CN106452739A - Quantum network service station and quantum communication network - Google Patents
Quantum network service station and quantum communication network Download PDFInfo
- Publication number
- CN106452739A CN106452739A CN201610842874.0A CN201610842874A CN106452739A CN 106452739 A CN106452739 A CN 106452739A CN 201610842874 A CN201610842874 A CN 201610842874A CN 106452739 A CN106452739 A CN 106452739A
- Authority
- CN
- China
- Prior art keywords
- quantum
- key
- quantum key
- server
- management server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a quantum network service station and a quantum communication network. The quantum network service station comprises a quantum service center used for forming a communication connection with each user side, and the quantum network service station is further provided with a true random number generator used for generating true random numbers; a user side key management server used for storing the true random numbers in the station and writing the true random numbers in a user specific device to form corresponding user side keys between the user side key management server and the user specific device, wherein the user side keys are separately applied to the encryption communication between the user sides and the quantum service center. According to the quantum network service station and the quantum communication network disclosed by the invention, the problem of access use and security of a quantum network terminal is solved by using a quantum key card.
Description
Technical field
The invention belongs to quantum cryptography communication field, more particularly to a kind of quantum network service station and quantum communications net
Network.
Background technology
The safety of quantum communication system is unclonable fixed by the Heisenberg uncertainty principle in quantum mechanics and quantum
Manage ensured, this causes the mathematical computational abilities for improving constantly not threaten the safety of quantum cipher communication system, i.e.,
Make in the following quantum computer appearance with powerful calculating ability, quantum cipher communication system remains safe.At present, point
The quantum communication system that puts widely is studied, and the basis of commercialization has been had been provided with, but from practical application
Angle is set out, and the access of multi-user is that nature is required, therefore to develop into networking be necessarily to become to quantum communication system from point-to-point
Gesture.The research direction of quantum communication network includes the distribution of multi-user quantum key, Quantum repeater scheme, quantum network and classics
The network integration, authentication and Routing Protocol etc., wherein have multiple access function, realize quantum key distribution, and realize
The quantum service station of various communication protocols is core research contents.
Quantum service station is located at the tip of quantum communication network, and in succession user for one end, and responsible user accesses, and the other end is ined succession
Special quantum network and classical communication network, realize the exchange of trans-regional user;Wherein below same quantum service station
User constitute a LAN, between each quantum service station constitute wide area network.Quantum service station also needs to process similar warp
Allusion quotation cryptography includes various tasks, including the task such as message authentication, authentication, data encrypting and deciphering and digital signature, wherein, disappears
Breath certification ensure that integrity in the correctness of Data Source and message transmitting procedure, and authentication ensures the reliability of login user
Property, digital signature guarantee information integrity, can not tamper and non repudiation, encryption and decryption guarantee communicate safe transmission.
But service station (service centre or server) is only capable of realizing the single business of authentication or digital signature in existing quantum network
Function, does not have to realize the quantum network service station of multiple business function.
It is that to arrange a quantum in each user close to solve at present the common method that service end accessed with multiple users
Key dispensing device, service end forms the key distribution network of a 1*N with user side.Such as application number 201410337054.7 is special
A kind of multi-user's wavelength-division multiplex quantum key distribution network system disclosed in profit application and its key distribution and sharing method,
Alice carries out quantum key distribution and storage with multiple Bob users.And for example Bernd et al. is in document《A quantum access
network》(NATURE 501(7465):69-72, September 2013) propose Alice is arranged on user side, Bob
Service end is arranged on, and quantum key distribution is carried out using multiple Alice and Bob.These schemes all employ service end with
Each user sets up the mode of a quantum key distribution circuit, and although this mode ensure that the reliability of communication security,
But the extension of number of users is limited, and each user is required for the mode of cipher key distribution system to increase the cost of user,
It is unfavorable for large-scale application.
Content of the invention
The present invention provides a kind of quantum network service station, and the access for solving quantum network terminal using quantum key card is used
Problem with safety;By arranging quantum key storage server, row cache is entered to quantum key, meet needs under emergency case
Demand using substantial amounts of quantum key.
A kind of quantum network service station, including quantum service centre, for communicating to connect with each user side, the quantum net
Network service station is additionally provided with:
Real random number generator, for producing true random number;
User side Key Management server, for by the true random number station memory storage and write user-specific equipment with
Corresponding user side key, the coded communication being respectively used between user side and quantum service centre is formed between the two.
Quantum network service station of the present invention changes the ways of distribution of existing quantum key between user side, using true
Randomizer, generation true random number, and the quantum key card of user-specific is write, make as encrypted data for user
With.
Optionally, the quantum service centre is additionally operable to by classic network and other quantum network service station communication link
Connect;
The quantum network service station is additionally provided with quantum key control centre, for shared with other quantum network service stations
Between standing, quantum key is called for quantum service centre.
Preferably, the quantum key control centre includes quantum key distribution equipment, quantum key management server
With quantum key storage server;
The quantum key distribution equipment, for generate and other quantum network service stations between quantum key and send to
Quantum key management server;
The quantum key management server, for sending the quantum key from quantum key distribution equipment to quantum
Key storage service device is stored;Or in calling quantum key to send to quantum service from key storage service device
The heart.
Quantum key management server is in communication with each other with quantum service centre and is connected, and quantum key distribution equipment and quantum are close
Key storage server is connected with quantum key management server communication respectively.
Quantum key distribution equipment is arranged as required to one or more sets, and connected quantum service station corresponds
Arrange.In practical application, it may be considered that be integrated many set quantum key distribution integration of equipments.
Preferably, the quantum service centre includes management center server, and take with the administrative center respectively
Business device communication connection processes message authentication server, encryption and decryption server, authentication server and the numeral of corresponding service and signs
Name authentication server;
The management center server is used for connecting with each user side and other quantum network service stations by classic network
Connect, be also connected with the user side Key Management server and quantum key management server communication.
The present invention also provides a kind of quantum communication network, including being configured with the quantum network service station of user side, is additionally provided with
Quantum key card, the quantum network service station is quantum network service station of the present invention, the quantum network service station
In user side Key Management server and user side be respectively provided with the data transmission interface for matching with quantum key card.
The quantum network service station can arrange multiple, each other by classic network and quantum network corresponding
The interaction of data and quantum key is carried out, necessary trunking etc. can be set up according to prior art.
Preferably, configuration is between the user side in same quantum network service station, by the user in quantum key card
Side key carries out secret communication.
The consumption of the quantum key of quantum key distribution equipment generation can be reduced, limited quantum key is used for quantum
Secret communication between network service station.
Preferably, the quantum key for being produced by quantum key distribution equipment between different quantum network service stations is entered
Row secret communication.
With regard to quantum key card itself, the existing electronic equipment that can carry out data interaction, storage and process can be adopted,
The hardware such as CPU, internal memory, memorizer can for example be included and be configured with operating system.
Optionally, the quantum key card is USBkey.
Optionally, the quantum key card is the board of plug type, the user side Key Management server and use
Family end is respectively provided with corresponding interface.
In order to meet the demand under emergency case using a large amount of quantum keys, as preferred:
The quantum key management server is by the capacity sky of predetermined time interval detection quantum key storage server
Between;
When detecting key storage service device and still having volume space, quantum key management server is to quantum key distribution
Equipment application quantum key;
Quantum key management server is received sets up corresponding index after the quantum key of quantum key distribution equipment,
Preserve in sending the quantum key for setting up index to quantum key storage server again.
Quantum service centre can submit key application to quantum key management server as needed, due to quantum key
It is stored in quantum key storage server, therefore the quantum key surplus in quantum key storage server should meet key Shen
Please measure.
Preferably, quantum service centre to quantum key management server call quantum key when, this call application bag
Consumption containing quantum key, quantum key management server judges whether the quantum key surplus of quantum key storage server is more than
Equal to quantum key consumption, if less than if inquired about by predetermined time interval repeatedly, until quantum key surplus is more than or equal to amount
During sub-key consumption, the quantum that quantum key management server takes out foundation index from quantum key storage server on demand is close
Key is sent to quantum service centre.
Preferably, described call in application comprising index information, quantum key management server according to index information from
Corresponding quantum key is taken out in quantum key storage server is sent to quantum service centre.
The index (number) of quantum key with uniqueness in quantum key storage server, in interior communication,
Can recognize that corresponding quantum network service station and position specifically used quantum key.
Beneficial effect of the present invention
1) access way that user side in prior art is also required to QKD equipment is changed, using quantum key card solution amount
The access of sub-network terminal is using the problem with safety;
2) inside quantum network service station, message authentication, authentication, data encrypting and deciphering and digital signature can be achieved
Etc. multiple tasks;
3) quantum key storage server is set inside quantum service station row cache is entered to quantum key, meet emergency case
The lower demand for needing using substantial amounts of quantum key;
4) safety of the message transmission between quantum service station is by quantum key and algorithm guarantee, it is therefore prevented that message non-
Method is distorted and is stolen secret information.
Description of the drawings
Fig. 1 is the present embodiment quantum network service station schematic diagram;
Fig. 2 is the present embodiment quantum service centre schematic diagram;
Fig. 3 is schematic diagram during two quantum network service station telex networks of the present embodiment;
Fig. 4 is quantum key application flow chart in the present embodiment quantum key management server;
When Fig. 5 is for sending data, the quantum-key distribution flow chart of quantum key management server;
When Fig. 6 is receiving data, the quantum-key distribution flow chart of quantum key management server;
Fig. 7 is used for the message authentication flow chart of quantum cipher key number for the present embodiment;
Fig. 8 is used for receiving the message authentication flow chart of quantum key numbering for the present embodiment.
Specific embodiment
Referring in a kind of quantum communication network of Fig. 1, Fig. 2, Fig. 3 the present embodiment, quantum network service station includes quantum service
Center, quantum key control centre, real random number generator (the present embodiment adopts quantum random number generator) and user side
Key Management server.
Wherein quantum key control centre includes:Quantum key distribution equipment;Quantum key management server and quantum are close
Key storage server.
Wherein quantum service centre includes:Management center server;Message authentication server;Encryption and decryption server;Identity
Certificate server and digital signature verification service device.
Quantum key distribution equipment is used for receiving the application key request of quantum key management server proposition, generates quantum
Key Qk (can also be designated as Qk) below, and send to quantum key management server.
Quantum key is carried out by quantum key management server in real time to quantum key distribution equipment application quantum key Qk
Numbering, i.e., quantum key numbering QID (can also be designated as QID below), is sent in quantum key storage server, while can connect
The application key request of quantum service centre proposition is received, and quantum key Qk is taken out from quantum key storage server or quantum is close
Key numbering QID, is sent to quantum service centre.
Quantum key storage server is used for storing quantum key Qk and the quantum key of the generation of quantum key distribution equipment
Numbering QID.
When initial, need first prefabricated two sections with the identical key two-by-two of other quantum network service stations in quantum communication network
It is stored in wherein, as shown in figure 3, inside quantum key server inside the A of quantum network service station, quantum network service station B
Quantum key server all prestores key K_m1, key K_m2 (also can be designated as K_m1 and K_m2 below respectively), for first
Use during message authentication.
Quantum random number generator is used for the application key request that receive user side Key Management server is proposed, growing amount
Sub- random number, and it is sent to user side Key Management server;Adopt herein for true random number.
User side Key Management server, for distributing the quantum random number, memory storage writes quantum key at station
Card is to form user side key between the two;The user side key of memory storage of standing is called for quantum service centre.The user side
Key Management server has and accesses quantum key card function, the hair fastener of realization, registration, copies cipher key function, and with basis
Seed key, by the new cipher key function that assignment algorithm is generated.
It is provided with management center server, message authentication server, encryption and decryption server, identity in quantum service centre to recognize
Card server, digital signature authentication server.Management center server is used for and outside user side Key Management server, amount
Data interaction is carried out between sub-key management server, classic network and user side, and corresponding data input to quantum is taken
The message authentication server of business central interior, encryption and decryption server, authentication server, digital signature server, or will
Data output inside quantum service centre is to outside quantum key management server, classic network etc..
Authentication server accesses the difference of quantum key card according to user, according to from user side Key Management server
Middle extraction user side key QR, is decrypted into the identity information for transmitting encryption from user side in the identity letter of plaintext version
Breath ID', and the identity information ID' of deciphering is compared whether identical with the identity information ID for prestoring, if the same it is proved to be successful,
The system for allowing user to enter its login, otherwise authentication failed, does not allow its system to be logged in of User logs in.
Message authentication server has the function of encryption and decryption quantum key numbering QID, obtains from quantum key management server
Take quantum key numbering QID of quantum key Qk needed for transmission data and according to message authentication key numbering QID_m1, message
Certification cipher key number QID_m2 (also can be designated as QID_m1, QID_m2 below respectively) obtains the message used by key message certification
Certification key QK_m1, message authentication key QK_m2 (also can be designated as QK_m1, QK_m2 below respectively), message authentication key here
Numbering QID_m1, QID_m2 is the subset of quantum key numbering QID, and QK_m1, QK_m2 are the subset of Qk, first during message authentication
Need not number, that obtained automatically is key K_m1, the K_m2 for prestoring.By quantum key numbering QID of quantum key information, under
After message authentication key numbering QID_m1, the QID_m2 encryption of secondary message authentication, recipient is sent to by classic network, or from
Quantum key numbering QID' of deciphering is numbered and generated to the quantum key for receiving encryption in classic network, and message authentication key is numbered
QID_m1', also can be designated as QID', QID_m1', QID_m2' respectively below message authentication key numbering QID_m2'(), checking disappears
The correctness in breath source and integrity.Before dispatching from the factory, need shared with other quantum network service stations in quantum communication network same
A kind of message authentication code generating algorithm, for generating common message authentication code.
Encryption and decryption server obtains close according to demand from quantum key management server or user side Key Management server
Key, the encryption information for transmitting from user side or classic network is deciphered, or needing to be transferred to user side or classic network
Data encryption.
Digital signature server is obtained from quantum key management server or user side Key Management server according to demand
Key, generates user side digital signature information, is sent to recipient;Or digital signature information is received, it is digitally signed checking.
User is connected with the quantum service centre in quantum network service station, and connected mode can be fixed network, also may be used
To be mobile network, corresponding user can be fixed network user, can also be mobile network user.
Connected by quantum network and classic network between each quantum service station, quantum network is used for quantum network service
Quantum key distribution equipment connection in standing, transmission is quantum signal, realizes both sides and produces identical quantum key, classical net
Network is used for the connection of the quantum service centre in quantum network service station, all of classical letter in addition to quantum signal of transmission
Number;
User applies for a quantum key card firstly the need of to quantum network service station before secret communication, with USBKey is
Example, quantum key clamping enters user side Key Management server in quantum network service station, user side Key Management server to
A certain amount of quantum random number of quantum random number generator application, and distribute the quantum random number, in station memory storage and writes
Quantum key card is to form user side key between the two;After user takes quantum key card, by quantum key clamping access customer
Used in end equipment.
During use, user side will treat that encryption and decryption data is sent to quantum key card, and quantum key Cali will with user side key
User side is sent back to after data encrypting and deciphering.
After user side key is used for multiple times, can be using current user side key as seed key, USBKey passes through
New user side key is generated with user side Key Management server algorithm shared in advance, realize the renewal of user side key.
User below same quantum network service station constitutes a LAN, and the secret communication in LAN is used
The user side key that produces for quantum random number generator of key or the user side key after being updated by algorithm, the amount of reducing
The consumption of the quantum key that quantum key distribution equipment is produced, limited quantum key is used for the guarantor between quantum network service station
Close communication.
Due to the limited bit rate that becomes of quantum key distribution equipment, lower than classic network traffic rate very under normal circumstances
Many, especially when there is emergency case to need the short time to transmit mass data, the code check that becomes of quantum key distribution equipment much meets
The not encryption application of system.This patent is provided with quantum key storage server, as long as when discovery quantum key storage service
The memory space of device less than when, just enter row vector quantum key distribution equipment application key, then to quantum key distribution equipment produce
Raw quantum key is numbered, caches, for meeting the demand under emergency case using a large amount of quantum keys.The present embodiment divides
In quantum key management server quantum key application process is not described;When sending data, quantum key management server
Quantum-key distribution flow process;During receiving data, the quantum-key distribution flow process of quantum key management server.Referring to Fig. 4, this reality
Apply in example quantum key application process in quantum key management server as follows:
Whether step one, the volume space of quantum key management server detection quantum key storage server have deposited
Full, when volume space has been filled with, then enters and flow process waiting time T is waited, then judge whether capacity has been deposited again
Full, until capacity is free;
Step 2, when the volume space for detecting key storage service device at one's leisure, quantum key management server vector
Quantum key distribution equipment application key, after quantum key distribution equipment receives key application, generates quantum key Qk, and is sent to
Quantum key management server;
After step 3, quantum key management server receive quantum key, quantum key is grouped according to size of data, example
If every 1K data are as one group, and it is quantum key numbering QID to a numbering is compiled per group quantum key, QID is in quantum key
With uniqueness in storage server, quantum key Qk and quantum key numbering QID are sent together to quantum key storage clothes
Preserve in business device.
Referring to Fig. 5, when sending data, the quantum-key distribution flow process of quantum key management server is as follows:
Step one:Quantum service centre submits key application to quantum key management server, and application information includes quantum
Key consumption, after quantum key management server receives application, judges size of key in quantum key storage server whether
Enough, when size of key is not enough, enters then and wait flow process waiting time T is entered, then judge whether size of key is enough again,
The waiting time is again introduced into when size of key is inadequate, until size of key is enough;
Step 2:When size of key is enough, quantum key management server is from withdrawal amount quantum key storage server
Sub-key Qk and corresponding QID, sends jointly to quantum service centre.
Referring to Fig. 6, during receiving data, the quantum-key distribution flow process of quantum key management server is as follows:
Step one:Quantum service centre submits key application to quantum key management server, and application content includes quantum
Cipher key number QID;
Step 2:Quantum key management server takes out quantum key Qk according to QID from quantum key storage server,
It is sent to quantum service centre.
In the present invention, message authentication server can realize the message authentication between the user in different quantum network service stations,
The message authentication in different quantum network service stations itself can also be realized, realized the correctness of checking informed source, confirm message
The functions such as integrity, it is therefore prevented that illegally distorting and stealing to message.The present embodiment is to send and verify quantum key numbering QID
As a example by, describe the message authentication flow process for quantum cipher key number, for receive quantum key numbering message authentication
Flow process.
Referring to Fig. 7, the message authentication flow process in the present embodiment for quantum cipher key number is as follows:
Step one:Message authentication server info is extracted:Message authentication server is received from quantum key management server
The data for sending, generate message when therefrom extracting quantum key numbering QID used by data transfer and next message authentication
QID_m1 required for authentication code (MAC), and during next message authentication, generate the QID_m2 required for encryption data;
Step 2:Extract message authentication key:Determine whether to carry out message authentication for the first time, if carrying out for the first time
Message authentication, then message authentication server notice quantum key management server is close by prestored in quantum key storage server
Key K_m1, key K_m2 are sent to message authentication server;Message authentication is carried out if not first time, then message authentication service
Device sends QID_m1, the QID_m2 for arranging after last message authentication, quantum key management clothes to quantum key management server
Business device extracts QK_m1, QK_m2 from quantum key storage service according to QID_m1, QID_m2 and is sent to message authentication server;
Step 3:Generate message authentication code:Message authentication server by utilizing message authentication code algorithm set in advance and K_
M1 or QK_m1 generates message authentication code (MAC), and by taking QK_m1 as an example, message authentication code generates as follows:
The message authentication code MAC1=C (QK_m1, QID) of QID;
The message authentication code MAC2=C (QK_m1, QID_m1) of QID_m1;
The message authentication code MAC3=C (QK_m1, QID_m2) of QID_m2;
C refers to message authentication code generating algorithm.
Step 4:Generate encryption data:Generate the original authentication data with MAC and be respectively M1=(QID, MAC1), M2=
(QID_m1, MAC2), M3=(QID_m2, MAC3), carries out adding to origination message authentication data further using K_m2 or QK_m2
Close, by taking QK_m2 as an example:
QID message authentication data after further XOR is encrypted are carried out to the origination message authentication data of QID
M1k=M1 QK_m2;
QID_m1 message authentication number after being encrypted to the origination message authentication data of QID_m1 further
According to M2k=M2 QK_m2;
QID_m2 message authentication number after being encrypted to the origination message authentication data of QID_m2 further
According to M3k=M3 QK_m2;
Step 5:Generate complete cryptographic message certificates data and transmission:Message authentication server QID is encrypted after disappear
The message authentication data M3k combination after the encryption of message authentication data M2k, QID_m2 after breath authentication data M1k, QID_m1 encryption
Form message authentication data M=(M1k, M2k, M3k) together, and sent by classic network.
Referring to Fig. 8, as follows for receiving the message authentication flow process of quantum key numbering in the present embodiment:
Step one:Receive and parse through information:Message authentication server receives data M for sending over from classic network, from
In parse QID encryption after message authentication data M1k', QID_m1 encryption after message authentication data M2k', QID_m2 encryption
Message authentication data M3k' afterwards;
Step 2:Extract message authentication key:Judge whether it is to carry out message authentication for the first time, if carrying out for the first time
Message authentication, then message authentication server notice quantum key management server will be default close in quantum key storage server
Key K_m1, K_m2 are sent to message authentication server;If not first time carry out message authentication, then message authentication server to
QID_m1, QID_m2 that quantum key management server is arranged after sending last message authentication, quantum key management server
QK_m1, QK_m2 are extracted from quantum key data storehouse according to QID_m1, QID_m2 and is sent to message authentication server;
Step 3:Message data is deciphered:Message authentication server by utilizing K_m2 or QK_m2 deciphering M1k', M2k', M3k',
Origination message authentication data M1', M2', M3' is obtained, decrypting process is the inverse operation of XOR.By taking QK_m2 as an example, decrypting process is
M1'=M1k'QK_m2, M2'=M2k'QK_m2, M3'=M3k'QK_m2;
Step 4:Message data is parsed:
Message authentication server parse from origination message authentication data M1' cipher key number QID' used by data transfer,
Message authentication code MAC1';
Cipher key number QID_m1' used by data transfer, message authentication code are parsed from origination message authentication document M2'
MAC2',
Cipher key number QID_m2' used by data transfer, message authentication code are parsed from origination message authentication document M3'
MAC3';
Step 5:Generate message authentication code:Message authentication server by utilizing message authentication code algorithm set in advance and K_
M1 or QK_m1 generate message authentication code (MAC), by taking QK_m1 as an example, the message authentication code MAC1'=C of QID' (QK_m1,
QID'), the message authentication code MAC3'=C of message authentication code MAC2'=C (QK_m1, QID_m1'), the QID_m2' of QID_m1'
(QK_m1, QID_m1');
Step 6:Message authentication code check:Whether relatively MAC1 is equal with MAC1', compare MAC2 and MAC2' whether phase
Deng, compare whether MAC3 equal with MAC3', according to principle, the MAC generating algorithm adopted by both sides and QK_m1, QK_m2 are one
Sample, when data QID for adopting are as QID', the message authentication code for obtaining is also the same, i.e., when QID is equal with QID'
When, MAC1 is equal with MAC1', represents message authentication success;When data be tampered in transmitting procedure or Data Source not pair when,
MAC1 is unequal with MAC1', represents message authentication failure;QID_m1 and QID m1', QID m2 and QID can be checked in the same manner
Whether the message authentication of m2' is successful;
Step 7:Send assay:The message of message authentication success or failure is sent to sender, when message authentication becomes
During work(, both sides message authentication server update QID_m1, QID_m2, for next message authentication;When message authentication failure, double
Square message authentication server does not update QID_m1, QID_m2.
Claims (9)
1. a kind of quantum network service station, including quantum service centre, for communicating to connect with each user side, it is characterised in that
The quantum network service station is additionally provided with:
Real random number generator, for producing true random number;
User side Key Management server, in station memory storage and writing user-specific equipment with two by the true random number
Corresponding user side key, the coded communication being respectively used between user side and quantum service centre is formed between person.
2. quantum network service station as claimed in claim 1, it is characterised in that the quantum service centre is additionally operable to and other
Quantum network service station communicates to connect;
The quantum network service station is additionally provided with quantum key control centre, between the shared station in other quantum network service stations
Quantum key is called for quantum service centre.
3. quantum network service station as claimed in claim 2, it is characterised in that the quantum key control centre includes quantum
Cipher key distribution system, quantum key management server and quantum key storage server;
The quantum key distribution equipment, for generate and other quantum network service stations between quantum key and send to quantum
Key Management server;
The quantum key management server, for sending the quantum key from quantum key distribution equipment to quantum key
Storage server is stored;Or call quantum key to send to the quantum service centre from key storage service device.
4. quantum network service station as claimed in claim 3, it is characterised in that the quantum service centre includes administrative center
Server, and communicate to connect the message authentication server of process corresponding service respectively with the management center server, add solution
Close server, authentication server and digital signature verification service device;
The management center server is used for being connected with each user side and other quantum network service stations by classic network, also
It is connected with the user side Key Management server and quantum key management server communication.
5. quantum network service station as claimed in claim 4, it is characterised in that the quantum key management server is by predetermined
Time interval detection quantum key storage server volume space;Still there is capacity when quantum key storage server is detected
During space, quantum key management server is to quantum key distribution equipment application quantum key;Quantum key management server is received
Set up corresponding index to after the quantum key from quantum key distribution equipment, then by the quantum key for setting up index send to
Preserve in quantum key storage server.
6. quantum network service station as claimed in claim 3, it is characterised in that quantum service centre is to quantum key management clothes
When business device calls quantum key, this calls application comprising quantum key consumption, and quantum key management server judges quantum key
Whether the quantum key surplus of storage server is more than or equal to quantum key consumption, if less than if by predetermined time interval repeatedly
Inquiry, until when quantum key surplus is more than or equal to quantum key consumption, quantum key management server is stored from quantum key
The quantum key for taking out foundation index in server on demand is sent to quantum service centre.
7. quantum network service station as claimed in claim 6, it is characterised in that described call comprising index information in application,
Quantum key management server is taken out corresponding quantum key from quantum key storage server according to index information and is sent to
Quantum service centre.
8. a kind of quantum communication network, including being configured with the quantum network service station of user side, it is characterised in that be additionally provided with conduct
The quantum key card of the user-specific equipment, the quantum network service station is the quantum described in any one of claim 1~7
Network service station, user side Key Management server in the quantum network service station and user side are respectively provided with close with quantum
The data transmission interface that key card matches.
9. quantum communication network as claimed in claim 8, it is characterised in that the quantum key card be
The board of formula, the user side Key Management server and user side are respectively provided with corresponding interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610842874.0A CN106452739A (en) | 2016-09-23 | 2016-09-23 | Quantum network service station and quantum communication network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610842874.0A CN106452739A (en) | 2016-09-23 | 2016-09-23 | Quantum network service station and quantum communication network |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106452739A true CN106452739A (en) | 2017-02-22 |
Family
ID=58167225
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610842874.0A Pending CN106452739A (en) | 2016-09-23 | 2016-09-23 | Quantum network service station and quantum communication network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106452739A (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106953729A (en) * | 2017-04-14 | 2017-07-14 | 江苏亨通问天量子信息研究院有限公司 | Satellite communication encryption system and method based on quantum key |
CN106961330A (en) * | 2017-04-17 | 2017-07-18 | 江苏亨通问天量子信息研究院有限公司 | Quantum key service station |
CN107147491A (en) * | 2017-06-01 | 2017-09-08 | 浙江九州量子信息技术股份有限公司 | A kind of cipher key service framework communicated based on multiple terminals and distribution method |
CN107911211A (en) * | 2017-10-23 | 2018-04-13 | 浙江神州量子网络科技有限公司 | Quick Response Code Verification System based on quantum communication network |
CN108540436A (en) * | 2018-01-10 | 2018-09-14 | 如般量子科技有限公司 | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network |
CN108600152A (en) * | 2018-03-01 | 2018-09-28 | 如般量子科技有限公司 | Modified Kerberos identity authorization systems based on quantum communication network and method |
CN108599925A (en) * | 2018-03-20 | 2018-09-28 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on quantum communication network |
CN109067705A (en) * | 2018-06-28 | 2018-12-21 | 如般量子科技有限公司 | Modified Kerberos identity authorization system and method based on group communication |
CN109412794A (en) * | 2018-08-22 | 2019-03-01 | 南京南瑞国盾量子技术有限公司 | A kind of quantum key automatic filling method and system adapting to power business |
CN109919611A (en) * | 2019-01-15 | 2019-06-21 | 如般量子科技有限公司 | Anti- quantum calculation block chain method of commerce and system based on symmetric key pool server |
CN109995519A (en) * | 2017-12-31 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key traffic service method and system |
CN110489987A (en) * | 2019-08-23 | 2019-11-22 | 湖北凯乐量子通信光电科技有限公司 | A kind of quantum secure storage system |
CN111416706A (en) * | 2020-03-03 | 2020-07-14 | 南京如般量子科技有限公司 | Quantum secret communication system based on secret sharing and communication method thereof |
CN112235106A (en) * | 2020-10-26 | 2021-01-15 | 成都信息工程大学 | Electronic seal management method and system based on quantum key |
CN113132090A (en) * | 2019-12-31 | 2021-07-16 | 科大国盾量子技术股份有限公司 | System for sharing quantum key and secret communication method based on system |
CN114337848A (en) * | 2022-01-10 | 2022-04-12 | 南京中科齐信科技有限公司 | Quantum cryptography secure application service system and method |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006203559A (en) * | 2005-01-20 | 2006-08-03 | Mitsubishi Electric Corp | Quantum cryptographic communication system and method |
CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
US20130208894A1 (en) * | 2011-08-05 | 2013-08-15 | Fabio Antonio Bovino | Cryptographic key distribution system |
CN104243143A (en) * | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | Mobile secret communication method based on quantum key distribution network |
CN105471584A (en) * | 2015-12-04 | 2016-04-06 | 长春大学 | Identity authentication method based on quantum key encryption |
CN105515780A (en) * | 2016-01-12 | 2016-04-20 | 浙江神州量子网络科技有限公司 | System and method for authenticating identity based on quantum key |
CN206042014U (en) * | 2016-09-23 | 2017-03-22 | 浙江神州量子网络科技有限公司 | Quantum network service station and quantum communication network |
-
2016
- 2016-09-23 CN CN201610842874.0A patent/CN106452739A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006203559A (en) * | 2005-01-20 | 2006-08-03 | Mitsubishi Electric Corp | Quantum cryptographic communication system and method |
CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
US20130208894A1 (en) * | 2011-08-05 | 2013-08-15 | Fabio Antonio Bovino | Cryptographic key distribution system |
CN104243143A (en) * | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | Mobile secret communication method based on quantum key distribution network |
CN105471584A (en) * | 2015-12-04 | 2016-04-06 | 长春大学 | Identity authentication method based on quantum key encryption |
CN105515780A (en) * | 2016-01-12 | 2016-04-20 | 浙江神州量子网络科技有限公司 | System and method for authenticating identity based on quantum key |
CN206042014U (en) * | 2016-09-23 | 2017-03-22 | 浙江神州量子网络科技有限公司 | Quantum network service station and quantum communication network |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106953729A (en) * | 2017-04-14 | 2017-07-14 | 江苏亨通问天量子信息研究院有限公司 | Satellite communication encryption system and method based on quantum key |
CN106953729B (en) * | 2017-04-14 | 2023-06-13 | 江苏亨通问天量子信息研究院有限公司 | Satellite communication encryption system and method based on quantum key |
CN106961330A (en) * | 2017-04-17 | 2017-07-18 | 江苏亨通问天量子信息研究院有限公司 | Quantum key service station |
CN107147491A (en) * | 2017-06-01 | 2017-09-08 | 浙江九州量子信息技术股份有限公司 | A kind of cipher key service framework communicated based on multiple terminals and distribution method |
CN107911211A (en) * | 2017-10-23 | 2018-04-13 | 浙江神州量子网络科技有限公司 | Quick Response Code Verification System based on quantum communication network |
CN109995519A (en) * | 2017-12-31 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key traffic service method and system |
CN108540436A (en) * | 2018-01-10 | 2018-09-14 | 如般量子科技有限公司 | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network |
CN108540436B (en) * | 2018-01-10 | 2020-08-11 | 如般量子科技有限公司 | Communication system and communication method for realizing information encryption and decryption transmission based on quantum network |
CN108600152A (en) * | 2018-03-01 | 2018-09-28 | 如般量子科技有限公司 | Modified Kerberos identity authorization systems based on quantum communication network and method |
CN108600152B (en) * | 2018-03-01 | 2020-08-11 | 如般量子科技有限公司 | Improved Kerberos identity authentication system and method based on quantum communication network |
CN108599925A (en) * | 2018-03-20 | 2018-09-28 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on quantum communication network |
CN109067705A (en) * | 2018-06-28 | 2018-12-21 | 如般量子科技有限公司 | Modified Kerberos identity authorization system and method based on group communication |
CN109067705B (en) * | 2018-06-28 | 2020-12-01 | 如般量子科技有限公司 | Improved Kerberos identity authentication system and method based on group communication |
CN109412794A (en) * | 2018-08-22 | 2019-03-01 | 南京南瑞国盾量子技术有限公司 | A kind of quantum key automatic filling method and system adapting to power business |
CN109412794B (en) * | 2018-08-22 | 2021-10-22 | 南京南瑞国盾量子技术有限公司 | Quantum key automatic charging method and system suitable for power business |
CN109919611A (en) * | 2019-01-15 | 2019-06-21 | 如般量子科技有限公司 | Anti- quantum calculation block chain method of commerce and system based on symmetric key pool server |
CN110489987A (en) * | 2019-08-23 | 2019-11-22 | 湖北凯乐量子通信光电科技有限公司 | A kind of quantum secure storage system |
CN113132090A (en) * | 2019-12-31 | 2021-07-16 | 科大国盾量子技术股份有限公司 | System for sharing quantum key and secret communication method based on system |
CN113132090B (en) * | 2019-12-31 | 2023-05-09 | 科大国盾量子技术股份有限公司 | System for sharing quantum key and secret communication method based on system |
CN111416706B (en) * | 2020-03-03 | 2022-12-30 | 南京如般量子科技有限公司 | Quantum secret communication system based on secret sharing and communication method thereof |
CN111416706A (en) * | 2020-03-03 | 2020-07-14 | 南京如般量子科技有限公司 | Quantum secret communication system based on secret sharing and communication method thereof |
CN112235106B (en) * | 2020-10-26 | 2021-06-08 | 成都信息工程大学 | Electronic seal management method and system based on quantum key |
CN112235106A (en) * | 2020-10-26 | 2021-01-15 | 成都信息工程大学 | Electronic seal management method and system based on quantum key |
CN114337848A (en) * | 2022-01-10 | 2022-04-12 | 南京中科齐信科技有限公司 | Quantum cryptography secure application service system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106452739A (en) | Quantum network service station and quantum communication network | |
CN106357649B (en) | User identity authentication system and method | |
CN108683501B (en) | Multiple identity authentication system and method with timestamp as random number based on quantum communication network | |
CN106411525B (en) | Message authentication method and system | |
US9509506B2 (en) | Quantum key management | |
CN102916806B (en) | Cryptograph key distribution system | |
CN108173649B (en) | Message authentication method and system based on quantum key card | |
CN102420821B (en) | Method and system for improving transmission security of file | |
CN108650028B (en) | Multiple identity authentication system and method based on quantum communication network and true random number | |
CN108566273A (en) | Identity authorization system based on quantum network | |
CN108964897B (en) | Identity authentication system and method based on group communication | |
CN108768653A (en) | Identity authorization system based on quantum key card | |
CN108599925A (en) | A kind of modified AKA identity authorization systems and method based on quantum communication network | |
CN108964896B (en) | Kerberos identity authentication system and method based on group key pool | |
CN108809636B (en) | Communication system for realizing message authentication between members based on group type quantum key card | |
CN108600152B (en) | Improved Kerberos identity authentication system and method based on quantum communication network | |
CN206042014U (en) | Quantum network service station and quantum communication network | |
CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
CN108964895B (en) | User-to-User identity authentication system and method based on group key pool and improved Kerberos | |
CN101677269A (en) | Method and system for transmitting keys | |
CN110535626A (en) | The quantum communications service station secret communication method and system of identity-based | |
CN108809633A (en) | A kind of identity authentication method, apparatus and system | |
CN108880799B (en) | Multi-time identity authentication system and method based on group key pool | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
JP2001344214A (en) | Method for certifying terminal and cipher communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination |