Identity Authentication Based on Two-Beam Interference

A two-factor identity authentication method on the basis of two-beam interference was presented. While verifying a user’s identity, a specific “phase key” as well as a corresponding “phase lock” are both mandatory required for a successful authentication. Note that this scheme can not only check the legality of the users, but also verify their identity levels so as to grant them hierarchical access permissions to various resources of the protected systems or organizations. The authentication process is straightforward and could be implemented by a hybrid optic-electrical system. However, the system designing procedure involves an iterative Modified Phase Retrieval Algorithm (MPRA) and can only be achieved by digital means. Theoretical analysis and simulations both validate the effectiveness of our method.


Introduction
In the past decade, the theories and technologies of information security with optical means have drawn a lot of attentions due to its inherent advantages such as the ability of parallel data processing and the designing freedom of multiple-dimension.The most famous and important work in this area must be the image encryption scheme based on Double Random Phase Encoding (DRPE), which is reported by Refregier and Javidi in 1995 [1].Up to now, plenty of relevant works have been studied and developed, and they mainly concentrate on the aspects of image encryption/hiding and optical cryptanalysis [2][3][4][5][6][7][8][9][10][11][12][13][14][15].
In a recent letter, Zhang et al. proposed an approach for image encryption based on two beams' interference, in which an image was separated into two Phase-Only Masks (POMs) through an analytical derivation [16].Soon after, they again developed a method for hiding two images by introducing an extra phase retrieval algorithm [17]; Zhu et al. employed a polarization-selective Diffractive Optical Element to generate a desired secret image based on interference between two polarized wave fronts [18]; Han et al. proposed an alternative way to encode a secret image into a POM and an Amplitude-Only Mask relying on the principles of interference and vectors addition [19]; Tay et al. further applied the encryption scheme to encrypt color images [20]; More re-cently, Kumar et al. and Weng et al. independently showed the experimental results to verify the effectiveness of the optical image encryption based on interference [21,22]; Yang et al. introduced the concept of stream cipher to encode the secret images into two POMs based on Michelson interferometer, in which one POM is served as the encryption key while the other regarded as the ciphertext [23]; Yuan et al. and He et al. reported two kinds of image hiding methods for one image and multiple images separately on the basis of two beams' interference [24][25][26].However, to the best of our knowledge, most of the aforementioned image encryption schemes are also sufficiently suitable to be explained as an authentication system.In this paper, we are going to describe a two-factor identity authentication infrastructure with the help of two-beam interference and the MPRA.
The rest of this paper is organized in the following sequence: In Section 2, we first give a brief introduction of the Hash function and then come to a detailed description of the user authentication process and the system designing process successively.In Section 3, we provide the computational simulations to validate the feasibility of our method.In Section 4, we make the concluding remarks.

Description of the Method
When a user attempts to access to the confidential resources of the protected system, an authentication process is mandatorily required in advance.The involved steps are detailed as (Figure 1): 1) User enters a private password through an external device.By identifying the input password with all the passwords pre-stored in the database, the system can thus accomplish a preliminary verification: if there is not a match, that implies the visitor is unauthorized, and if there appears a match, a corresponding "phase lock" is then loaded and written into the Spatial Light Modulator (SLM 1 ); 2) After the confirmation of the first step, the user is indicated to plug in his "phase key", which is accordingly written into the SLM 2 ; 3) Two coherent plane waves, then modulated by the SLM 1 and SLM 2 separately, pass through a Half Mirror (HM) together and interference with each other at the output plane leading to an output image.It is recorded by a Charge-Coupled Device (CCD) and can be mathematically expressed as: exp( ( , )) * ( , , ) exp( ( , )) * ( , , ) ( , ) exp( ( , ))  ϕ are the amplitude part and phase part of the complex interference field at the output plane, respectively.Note that ( , ) O x y is then regarded as the output image, which is proportional to the interference intensity pattern; 4) By calculating the Correlation Coefficients (CCs) between the output image ( , ) O x y and the standard certification images in the database, one can easily allege whether the user's visiting request is legal: If the value of CC is higher than the predetermined threshold (e.g.0.95), it means a successful authentication while lower means a failure one.
To further explain the functionary of identity authentication of the proposed scheme, we provide a schematic diagram showed as Figure 2. According to the pre-established different levels of visiting permissions, all the legal users are divided into several groups (such as Group A, Group B, Group C, …, Group K) in advance, each of which has an amount of legal users depending on the practical requirement.For example, in Group A, B, C, the number of users is "l", "m" and "n", respectively.And every user in all the groups is assigned a private password and a phase key for authentication.It's worth to point out that different groups have been pre-assigned different standard certification images, and the details will be described later.That also means that the users of different groups will generate different certification images and then obtain different permissions to access to the system.As shown in Figure 2, the standard certification image "Lena" corresponds to the "high level" users, who can access all the confidential resources and have the highest priority, the image "Baboon" means the "medium level" users and the image "Airplane" stands for the "low level" users.
Prior to the designing process of our identity authentication method, as mentioned previously, we need first classify all the legal users into several groups with different permissions according to the actual requirements.Meanwhile, we also need to assign the standard certification images (e.g. the image "Lena", "Baboon"…) for each group.Here, we would like to roughly introduce the designing procedure by taking the "Group C", mentioned in Figure 2, as an example, and it can be depicted as follows: 1) Select a set of passwords arbitrarily (P C1 , P C2 , …, P Cn ); 2) For each user of the Group C (e.g.user C1), we create a phase lock (L C1 ) with the help of a pseudo random number generator, where the user's password is entered as the seed.Thereafter, all the created phase locks and their corresponding passwords are linked up separately and pre-stored in the database of the system; 3) Once obtain all the phase locks (L C1 , L C2 , L C3 , …, L Cn ) and given the standard certification image ("Airplane"), can we then determine all the corresponding phase keys separately by adopting MPRA technique.Up to now, we have got a sense of the designing process for Group C. And the passwords together with the phase keys are assigned to the users of Group C, separately.
In the following, we would like to give a detailed description about the key technique of our scheme, say MPRA as mentioned above.The problem to be solved can be described as: Give one amplitude constraint (a specific standard certification image) at the output plane, the other amplitude constraint (a matrix with all unities) at the SLM 2 and a fixed shifting vector (the Fresnel diffraction of a phase lock).We need then determine the distribution of the phase key at the SLM 2 .To facilitate the following statement, we express the Equation (1) in another way as: ( , ) ( , )exp( ( , )) ( , ) exp( ( , )) where ( , ) L x y and ( , ) exp( ( , )) , respectively.Operating a Fourier transform on both sides of Equation ( 2) followed by a simple derivation, we have where { }  represent the operations of Fourier transform (FT) and inverse FT, respectively.After a simple reasoning, we can realize that the system designing issue has turned to be finding a phase distribution ( , ) k x y ψ to satisfy the Equation (3).And this issue could be further transferred as a double-constraints phase retrieval problem with a fixed vector shifting ( ( , ) L x y ).Exactly for this purpose, we developed a MPRA technique.Note that this is an iterative evaluating method for seeking the optimal solution and has no analytic solutions.Therefore, our purpose is trying to determine the distribution of the phase key, ( , ) k x y ψ , rendering the resultant interference pattern ( ( , ) O x y ′ ) pretty close to the assigned standard certification image ( ( , ) O x y ), which is also be named as a target image in our MPRA.Here, the Correlation Coefficient (CC), defined as Equation (4), is recommended as the criteria to evaluate the similarity of ( , ) O x y ′ and ( , ) ) Now, assume that the iterative algorithm has reached the m-th loop, the succeeding iterations can be then mathematically expressed as: where the superscript notation "(m)" is the iteration times and the operator Phase{ }  represents taking the phase from a complex amplitude.The flowchart of the whole iterative algorithm is illustrated in Figure 3 and can also be summarized as follows: 1) Calculate the Fresnel diffraction of the phase key with initialized parameters in accordance with the Equation (5a); 2) Acquire the first estimate of the phase key by performing the inverse FT on the result of step (1) according to Equation (5b); 3) The estimated phase key propagates in Fresnel domain resulting in (2) (2) exp( ) based on Equation (5c); 4) Construct the interference field ( (2)   (2) exp( ) ) on the output plane by adding a fixed shifting vector L on the result of step (3) in line with Equation (5d); 5) Take the modulus of the outcome of step (4), it is compared with the standard certification image O , if the difference is less than a predefined threshold, we stop the iteration process.Otherwise, substi- tute O for jψ is what we are looking for.In this way, we complete the iterative MPRA and determine the phase key on the basis of a given standard certification image and a passwordcontrolled phase lock.

Numerical Simulations
We demonstrate our method with numerical simulations in the MATLAB R2010a environment.The standard certification images employed in the following simulations are all in the size of 256 × 256 pixels and quantified to 8 bits.And the quantification issue of the phase distributions is not taken into account for simplicity.The pixel size and the wavelength of the illuminating light are set as 0.02 mm and 632 nm respectively.Suppose that we are going to authorize three users as the members of group C mentioned above.First, we choose three passwords ("szu123", "sdu231" and "ao312"), which are used to control the phase locks.Meanwhile, three noise-like phase locks, showed as Figures 4(a)-(c), are constructed based on the three sets of pseudo random numbers, which are generated by a password-controlled pseudo random number generator.Third, the MPRA is applied to determine three corresponding phase keys to complete the system designing procedure.The related results are shown in Figure 4.Note that the value of threshold for CC in our whole simulations is set as 0.95.
For further validation, we extend the aforementioned example to a hierarchical authentication situation with six users: one with high level permission, two with medium level permissions and three with low level permissions.The results are shown in Figure 5 and depicted in Table 1.It should be noticed that a phase key together with each unmatched phase locks can also lead to an output image, which is similar with the standard certification image by naked eyes.This implies a potential security leak in practical applications.However, the data provided by Table 1 tell us a fact that it will not happen because the CC values between the incorrect output images and the standard certification image are far lower than the pre-selected threshold.

Conclusion
We presented a two-factor identity authentication scheme based on two-beam interference principle.A two beams' interferometer is adopted as the main unit to accomplish the authentication, and a MPRA technique is developed to determine the phase keys for the authorized users.Compared with some common authentication systems, the main advantages of our proposed method are that we cannot only check whether the user is legal but also verify its identity level.Furthermore, the two-factor (password-controlled phase lock and phase key) verifying mechanism provides a higher security strength.
of the phase lock and phase key respectively, ( , , ) h x y l represents the pulse response function of the Fresnel diffraction on the distance l , the symbol * means

Figure 2 .
Figure 2. Function diagram of the identity authentication for various users.

( 2 )
O ′ and repeat the above steps.Whenever ( ) m O ′ is sufficiently close to O , we claim that the corresponding estimated

Figure 5 .
Figure 5.The output images of the authentication for various situations (the iteration times is fixed as 500, independence).

Table 1 .
The CCs of the output images (as Figure5) with the standard certification images.

key 1 Phase key 2 Phase key 3 Phase key 4 Phase key 5 Phase key 6
Postdoctoral Science Foundation (2013M540662) and the Sino-German Center for Research Promotion (GZ 760).