CN106452739A - Quantum network service station and quantum communication network - Google Patents

Quantum network service station and quantum communication network Download PDF

Info

Publication number
CN106452739A
CN106452739A CN201610842874.0A CN201610842874A CN106452739A CN 106452739 A CN106452739 A CN 106452739A CN 201610842874 A CN201610842874 A CN 201610842874A CN 106452739 A CN106452739 A CN 106452739A
Authority
CN
China
Prior art keywords
quantum
key
quantum key
server
management server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610842874.0A
Other languages
Chinese (zh)
Inventor
富尧
钟民
钟一民
李浩泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Divine Land Zhejiang Quantum Network Science And Technology Ltd
Original Assignee
Divine Land Zhejiang Quantum Network Science And Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Divine Land Zhejiang Quantum Network Science And Technology Ltd filed Critical Divine Land Zhejiang Quantum Network Science And Technology Ltd
Priority to CN201610842874.0A priority Critical patent/CN106452739A/en
Publication of CN106452739A publication Critical patent/CN106452739A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a quantum network service station and a quantum communication network. The quantum network service station comprises a quantum service center used for forming a communication connection with each user side, and the quantum network service station is further provided with a true random number generator used for generating true random numbers; a user side key management server used for storing the true random numbers in the station and writing the true random numbers in a user specific device to form corresponding user side keys between the user side key management server and the user specific device, wherein the user side keys are separately applied to the encryption communication between the user sides and the quantum service center. According to the quantum network service station and the quantum communication network disclosed by the invention, the problem of access use and security of a quantum network terminal is solved by using a quantum key card.

Description

A kind of quantum network service station and quantum communication network
Technical field
The invention belongs to quantum cryptography communication field, more particularly to a kind of quantum network service station and quantum communications net Network.
Background technology
The safety of quantum communication system is unclonable fixed by the Heisenberg uncertainty principle in quantum mechanics and quantum Manage ensured, this causes the mathematical computational abilities for improving constantly not threaten the safety of quantum cipher communication system, i.e., Make in the following quantum computer appearance with powerful calculating ability, quantum cipher communication system remains safe.At present, point The quantum communication system that puts widely is studied, and the basis of commercialization has been had been provided with, but from practical application Angle is set out, and the access of multi-user is that nature is required, therefore to develop into networking be necessarily to become to quantum communication system from point-to-point Gesture.The research direction of quantum communication network includes the distribution of multi-user quantum key, Quantum repeater scheme, quantum network and classics The network integration, authentication and Routing Protocol etc., wherein have multiple access function, realize quantum key distribution, and realize The quantum service station of various communication protocols is core research contents.
Quantum service station is located at the tip of quantum communication network, and in succession user for one end, and responsible user accesses, and the other end is ined succession Special quantum network and classical communication network, realize the exchange of trans-regional user;Wherein below same quantum service station User constitute a LAN, between each quantum service station constitute wide area network.Quantum service station also needs to process similar warp Allusion quotation cryptography includes various tasks, including the task such as message authentication, authentication, data encrypting and deciphering and digital signature, wherein, disappears Breath certification ensure that integrity in the correctness of Data Source and message transmitting procedure, and authentication ensures the reliability of login user Property, digital signature guarantee information integrity, can not tamper and non repudiation, encryption and decryption guarantee communicate safe transmission. But service station (service centre or server) is only capable of realizing the single business of authentication or digital signature in existing quantum network Function, does not have to realize the quantum network service station of multiple business function.
It is that to arrange a quantum in each user close to solve at present the common method that service end accessed with multiple users Key dispensing device, service end forms the key distribution network of a 1*N with user side.Such as application number 201410337054.7 is special A kind of multi-user's wavelength-division multiplex quantum key distribution network system disclosed in profit application and its key distribution and sharing method, Alice carries out quantum key distribution and storage with multiple Bob users.And for example Bernd et al. is in document《A quantum access network》(NATURE 501(7465):69-72, September 2013) propose Alice is arranged on user side, Bob Service end is arranged on, and quantum key distribution is carried out using multiple Alice and Bob.These schemes all employ service end with Each user sets up the mode of a quantum key distribution circuit, and although this mode ensure that the reliability of communication security, But the extension of number of users is limited, and each user is required for the mode of cipher key distribution system to increase the cost of user, It is unfavorable for large-scale application.
Content of the invention
The present invention provides a kind of quantum network service station, and the access for solving quantum network terminal using quantum key card is used Problem with safety;By arranging quantum key storage server, row cache is entered to quantum key, meet needs under emergency case Demand using substantial amounts of quantum key.
A kind of quantum network service station, including quantum service centre, for communicating to connect with each user side, the quantum net Network service station is additionally provided with:
Real random number generator, for producing true random number;
User side Key Management server, for by the true random number station memory storage and write user-specific equipment with Corresponding user side key, the coded communication being respectively used between user side and quantum service centre is formed between the two.
Quantum network service station of the present invention changes the ways of distribution of existing quantum key between user side, using true Randomizer, generation true random number, and the quantum key card of user-specific is write, make as encrypted data for user With.
Optionally, the quantum service centre is additionally operable to by classic network and other quantum network service station communication link Connect;
The quantum network service station is additionally provided with quantum key control centre, for shared with other quantum network service stations Between standing, quantum key is called for quantum service centre.
Preferably, the quantum key control centre includes quantum key distribution equipment, quantum key management server With quantum key storage server;
The quantum key distribution equipment, for generate and other quantum network service stations between quantum key and send to Quantum key management server;
The quantum key management server, for sending the quantum key from quantum key distribution equipment to quantum Key storage service device is stored;Or in calling quantum key to send to quantum service from key storage service device The heart.
Quantum key management server is in communication with each other with quantum service centre and is connected, and quantum key distribution equipment and quantum are close Key storage server is connected with quantum key management server communication respectively.
Quantum key distribution equipment is arranged as required to one or more sets, and connected quantum service station corresponds Arrange.In practical application, it may be considered that be integrated many set quantum key distribution integration of equipments.
Preferably, the quantum service centre includes management center server, and take with the administrative center respectively Business device communication connection processes message authentication server, encryption and decryption server, authentication server and the numeral of corresponding service and signs Name authentication server;
The management center server is used for connecting with each user side and other quantum network service stations by classic network Connect, be also connected with the user side Key Management server and quantum key management server communication.
The present invention also provides a kind of quantum communication network, including being configured with the quantum network service station of user side, is additionally provided with Quantum key card, the quantum network service station is quantum network service station of the present invention, the quantum network service station In user side Key Management server and user side be respectively provided with the data transmission interface for matching with quantum key card.
The quantum network service station can arrange multiple, each other by classic network and quantum network corresponding The interaction of data and quantum key is carried out, necessary trunking etc. can be set up according to prior art.
Preferably, configuration is between the user side in same quantum network service station, by the user in quantum key card Side key carries out secret communication.
The consumption of the quantum key of quantum key distribution equipment generation can be reduced, limited quantum key is used for quantum Secret communication between network service station.
Preferably, the quantum key for being produced by quantum key distribution equipment between different quantum network service stations is entered Row secret communication.
With regard to quantum key card itself, the existing electronic equipment that can carry out data interaction, storage and process can be adopted, The hardware such as CPU, internal memory, memorizer can for example be included and be configured with operating system.
Optionally, the quantum key card is USBkey.
Optionally, the quantum key card is the board of plug type, the user side Key Management server and use Family end is respectively provided with corresponding interface.
In order to meet the demand under emergency case using a large amount of quantum keys, as preferred:
The quantum key management server is by the capacity sky of predetermined time interval detection quantum key storage server Between;
When detecting key storage service device and still having volume space, quantum key management server is to quantum key distribution Equipment application quantum key;
Quantum key management server is received sets up corresponding index after the quantum key of quantum key distribution equipment, Preserve in sending the quantum key for setting up index to quantum key storage server again.
Quantum service centre can submit key application to quantum key management server as needed, due to quantum key It is stored in quantum key storage server, therefore the quantum key surplus in quantum key storage server should meet key Shen Please measure.
Preferably, quantum service centre to quantum key management server call quantum key when, this call application bag Consumption containing quantum key, quantum key management server judges whether the quantum key surplus of quantum key storage server is more than Equal to quantum key consumption, if less than if inquired about by predetermined time interval repeatedly, until quantum key surplus is more than or equal to amount During sub-key consumption, the quantum that quantum key management server takes out foundation index from quantum key storage server on demand is close Key is sent to quantum service centre.
Preferably, described call in application comprising index information, quantum key management server according to index information from Corresponding quantum key is taken out in quantum key storage server is sent to quantum service centre.
The index (number) of quantum key with uniqueness in quantum key storage server, in interior communication, Can recognize that corresponding quantum network service station and position specifically used quantum key.
Beneficial effect of the present invention
1) access way that user side in prior art is also required to QKD equipment is changed, using quantum key card solution amount The access of sub-network terminal is using the problem with safety;
2) inside quantum network service station, message authentication, authentication, data encrypting and deciphering and digital signature can be achieved Etc. multiple tasks;
3) quantum key storage server is set inside quantum service station row cache is entered to quantum key, meet emergency case The lower demand for needing using substantial amounts of quantum key;
4) safety of the message transmission between quantum service station is by quantum key and algorithm guarantee, it is therefore prevented that message non- Method is distorted and is stolen secret information.
Description of the drawings
Fig. 1 is the present embodiment quantum network service station schematic diagram;
Fig. 2 is the present embodiment quantum service centre schematic diagram;
Fig. 3 is schematic diagram during two quantum network service station telex networks of the present embodiment;
Fig. 4 is quantum key application flow chart in the present embodiment quantum key management server;
When Fig. 5 is for sending data, the quantum-key distribution flow chart of quantum key management server;
When Fig. 6 is receiving data, the quantum-key distribution flow chart of quantum key management server;
Fig. 7 is used for the message authentication flow chart of quantum cipher key number for the present embodiment;
Fig. 8 is used for receiving the message authentication flow chart of quantum key numbering for the present embodiment.
Specific embodiment
Referring in a kind of quantum communication network of Fig. 1, Fig. 2, Fig. 3 the present embodiment, quantum network service station includes quantum service Center, quantum key control centre, real random number generator (the present embodiment adopts quantum random number generator) and user side Key Management server.
Wherein quantum key control centre includes:Quantum key distribution equipment;Quantum key management server and quantum are close Key storage server.
Wherein quantum service centre includes:Management center server;Message authentication server;Encryption and decryption server;Identity Certificate server and digital signature verification service device.
Quantum key distribution equipment is used for receiving the application key request of quantum key management server proposition, generates quantum Key Qk (can also be designated as Qk) below, and send to quantum key management server.
Quantum key is carried out by quantum key management server in real time to quantum key distribution equipment application quantum key Qk Numbering, i.e., quantum key numbering QID (can also be designated as QID below), is sent in quantum key storage server, while can connect The application key request of quantum service centre proposition is received, and quantum key Qk is taken out from quantum key storage server or quantum is close Key numbering QID, is sent to quantum service centre.
Quantum key storage server is used for storing quantum key Qk and the quantum key of the generation of quantum key distribution equipment Numbering QID.
When initial, need first prefabricated two sections with the identical key two-by-two of other quantum network service stations in quantum communication network It is stored in wherein, as shown in figure 3, inside quantum key server inside the A of quantum network service station, quantum network service station B Quantum key server all prestores key K_m1, key K_m2 (also can be designated as K_m1 and K_m2 below respectively), for first Use during message authentication.
Quantum random number generator is used for the application key request that receive user side Key Management server is proposed, growing amount Sub- random number, and it is sent to user side Key Management server;Adopt herein for true random number.
User side Key Management server, for distributing the quantum random number, memory storage writes quantum key at station Card is to form user side key between the two;The user side key of memory storage of standing is called for quantum service centre.The user side Key Management server has and accesses quantum key card function, the hair fastener of realization, registration, copies cipher key function, and with basis Seed key, by the new cipher key function that assignment algorithm is generated.
It is provided with management center server, message authentication server, encryption and decryption server, identity in quantum service centre to recognize Card server, digital signature authentication server.Management center server is used for and outside user side Key Management server, amount Data interaction is carried out between sub-key management server, classic network and user side, and corresponding data input to quantum is taken The message authentication server of business central interior, encryption and decryption server, authentication server, digital signature server, or will Data output inside quantum service centre is to outside quantum key management server, classic network etc..
Authentication server accesses the difference of quantum key card according to user, according to from user side Key Management server Middle extraction user side key QR, is decrypted into the identity information for transmitting encryption from user side in the identity letter of plaintext version Breath ID', and the identity information ID' of deciphering is compared whether identical with the identity information ID for prestoring, if the same it is proved to be successful, The system for allowing user to enter its login, otherwise authentication failed, does not allow its system to be logged in of User logs in.
Message authentication server has the function of encryption and decryption quantum key numbering QID, obtains from quantum key management server Take quantum key numbering QID of quantum key Qk needed for transmission data and according to message authentication key numbering QID_m1, message Certification cipher key number QID_m2 (also can be designated as QID_m1, QID_m2 below respectively) obtains the message used by key message certification Certification key QK_m1, message authentication key QK_m2 (also can be designated as QK_m1, QK_m2 below respectively), message authentication key here Numbering QID_m1, QID_m2 is the subset of quantum key numbering QID, and QK_m1, QK_m2 are the subset of Qk, first during message authentication Need not number, that obtained automatically is key K_m1, the K_m2 for prestoring.By quantum key numbering QID of quantum key information, under After message authentication key numbering QID_m1, the QID_m2 encryption of secondary message authentication, recipient is sent to by classic network, or from Quantum key numbering QID' of deciphering is numbered and generated to the quantum key for receiving encryption in classic network, and message authentication key is numbered QID_m1', also can be designated as QID', QID_m1', QID_m2' respectively below message authentication key numbering QID_m2'(), checking disappears The correctness in breath source and integrity.Before dispatching from the factory, need shared with other quantum network service stations in quantum communication network same A kind of message authentication code generating algorithm, for generating common message authentication code.
Encryption and decryption server obtains close according to demand from quantum key management server or user side Key Management server Key, the encryption information for transmitting from user side or classic network is deciphered, or needing to be transferred to user side or classic network Data encryption.
Digital signature server is obtained from quantum key management server or user side Key Management server according to demand Key, generates user side digital signature information, is sent to recipient;Or digital signature information is received, it is digitally signed checking.
User is connected with the quantum service centre in quantum network service station, and connected mode can be fixed network, also may be used To be mobile network, corresponding user can be fixed network user, can also be mobile network user.
Connected by quantum network and classic network between each quantum service station, quantum network is used for quantum network service Quantum key distribution equipment connection in standing, transmission is quantum signal, realizes both sides and produces identical quantum key, classical net Network is used for the connection of the quantum service centre in quantum network service station, all of classical letter in addition to quantum signal of transmission Number;
User applies for a quantum key card firstly the need of to quantum network service station before secret communication, with USBKey is Example, quantum key clamping enters user side Key Management server in quantum network service station, user side Key Management server to A certain amount of quantum random number of quantum random number generator application, and distribute the quantum random number, in station memory storage and writes Quantum key card is to form user side key between the two;After user takes quantum key card, by quantum key clamping access customer Used in end equipment.
During use, user side will treat that encryption and decryption data is sent to quantum key card, and quantum key Cali will with user side key User side is sent back to after data encrypting and deciphering.
After user side key is used for multiple times, can be using current user side key as seed key, USBKey passes through New user side key is generated with user side Key Management server algorithm shared in advance, realize the renewal of user side key.
User below same quantum network service station constitutes a LAN, and the secret communication in LAN is used The user side key that produces for quantum random number generator of key or the user side key after being updated by algorithm, the amount of reducing The consumption of the quantum key that quantum key distribution equipment is produced, limited quantum key is used for the guarantor between quantum network service station Close communication.
Due to the limited bit rate that becomes of quantum key distribution equipment, lower than classic network traffic rate very under normal circumstances Many, especially when there is emergency case to need the short time to transmit mass data, the code check that becomes of quantum key distribution equipment much meets The not encryption application of system.This patent is provided with quantum key storage server, as long as when discovery quantum key storage service The memory space of device less than when, just enter row vector quantum key distribution equipment application key, then to quantum key distribution equipment produce Raw quantum key is numbered, caches, for meeting the demand under emergency case using a large amount of quantum keys.The present embodiment divides In quantum key management server quantum key application process is not described;When sending data, quantum key management server Quantum-key distribution flow process;During receiving data, the quantum-key distribution flow process of quantum key management server.Referring to Fig. 4, this reality Apply in example quantum key application process in quantum key management server as follows:
Whether step one, the volume space of quantum key management server detection quantum key storage server have deposited Full, when volume space has been filled with, then enters and flow process waiting time T is waited, then judge whether capacity has been deposited again Full, until capacity is free;
Step 2, when the volume space for detecting key storage service device at one's leisure, quantum key management server vector Quantum key distribution equipment application key, after quantum key distribution equipment receives key application, generates quantum key Qk, and is sent to Quantum key management server;
After step 3, quantum key management server receive quantum key, quantum key is grouped according to size of data, example If every 1K data are as one group, and it is quantum key numbering QID to a numbering is compiled per group quantum key, QID is in quantum key With uniqueness in storage server, quantum key Qk and quantum key numbering QID are sent together to quantum key storage clothes Preserve in business device.
Referring to Fig. 5, when sending data, the quantum-key distribution flow process of quantum key management server is as follows:
Step one:Quantum service centre submits key application to quantum key management server, and application information includes quantum Key consumption, after quantum key management server receives application, judges size of key in quantum key storage server whether Enough, when size of key is not enough, enters then and wait flow process waiting time T is entered, then judge whether size of key is enough again, The waiting time is again introduced into when size of key is inadequate, until size of key is enough;
Step 2:When size of key is enough, quantum key management server is from withdrawal amount quantum key storage server Sub-key Qk and corresponding QID, sends jointly to quantum service centre.
Referring to Fig. 6, during receiving data, the quantum-key distribution flow process of quantum key management server is as follows:
Step one:Quantum service centre submits key application to quantum key management server, and application content includes quantum Cipher key number QID;
Step 2:Quantum key management server takes out quantum key Qk according to QID from quantum key storage server, It is sent to quantum service centre.
In the present invention, message authentication server can realize the message authentication between the user in different quantum network service stations, The message authentication in different quantum network service stations itself can also be realized, realized the correctness of checking informed source, confirm message The functions such as integrity, it is therefore prevented that illegally distorting and stealing to message.The present embodiment is to send and verify quantum key numbering QID As a example by, describe the message authentication flow process for quantum cipher key number, for receive quantum key numbering message authentication Flow process.
Referring to Fig. 7, the message authentication flow process in the present embodiment for quantum cipher key number is as follows:
Step one:Message authentication server info is extracted:Message authentication server is received from quantum key management server The data for sending, generate message when therefrom extracting quantum key numbering QID used by data transfer and next message authentication QID_m1 required for authentication code (MAC), and during next message authentication, generate the QID_m2 required for encryption data;
Step 2:Extract message authentication key:Determine whether to carry out message authentication for the first time, if carrying out for the first time Message authentication, then message authentication server notice quantum key management server is close by prestored in quantum key storage server Key K_m1, key K_m2 are sent to message authentication server;Message authentication is carried out if not first time, then message authentication service Device sends QID_m1, the QID_m2 for arranging after last message authentication, quantum key management clothes to quantum key management server Business device extracts QK_m1, QK_m2 from quantum key storage service according to QID_m1, QID_m2 and is sent to message authentication server;
Step 3:Generate message authentication code:Message authentication server by utilizing message authentication code algorithm set in advance and K_ M1 or QK_m1 generates message authentication code (MAC), and by taking QK_m1 as an example, message authentication code generates as follows:
The message authentication code MAC1=C (QK_m1, QID) of QID;
The message authentication code MAC2=C (QK_m1, QID_m1) of QID_m1;
The message authentication code MAC3=C (QK_m1, QID_m2) of QID_m2;
C refers to message authentication code generating algorithm.
Step 4:Generate encryption data:Generate the original authentication data with MAC and be respectively M1=(QID, MAC1), M2= (QID_m1, MAC2), M3=(QID_m2, MAC3), carries out adding to origination message authentication data further using K_m2 or QK_m2 Close, by taking QK_m2 as an example:
QID message authentication data after further XOR is encrypted are carried out to the origination message authentication data of QID M1k=M1 QK_m2;
QID_m1 message authentication number after being encrypted to the origination message authentication data of QID_m1 further According to M2k=M2 QK_m2;
QID_m2 message authentication number after being encrypted to the origination message authentication data of QID_m2 further According to M3k=M3 QK_m2;
Step 5:Generate complete cryptographic message certificates data and transmission:Message authentication server QID is encrypted after disappear The message authentication data M3k combination after the encryption of message authentication data M2k, QID_m2 after breath authentication data M1k, QID_m1 encryption Form message authentication data M=(M1k, M2k, M3k) together, and sent by classic network.
Referring to Fig. 8, as follows for receiving the message authentication flow process of quantum key numbering in the present embodiment:
Step one:Receive and parse through information:Message authentication server receives data M for sending over from classic network, from In parse QID encryption after message authentication data M1k', QID_m1 encryption after message authentication data M2k', QID_m2 encryption Message authentication data M3k' afterwards;
Step 2:Extract message authentication key:Judge whether it is to carry out message authentication for the first time, if carrying out for the first time Message authentication, then message authentication server notice quantum key management server will be default close in quantum key storage server Key K_m1, K_m2 are sent to message authentication server;If not first time carry out message authentication, then message authentication server to QID_m1, QID_m2 that quantum key management server is arranged after sending last message authentication, quantum key management server QK_m1, QK_m2 are extracted from quantum key data storehouse according to QID_m1, QID_m2 and is sent to message authentication server;
Step 3:Message data is deciphered:Message authentication server by utilizing K_m2 or QK_m2 deciphering M1k', M2k', M3k', Origination message authentication data M1', M2', M3' is obtained, decrypting process is the inverse operation of XOR.By taking QK_m2 as an example, decrypting process is M1'=M1k'QK_m2, M2'=M2k'QK_m2, M3'=M3k'QK_m2;
Step 4:Message data is parsed:
Message authentication server parse from origination message authentication data M1' cipher key number QID' used by data transfer, Message authentication code MAC1';
Cipher key number QID_m1' used by data transfer, message authentication code are parsed from origination message authentication document M2' MAC2',
Cipher key number QID_m2' used by data transfer, message authentication code are parsed from origination message authentication document M3' MAC3';
Step 5:Generate message authentication code:Message authentication server by utilizing message authentication code algorithm set in advance and K_ M1 or QK_m1 generate message authentication code (MAC), by taking QK_m1 as an example, the message authentication code MAC1'=C of QID' (QK_m1, QID'), the message authentication code MAC3'=C of message authentication code MAC2'=C (QK_m1, QID_m1'), the QID_m2' of QID_m1' (QK_m1, QID_m1');
Step 6:Message authentication code check:Whether relatively MAC1 is equal with MAC1', compare MAC2 and MAC2' whether phase Deng, compare whether MAC3 equal with MAC3', according to principle, the MAC generating algorithm adopted by both sides and QK_m1, QK_m2 are one Sample, when data QID for adopting are as QID', the message authentication code for obtaining is also the same, i.e., when QID is equal with QID' When, MAC1 is equal with MAC1', represents message authentication success;When data be tampered in transmitting procedure or Data Source not pair when, MAC1 is unequal with MAC1', represents message authentication failure;QID_m1 and QID m1', QID m2 and QID can be checked in the same manner Whether the message authentication of m2' is successful;
Step 7:Send assay:The message of message authentication success or failure is sent to sender, when message authentication becomes During work(, both sides message authentication server update QID_m1, QID_m2, for next message authentication;When message authentication failure, double Square message authentication server does not update QID_m1, QID_m2.

Claims (9)

1. a kind of quantum network service station, including quantum service centre, for communicating to connect with each user side, it is characterised in that The quantum network service station is additionally provided with:
Real random number generator, for producing true random number;
User side Key Management server, in station memory storage and writing user-specific equipment with two by the true random number Corresponding user side key, the coded communication being respectively used between user side and quantum service centre is formed between person.
2. quantum network service station as claimed in claim 1, it is characterised in that the quantum service centre is additionally operable to and other Quantum network service station communicates to connect;
The quantum network service station is additionally provided with quantum key control centre, between the shared station in other quantum network service stations Quantum key is called for quantum service centre.
3. quantum network service station as claimed in claim 2, it is characterised in that the quantum key control centre includes quantum Cipher key distribution system, quantum key management server and quantum key storage server;
The quantum key distribution equipment, for generate and other quantum network service stations between quantum key and send to quantum Key Management server;
The quantum key management server, for sending the quantum key from quantum key distribution equipment to quantum key Storage server is stored;Or call quantum key to send to the quantum service centre from key storage service device.
4. quantum network service station as claimed in claim 3, it is characterised in that the quantum service centre includes administrative center Server, and communicate to connect the message authentication server of process corresponding service respectively with the management center server, add solution Close server, authentication server and digital signature verification service device;
The management center server is used for being connected with each user side and other quantum network service stations by classic network, also It is connected with the user side Key Management server and quantum key management server communication.
5. quantum network service station as claimed in claim 4, it is characterised in that the quantum key management server is by predetermined Time interval detection quantum key storage server volume space;Still there is capacity when quantum key storage server is detected During space, quantum key management server is to quantum key distribution equipment application quantum key;Quantum key management server is received Set up corresponding index to after the quantum key from quantum key distribution equipment, then by the quantum key for setting up index send to Preserve in quantum key storage server.
6. quantum network service station as claimed in claim 3, it is characterised in that quantum service centre is to quantum key management clothes When business device calls quantum key, this calls application comprising quantum key consumption, and quantum key management server judges quantum key Whether the quantum key surplus of storage server is more than or equal to quantum key consumption, if less than if by predetermined time interval repeatedly Inquiry, until when quantum key surplus is more than or equal to quantum key consumption, quantum key management server is stored from quantum key The quantum key for taking out foundation index in server on demand is sent to quantum service centre.
7. quantum network service station as claimed in claim 6, it is characterised in that described call comprising index information in application, Quantum key management server is taken out corresponding quantum key from quantum key storage server according to index information and is sent to Quantum service centre.
8. a kind of quantum communication network, including being configured with the quantum network service station of user side, it is characterised in that be additionally provided with conduct The quantum key card of the user-specific equipment, the quantum network service station is the quantum described in any one of claim 1~7 Network service station, user side Key Management server in the quantum network service station and user side are respectively provided with close with quantum The data transmission interface that key card matches.
9. quantum communication network as claimed in claim 8, it is characterised in that the quantum key card be The board of formula, the user side Key Management server and user side are respectively provided with corresponding interface.
CN201610842874.0A 2016-09-23 2016-09-23 Quantum network service station and quantum communication network Pending CN106452739A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610842874.0A CN106452739A (en) 2016-09-23 2016-09-23 Quantum network service station and quantum communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610842874.0A CN106452739A (en) 2016-09-23 2016-09-23 Quantum network service station and quantum communication network

Publications (1)

Publication Number Publication Date
CN106452739A true CN106452739A (en) 2017-02-22

Family

ID=58167225

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610842874.0A Pending CN106452739A (en) 2016-09-23 2016-09-23 Quantum network service station and quantum communication network

Country Status (1)

Country Link
CN (1) CN106452739A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106953729A (en) * 2017-04-14 2017-07-14 江苏亨通问天量子信息研究院有限公司 Satellite communication encryption system and method based on quantum key
CN106961330A (en) * 2017-04-17 2017-07-18 江苏亨通问天量子信息研究院有限公司 Quantum key service station
CN107147491A (en) * 2017-06-01 2017-09-08 浙江九州量子信息技术股份有限公司 A kind of cipher key service framework communicated based on multiple terminals and distribution method
CN107911211A (en) * 2017-10-23 2018-04-13 浙江神州量子网络科技有限公司 Quick Response Code Verification System based on quantum communication network
CN108540436A (en) * 2018-01-10 2018-09-14 如般量子科技有限公司 The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network
CN108600152A (en) * 2018-03-01 2018-09-28 如般量子科技有限公司 Modified Kerberos identity authorization systems based on quantum communication network and method
CN108599925A (en) * 2018-03-20 2018-09-28 如般量子科技有限公司 A kind of modified AKA identity authorization systems and method based on quantum communication network
CN109067705A (en) * 2018-06-28 2018-12-21 如般量子科技有限公司 Modified Kerberos identity authorization system and method based on group communication
CN109412794A (en) * 2018-08-22 2019-03-01 南京南瑞国盾量子技术有限公司 A kind of quantum key automatic filling method and system adapting to power business
CN109919611A (en) * 2019-01-15 2019-06-21 如般量子科技有限公司 Anti- quantum calculation block chain method of commerce and system based on symmetric key pool server
CN109995519A (en) * 2017-12-31 2019-07-09 成都零光量子科技有限公司 A kind of quantum key traffic service method and system
CN110489987A (en) * 2019-08-23 2019-11-22 湖北凯乐量子通信光电科技有限公司 A kind of quantum secure storage system
CN111416706A (en) * 2020-03-03 2020-07-14 南京如般量子科技有限公司 Quantum secret communication system based on secret sharing and communication method thereof
CN112235106A (en) * 2020-10-26 2021-01-15 成都信息工程大学 Electronic seal management method and system based on quantum key
CN113132090A (en) * 2019-12-31 2021-07-16 科大国盾量子技术股份有限公司 System for sharing quantum key and secret communication method based on system
CN114337848A (en) * 2022-01-10 2022-04-12 南京中科齐信科技有限公司 Quantum cryptography secure application service system and method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006203559A (en) * 2005-01-20 2006-08-03 Mitsubishi Electric Corp Quantum cryptographic communication system and method
CN102196425A (en) * 2011-07-01 2011-09-21 安徽量子通信技术有限公司 Quantum-key-distribution-network-based mobile encryption system and communication method thereof
US20130208894A1 (en) * 2011-08-05 2013-08-15 Fabio Antonio Bovino Cryptographic key distribution system
CN104243143A (en) * 2013-06-08 2014-12-24 安徽量子通信技术有限公司 Mobile secret communication method based on quantum key distribution network
CN105471584A (en) * 2015-12-04 2016-04-06 长春大学 Identity authentication method based on quantum key encryption
CN105515780A (en) * 2016-01-12 2016-04-20 浙江神州量子网络科技有限公司 System and method for authenticating identity based on quantum key
CN206042014U (en) * 2016-09-23 2017-03-22 浙江神州量子网络科技有限公司 Quantum network service station and quantum communication network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006203559A (en) * 2005-01-20 2006-08-03 Mitsubishi Electric Corp Quantum cryptographic communication system and method
CN102196425A (en) * 2011-07-01 2011-09-21 安徽量子通信技术有限公司 Quantum-key-distribution-network-based mobile encryption system and communication method thereof
US20130208894A1 (en) * 2011-08-05 2013-08-15 Fabio Antonio Bovino Cryptographic key distribution system
CN104243143A (en) * 2013-06-08 2014-12-24 安徽量子通信技术有限公司 Mobile secret communication method based on quantum key distribution network
CN105471584A (en) * 2015-12-04 2016-04-06 长春大学 Identity authentication method based on quantum key encryption
CN105515780A (en) * 2016-01-12 2016-04-20 浙江神州量子网络科技有限公司 System and method for authenticating identity based on quantum key
CN206042014U (en) * 2016-09-23 2017-03-22 浙江神州量子网络科技有限公司 Quantum network service station and quantum communication network

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106953729A (en) * 2017-04-14 2017-07-14 江苏亨通问天量子信息研究院有限公司 Satellite communication encryption system and method based on quantum key
CN106953729B (en) * 2017-04-14 2023-06-13 江苏亨通问天量子信息研究院有限公司 Satellite communication encryption system and method based on quantum key
CN106961330A (en) * 2017-04-17 2017-07-18 江苏亨通问天量子信息研究院有限公司 Quantum key service station
CN107147491A (en) * 2017-06-01 2017-09-08 浙江九州量子信息技术股份有限公司 A kind of cipher key service framework communicated based on multiple terminals and distribution method
CN107911211A (en) * 2017-10-23 2018-04-13 浙江神州量子网络科技有限公司 Quick Response Code Verification System based on quantum communication network
CN109995519A (en) * 2017-12-31 2019-07-09 成都零光量子科技有限公司 A kind of quantum key traffic service method and system
CN108540436A (en) * 2018-01-10 2018-09-14 如般量子科技有限公司 The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network
CN108540436B (en) * 2018-01-10 2020-08-11 如般量子科技有限公司 Communication system and communication method for realizing information encryption and decryption transmission based on quantum network
CN108600152A (en) * 2018-03-01 2018-09-28 如般量子科技有限公司 Modified Kerberos identity authorization systems based on quantum communication network and method
CN108600152B (en) * 2018-03-01 2020-08-11 如般量子科技有限公司 Improved Kerberos identity authentication system and method based on quantum communication network
CN108599925A (en) * 2018-03-20 2018-09-28 如般量子科技有限公司 A kind of modified AKA identity authorization systems and method based on quantum communication network
CN109067705A (en) * 2018-06-28 2018-12-21 如般量子科技有限公司 Modified Kerberos identity authorization system and method based on group communication
CN109067705B (en) * 2018-06-28 2020-12-01 如般量子科技有限公司 Improved Kerberos identity authentication system and method based on group communication
CN109412794A (en) * 2018-08-22 2019-03-01 南京南瑞国盾量子技术有限公司 A kind of quantum key automatic filling method and system adapting to power business
CN109412794B (en) * 2018-08-22 2021-10-22 南京南瑞国盾量子技术有限公司 Quantum key automatic charging method and system suitable for power business
CN109919611A (en) * 2019-01-15 2019-06-21 如般量子科技有限公司 Anti- quantum calculation block chain method of commerce and system based on symmetric key pool server
CN110489987A (en) * 2019-08-23 2019-11-22 湖北凯乐量子通信光电科技有限公司 A kind of quantum secure storage system
CN113132090A (en) * 2019-12-31 2021-07-16 科大国盾量子技术股份有限公司 System for sharing quantum key and secret communication method based on system
CN113132090B (en) * 2019-12-31 2023-05-09 科大国盾量子技术股份有限公司 System for sharing quantum key and secret communication method based on system
CN111416706B (en) * 2020-03-03 2022-12-30 南京如般量子科技有限公司 Quantum secret communication system based on secret sharing and communication method thereof
CN111416706A (en) * 2020-03-03 2020-07-14 南京如般量子科技有限公司 Quantum secret communication system based on secret sharing and communication method thereof
CN112235106B (en) * 2020-10-26 2021-06-08 成都信息工程大学 Electronic seal management method and system based on quantum key
CN112235106A (en) * 2020-10-26 2021-01-15 成都信息工程大学 Electronic seal management method and system based on quantum key
CN114337848A (en) * 2022-01-10 2022-04-12 南京中科齐信科技有限公司 Quantum cryptography secure application service system and method

Similar Documents

Publication Publication Date Title
CN106452739A (en) Quantum network service station and quantum communication network
CN106357649B (en) User identity authentication system and method
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN106411525B (en) Message authentication method and system
US9509506B2 (en) Quantum key management
CN102916806B (en) Cryptograph key distribution system
CN108173649B (en) Message authentication method and system based on quantum key card
CN102420821B (en) Method and system for improving transmission security of file
CN108650028B (en) Multiple identity authentication system and method based on quantum communication network and true random number
CN108566273A (en) Identity authorization system based on quantum network
CN108964897B (en) Identity authentication system and method based on group communication
CN108768653A (en) Identity authorization system based on quantum key card
CN108599925A (en) A kind of modified AKA identity authorization systems and method based on quantum communication network
CN108964896B (en) Kerberos identity authentication system and method based on group key pool
CN108809636B (en) Communication system for realizing message authentication between members based on group type quantum key card
CN108600152B (en) Improved Kerberos identity authentication system and method based on quantum communication network
CN206042014U (en) Quantum network service station and quantum communication network
CN108847928B (en) Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
CN101677269A (en) Method and system for transmitting keys
CN110535626A (en) The quantum communications service station secret communication method and system of identity-based
CN108809633A (en) A kind of identity authentication method, apparatus and system
CN108880799B (en) Multi-time identity authentication system and method based on group key pool
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
JP2001344214A (en) Method for certifying terminal and cipher communication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination