular polarization to S-state polarization at the moment; the micro-beam angle before and after reflection changes, so that the action point on the same surface changes;

because the light path is turned back, the optical PUF module 5 outputs a steady scattering light spot from the front surface and enters the polarizing beam splitter PBS4, the light beam passes through the 1/4 lambda wave plate 7 twice before and after reflection, the polarization direction of the light beam is changed, and the polarizing beam splitter PBS4 reflects the output light of the optical PUF module 5;

seventhly, a pair of polarizing beam splitter prisms PBS4The output light of the optical PUF module 5 is reflected to a CCD camera 9 at the tail end of a reflection light path; after 3s-4s, the CCD camera 9 collects the steady-state scattering light spots, and the steady-state scattering light spot image is processed into a digital binary matrix of '01' by using an extraction program in the computer 10 and used as a response matrix P of a response signal_k；

Eighthly, repeating the steps from the first step to the seventh step according to the user, loading n plaintext patterns, recording n response signal matrixes, and responding to the response signals P at the moment_kK =1, 2, 3 … n, stored in a computer database;

2) and (3) an authentication stage:

setting a threshold value as delta according to actual test performance in a registration process, and setting the bit number of difference bits between a response signal generated in authentication and the response signal stored in a database as d;

starting a security authentication system, and waiting for the user to put a kth plaintext pattern, namely an identity card; at this point, an excitation matrix C characterizing the excitation signal will be formed_kLoading to the spatial modulator SLM3 generates excitation light, k =1, 2, 3 … n, which acts on the optical PUF module 5 through the beam-lens module back to the optical PUF module 5 to produce response light, which is converted into a response signal by the extraction program of the CCD camera 9 and the computer 10, wherein the response signal is represented by a binary matrix of "01" numbers, which becomes the response matrix P'_k，k=1、2、3…n；

③ computer 10 will process the "01" response matrix P'_kAnd the response matrix P of 01 taken out from the database_kComparing the bit number d of the difference bits with a threshold delta, judging whether the bit number d of the difference bits passes through the threshold delta, and if the bit number d of the difference bits is larger than the threshold delta, determining that the identity authentication fails; if the bit number d of the difference bits is less than the threshold value delta, the judgment is passed;

if the accuracy of the authentication result is to be improved, a plurality of plaintext patterns can be used at one time, the step III is repeated, the generated response is compared with the registration response data stored in the library, and authentication is performed by utilizing a majority of matching principles.

The scope of the invention is not limited to the above embodiments, and various modifications and changes may be made by those skilled in the art, and any modifications, improvements and equivalents within the spirit and principle of the invention should be included in the scope of the invention.