CN106452741A - Communication system for realizing information encryption/decryption transmission based on quantum network and communication method - Google Patents
Communication system for realizing information encryption/decryption transmission based on quantum network and communication method Download PDFInfo
- Publication number
- CN106452741A CN106452741A CN201610845826.7A CN201610845826A CN106452741A CN 106452741 A CN106452741 A CN 106452741A CN 201610845826 A CN201610845826 A CN 201610845826A CN 106452741 A CN106452741 A CN 106452741A
- Authority
- CN
- China
- Prior art keywords
- key
- quantum
- user side
- network service
- service station
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a communication system for realizing information encryption/decryption transmission based on a quantum network and a communication method. The communication system comprises quantum network service stations configured at a network side and clients configured at a user side. The system is also equipped with a quantum key card. True random numbers are generated at the network side. The true random numbers are respectively stored in the quantum key cards and the network side to form corresponding user side keys. The user side keys of the quantum key card and the network side are respectively used for encrypting and decrypting information when the clients communicate with the corresponding quantum network service stations. According to the system and the method, a quantum key seed is operated through utilization of the quantum key card, a large number of keys are generated in a short time, and the keys directly participate in the encryption and decryption processes of the information. The utilization efficiency of the keys is improved, the working process of the communication system is optimized, and the system and the method are beneficial for establishment and production of the quantum communication system and the application promotion of the quantum communication system in life.
Description
Technical field
The present invention relates to Technique on Quantum Communication field, more particularly, to one kind are realized information being carried out plus solution based on quantum network
The close, safe communication system of transmission.
Background technology
How outburst with 21 century information revolution and the continuous development of science and technology, ensure the safety between user side
Communication is the focus of current research.Realization is lived to the information securities such as data encryption, transmission and privacy, the either daily business that carries out
Dynamic enterprise-like corporation, or all there are urgent demand in government bodies, bank etc., particularly in current globalised economy to this
Generation, it is ensured that the unconditional security of information, is one of focus of current public attention.Earliest period proposes the communication information between user side
Transmission, be nearly all cleartext information, be very easy to be ravesdropping, safety is relatively low;People were further by based on mathematics later
The classical AES of complexity problem is encrypted to information although not being the transmission directly carrying out cleartext information, but by
In the progress of breaking techniques and the progress of computer, the speed of decryption improves, and the safety of password reduces, in theory
On still be able to realize AES is cracked, therefore the security related of encryption information can not completely be ensured.
Such as in January, 2010, the research worker of Israel has successfully cracked 128 communication encryption algorithms of 3G network;Day in June, 2012
This Kyushu University, Fujitsu Research Institute and Japanimation Communication Studies mechanism have successfully cracked AES of new generation " pairing
Encryption ", the secret key length that this cracks is 923bit, has created new world record.
In recent years, the continuous development with quantum information technology and acquirement important breakthrough, it can become social each field
The important technical guarantee of information security, be a science researcher extensive concern and the Novel Communication technology of research.Quantum is close
Key distribution be used for realize the unconditional key of different users to shares, it be based on Heisenberg uncertainty principle, measurement avalanche principle,
Quantum can not the ultimate principle such as grand principle it is ensured that key distribution not only has higher safety, and it is complicated to overcome mathematics
Property theoretical Construction Problems.Meanwhile, information is carried out with the encryption of one-time pad it is ensured that the secure communication of information transmission.
A lot of scholars propose different thinkings and scheme at present, and key is used in the middle of the encryption process to information.
Such as " the multi-user quantum key distribution protocol based on BB84 "《Micro computer and application》, volume 35 o. 11ths in 2016, author
A kind of multi-user quantum key distribution protocol based on BB84 is proposed, the program is capable of a side to multi-party quantum communications net
The quantum key distribution of network, has the drawback that generation, the workload of distribution key that increased transmitting terminal, when dividing of recipient
When group number is larger, increased certain bit error rate, the utilization ratio step-down of key, redundancy is more, is unfavorable for actual life
Application in work and popularization.
“Architecture of multicast centralized key management scheme using
quantum key distribution and classical symmetric encryption”[J].European
Physical Journal Special Topics,2014,223(8):1711-1728. proposing in a kind of quantum key distribution
The method that center device combines with classical symmetric cryptography to realize quantum key distribution and the process of information communication.The deficiency existing
Part is the communication task request that each user proposes between strange land, when Encrypt and Decrypt is carried out to the information of transmission, required key
It is required for producing by quantum key distribution center fixture, distribute key.The resource consumption of this process is larger, workflow phase
To cost that is complicated, increased supporting communication network device construction and related work, the imperfection of whole workflow, can lead to
System operation reliability is poor, is unfavorable for that the establishment of communication network and through engineering approaches are realized.
The problem that prior art exists:
1. realize the generation of quantum key, distribution procedure compares redundancy, the utilization ratio of key is relatively low.
2. the quantum key distribution system of current proposition, for making user obtain more keys, needs to increase more QKD
The cost of corollary equipment, and lead to system operation reliability poor, workflow is relative complex, and resource consumption is larger, needs more
Good reasonable deployment and use.
Content of the invention
The present invention provides one kind using quantum key card to quantum key seed computing, generates key and participates in information encryption and decryption
The communication system of process.
A kind of communication system being realized information encryption and decryption based on quantum network, is taken including the quantum network being configured at network side
Business station and the user side being configured at user side, are additionally provided with quantum key card, and network side generates true random number in quantum key card
Store respectively with network side to form corresponding user side key;Quantum key card is respectively used to the user side key of network side
When user side is communicated with corresponding quantum network service station, the Encrypt and Decrypt to information.
When user side is communicated with corresponding quantum network service station, this user side needs to set up with a quantum key card in advance
Communication connection, for example quantum key card is plugged on the data-interface of user side, user side side when carrying out Encrypt and Decrypt,
All utilize the user side key in quantum key card, and specific Encrypt and Decrypt computing is it is also preferred that carry out in this quantum key card.
Described true random number is generated by the quantum network service station of network side, and in described quantum key card and this quantum net
Network service station stores respectively to form corresponding user side key.
Described user side includes transmitting terminal and receiving terminal, and comparatively transmitting terminal and receiving terminal are, only according to generation
Type of service depending on, preferably, described transmitting terminal and receiving terminal are respectively provided with the data matching with respective quantum key card
Coffret.
Quantum key card is USBkey or pluggable board/chip, preferably mobile device, and it has data storage and process
Function, can be realized based on existing hardware technology for itself.
Described quantum key be stuck in corresponding quantum network service station be registered for auditing granted after issue, there is unique amount
Sub-key card ID, points to the quantum network service station issuing this quantum key card.Described quantum key card is stored with relative users
Identity information, and the information issuing the quantum network service station of this quantum key card.
Because quantum key card and owning user are mutually bound, the relevant information of therefore quantum key card memory storage can also
It is used for doing authenticating user identification.Optionally, quantum key card and exclusive user side ID mutually bind, now in quantum key card
The relevant information of storage is also used as the authentication of exclusive user side.
It is downloaded from one or more quantum network service stations, quantum key card stores under user side key in quantum key card
There is the quantum network service station information in mark user side key source, quantum network service station will be close for user side key write quantum
While key card, call when also being stored in this service station for Encrypt and Decrypt.
In order to improve safety, need not move through certain user side during download and carry out, but quantum key card is true with generation
Random number directly sets up communication connection in quantum network service station.Only in information encryption and decryption or other concrete business, quantum is close
Key card need to be communicated to connect with quantum network service station by user side.
Preferably, described user side key is as key seed, described quantum key card and quantum network service station
Be stored with corresponding key schedule, is respectively used to required key during generation information Encrypt and Decrypt.
Key seed in quantum key card can come from different quantum network service stations, but key schedule storage
In quantum key card and each quantum network service station.
When key schedule and message authentication code generating algorithm have multiple, user side is communicated with quantum network service station
When, can be by the form such as algorithm label or index it is intended that identical algorithm.
Key seed in described quantum key card is divided into some key seed collection, same key seed according to source difference
The key seed of collection is derived from same quantum network service station, and different key seed collection carries different key seed ID.
Key seed ID identifies the quantum network service station information in user side key source, may point to store this key seed
Quantum network service station, also contains storage address in this quantum network service station for the key seed, be easy to lookup and call
Key seed storage address.
In order to improve safety, key seed of the present invention is renewable, when key seed updates:
Optionally, user side sends to update and applies for quantum key card and notify quantum network service station, quantum key card
Receive renewal to apply for and update key seed, the corresponding key seed of quantum network service station synchronized update by pre-defined rule.
Optionally, count key seed access times, when access times reach threshold value when quantum key card with corresponding
The corresponding key seed of quantum network service station synchronized update.
Access times threshold value is pre-set, is stored concurrently in quantum network service station and quantum key card, makes both
Counted and synchronous.
Optionally, the key seed quantity that quantum key card statistics is not used by, reaches and is pointed out during marginal value, client
Download new user side key in quantum network service station on demand.
When key seed updates, it is to enter between the quantum network service station pointed by quantum key card and key seed ID
OK.Certainly, if downloading new key seed, then quantum network service station is not strictly limited.
Preferably, because quantum key card has data-handling capacity, in order to improve safety, in user side, plus, solution
The generation of close key used and carry out Encrypt and Decrypt computing to information, is all carried out in quantum key card.
Communication system of the present invention can be implemented in LAN, and described quantum network service station includes:
Quantum service centre, for each user side communication connection by classic network and user side;
Quantum random number generator, generates described true random number;
User side Key Management server, is communicated to connect with quantum service centre, for being estimated one's own ability future according to user's request
The true random number of sub- randomizer stores respectively to corresponding quantum key card and this quantum network service station, as
Corresponding user side key.
When multiple quantum network service stations constitute wide area network, communication system of the present invention can be implemented in wide area network, in network
Side, two quantum network service stations being connected are equipped with corresponding quantum key control centre, quantum key control centre and institute
Quantum service centre communication connection in quantum network service station, corresponding Liang Ge quantum key control centre passes through quantum network
Carry out key distribution, in order to form quantum key between station between two quantum network service stations being connected.
In the present invention, quantum service centre and quantum key control centre can utilize existing framework, and such as quantum is close
Key control centre is provided with the quantum key distribution equipment implementing QKD;Quantum service centre includes authentication server and plus solution
Close server.
Described user side Key Management server stores the true random number from quantum random number generator respectively to phase
As user side key in the quantum key card answered and this quantum network service station, and in quantum network service station, this use
Family side key is storable in user side Key Management server and/or quantum service centre, described user side key management clothes
Business device and quantum service centre communicate to connect, and with responding, user side key are called.
Optionally, it is close that there is involved user side during Encrypt and Decrypt in the current quantum network service station communicating with user side
Key, then directly invoke this user side key for Encrypt and Decrypt in station.
When communication system of the present invention can be implemented in LAN, described user side includes transmitting terminal and receiving terminal, Liang Zhejin
During row information transmission, including:
The key seed of the quantum key Cali storage of transmitting terminal coupling (setting up communication connection with transmitting terminal) generates
First key simultaneously encrypts formation the first ciphertext to information, and the first ciphertext is transmitted to quantum network service station via transmitting terminal;
Quantum network service station is generated and described first key identical second key pair using the user side key in station
First ciphertext deciphering obtains information;
The quantum key card of (setting up communication connection with receiving terminal) is mated according to receiving terminal in quantum network service station, at station
Interior extraction corresponding user side key generation the 3rd cipher key pair information encryption forms the second ciphertext, and the second ciphertext is sent out via receiving terminal
Deliver to the quantum key card of receiving terminal coupling;
The key seed of the quantum key Cali storage of receiving terminal coupling generates and described 3rd key identical the 4th
Key, and information is obtained to the second ciphertext deciphering.
Communication system of the present invention can be implemented in wide area network, optionally, the quantum network service station of described network side be to
Few two.
No matter transmitting terminal and receiving terminal whether belong to same quantum network service station it may occur however that be in the life of certain user side
Become key seed ID involved by ciphertext, do not point to the quantum network service station of this user side direction communication connection, but
Point to another quantum network service station, like this can be related to key between station and call.
Optionally, user side matches quantum key card and the current quantum network service station communicating with this user side
Between there is no corresponding user side key, current quantum network service station according to user side plus solution, close when the user side that uses
Key is originated, and asks this user side key to the quantum network service station storing this user side key.
User side plus solution, close when use user side key source, can be according to the key of user side quantum key card
Seed ID, when user side is interacted with current quantum network service station, current quantum network service station can obtain this key seed ID,
Ask this user side key to the quantum network service station of key seed ID indication again.
If current quantum network service station is directly connected to the quantum network service station of key seed ID indication, can be direct
Send request;If current quantum network service station is indirectly connected with the quantum network service station of key seed ID indication, that is, need
By other network node transfers, then select suitable path according to preset rules or network real-time status, with key seed ID
The quantum network service station communication of indication.
Preferably, in order to improve safety, the quantum network service station storing this user side key utilizes and user side
Corresponding key schedule, obtains key, this key is sent to current quantum network service station.
Store and adopt between the quantum network service station of this user side key and current quantum network service station between shared station
The mode of quantum key carries out to described key transmitting using ciphertext.
When transmitting terminal and receiving terminal ownership are in different quantum network service stations, ciphertext also can be related in two quantum networks
Transmission between service station, described user side includes transmitting terminal and receiving terminal, when both carry out information transfer, including:
The key seed of the quantum key Cali storage of transmitting terminal coupling generates first key and encrypts formation to information
First ciphertext, the first ciphertext is transmitted to the first quantum network service station via transmitting terminal;
The quantum that first quantum network service station is pointed to key seed ID according to corresponding key seed ID of the first ciphertext
Network service station (it could also be possible that the first quantum network service station our station, then directly transferring) request is identical with described first key
The second key, obtain the second key after to first ciphertext deciphering obtain information;
First quantum network service station, according to receiving terminal address, is set up with the second quantum network service station of receiving terminal ownership
Communication, by information encryption transmission to the second quantum network service station, the second quantum net by way of quantum key between shared station
Network service station obtains information by deciphering;
Key seed ID in the quantum key card that second quantum network service station is mated according to receiving terminal, to key seed
Quantum network service station (it could also be possible that the second quantum network service station our station, the then directly transferring) request the 3rd that ID points to is close
Key, encrypts to information after obtaining the 3rd key and forms the second ciphertext, and the second ciphertext sends to receiving terminal coupling via receiving terminal
Quantum key card;
The key seed of the quantum key Cali storage of receiving terminal coupling generates and described 3rd key identical the 4th
Key, and information is obtained to the second ciphertext deciphering.
If other network node transfers, institute also will be passed through in the first quantum network service station and the second quantum network service station
Between the station stated, quantum key is interpreted as passing through between the two quantum network service stations (or network node) that direction communication connects
Quantum key between the station that corresponding quantum key distribution equipment is formed, and not refer in particular to the first quantum network service station and the second amount
Quantum key between the station between sub-network service station.
Optionally, user side matches quantum key card and the current quantum network service station communicating with this user side
Between there is no corresponding user side key, current quantum network service station according to user side plus solution, close when the user side that uses
Key is originated, and sets up with the quantum network service station storing this user side key and communicates, the data is activation that will interact with user side
Carry out corresponding Encrypt and Decrypt process to the quantum network service station storing this user side key.
When current quantum network service station is interacted with transmitting terminal, described data is ciphertext to be decrypted.
When current quantum network service station is interacted with receiving terminal, described data is information to be encrypted.
When data is ciphertext to be decrypted, the quantum network service station storing this user side key is called accordingly in station
User side key, obtains information to ciphertext deciphering, after deciphering using station between quantum key information is encrypted and is sent to current amount
Sub-network service station, current quantum network service station using station between quantum key deciphering after obtain information.
When data is information to be encrypted, current quantum network service station using station between quantum key information is encrypted and with
Ciphertext form sends to the quantum network service station storing this user side key, stores the quantum network service of this user side key
Information is obtained after quantum key deciphering between standing using station;Phase is called in station in the quantum network service station storing this user side key
The user side key answered, is sent to receiving terminal via current quantum network service station to information encryption and with ciphertext form.This
Bright a kind of communication means is also provided, be applied to communication system of the present invention.Specifically each implementation steps can be found in relevant communication
The narration of system.
The present invention utilizes quantum key card to quantum key seed computing, generates a large amount of keys at short notice, directly joins
Encryption process with information.The utilization ratio of key is improved, and optimizes the workflow of communication system, when saving work
Between, improve the work efficiency of encryption and decryption.User side does not need to go to obtain by quantum network service station new within a certain period of time
Key, just can meet the needs of the encryption and decryption to information, thus can reduce use using the key that quantum key card generates
QKD corollary equipment required for the encryption and decryption of family end and the cost of work, reduce the consumption of resource, are conducive to the establishment of communication network
And the application in the middle of production, life.
Brief description
Fig. 1 is the structural representation of communication system of the present invention;
Fig. 2 is the structural representation in quantum network service station in communication system of the present invention.
Specific embodiment
Referring to Fig. 1, Fig. 2, primary centre that the present embodiment communication system includes configuring successively, secondary switching center,
Three-level switching centre and quantum network service station.
Wherein, primary centre can refer to the quantum network core station of a prefecture-level city or suitable size area, passes through
It is preferably star topology network to be connected with described secondary switching center.Wherein, primary centre can be handed over multiple two grades
Switching center9 is utilized respectively quantum key distribution equipment and realizes between station the distribution of quantum key and shared, and wherein cipher key distribution system can
With integrated using a set of or many set.
Wherein, secondary switching center can refer to the quantum network core station of a county-level city or suitable size area, passes through
It is preferably star topology network to be connected with described three-level switching centre.Wherein, secondary switching center can be handed over multiple three-levels
Switching center9 is utilized respectively quantum key distribution equipment and realizes between station the distribution of quantum key and shared, and wherein quantum key distribution sets
For using, a set of or many set is integrated.
Wherein, three-level switching centre can refer to the quantum network core station of a small towns or subdistrict office's size area,
It is connected with described quantum network service station by being preferably star topology network.Wherein, three-level switching centre can with multiple
Quantum network service station is utilized respectively quantum key distribution equipment and realizes between station the distribution of quantum key and shared, and wherein quantum is close
Key discharge device can be integrated using a set of or many set.
Wherein, quantum network service station refers to the quantum network station of residential communities or suitable size area.
Quantum network service station includes:
Quantum service centre, be mainly used in each user side communication connection by classic network and user side and and other
Quantum network service station communicates to connect;Classic network includes but is not limited to telecommunications network, the Internet, broadcasting and television network or other are logical
Communication network etc..
Quantum key distribution equipment, be mainly used in by QKD mode realize standing between quantum key shared.
Quantum random number generator, the application key request proposing for receive user side Key Management server, generate
User side key, and it is sent to user side Key Management server;Adopt herein for true random number.It can be based on circuit
Real random number generator, the real random number generator based on physical resource and other kinds of truly random generator.
User side Key Management server, deposits, manages the user side key generating from quantum random number generator, permissible
Access portable quantum key card, the hair fastener of realization, registration, copy user side key, can also receive in quantum service
The application key request that the heart proposes, the user side key sending corresponding length is to quantum service centre.
Wherein quantum service centre includes:Authentication server and encryption and decryption server, can be arranged as required to other
Server, for example, can arrange message authentication server, digital signature authentication server etc..
Authentication server, according to the difference of user, extracts user side key from user side Key Management server,
The identity information transmitting encryption from user side is decrypted into plaintext identity information, and the identity information of deciphering is issued
With the identity information being pre-stored in authentication server compare whether identical, be if the same proved to be successful it is allowed to user enter
Its system logging in, otherwise authentication failed, do not allow its system to be logged in of User logs in.
Encryption and decryption server obtains close according to demand from quantum key management server or user side Key Management server
Key, the encryption information transmitting from user side is deciphered, or needing to be transferred to the data encryption of user side.
The quantum key card having is mated with quantum network service station, it is possible to achieve with quantum network service when user side is communicated
The authentication stood, can also be continuously generated newly by the use of the user side key being provided by quantum network service station as key seed
Key, realize the video file to user side transmission, voice document, picture file, the cleartext information such as text carry out plus
The function of deciphering.
User issues quantum key card after the registration in quantum network service station is granted, and in quantum key card, record has ownership
User profile (such as ID), and issue the quantum network service station ID of this quantum key card).Quantum network service station to
During quantum key card write user side key, also these user side keys are stored in quantum network service station, symmetrical in order to realize
Encryption.
Quantum key card can be chosen a small amount of user side key and carry out quantum key generating algorithm fortune as key seed
Calculate, generate substantial amounts of key, and store in quantum key card simultaneously.
It is configured with user side, the user side A1~user side An of such as in figure, and user under each quantum network service station
End B1~user side Bn.In the present embodiment different servers or other devices can also carry out as needed on hardware whole
Close.
Embodiment 1, the information communication between two in wide area network user side
First, user side A carries out authentication using the quantum key card held.
User side A (being equivalent to transmitting terminal) is configured in different quantum network services from user side B (being equivalent to receiving terminal)
Stand, user side A sends ID authentication request to the quantum network service station being located.
The quantum service station address information that itself is stored by the quantum key card of user side A coupling is sent to present communications
Quantum service station, carries out authentication, if identity validation is legal, carries out information transmission, if terminating operation, that is, user side A sends out
Play the strange land communication task failure and user side B between.
Second, the user side A encryption to information.
The quantum key card of user side A coupling can carry out key schedule computing using key seed, obtains first
Key, is encrypted to cleartext informations such as video file, picture file, voice document, texts, obtains the first ciphertext.
The quantum key seed capacity once storing due to quantum key card can reach 10GB, therefore can ensure that one
In fixing time, quantum key card passes through quantum key seed and generates sufficient key, for the encryption of information it is not necessary to by
Quantum network service station obtains key and is used as key seed.Thus optimize the workflow that quantum key generates, time-consuming,
Accelerate the process that key participates in information encryption and decryption, and all keys using complete once after just directly abandon or do not use, from
And improve the safety to transmission information.
3rd:User side A carries out cipher-text information transmission and user side B receive information completes to decipher.
After user side A initiates, to network side, the request communicating with user side B, classical communication network can set up user side
A and the communication channel of user side B.First ciphertext can be sent to affiliated quantum network by classical communication network by user side A
Service station.
Key seed ID of the quantum key card that quantum network service station is mated according to user side A is in the quantum network pointing to
Service station obtains and first key identical second key, obtains the letter of plaintext version using second secret key decryption the first ciphertext
Breath.
Quantum network service station belonging to user side A utilizes respective amount with the quantum network service station belonging to user side B
Quantum key distribution equipment realizes the shared of quantum key between station so that the quantum net belonging in user side A for the information of plaintext version
The quantum network service station belonging to user side B is sent after the encryption of network service station, the more decrypted information recovering plaintext version.
If also will between quantum network service station belonging to user side A and the quantum network service station belonging to user side B
By other network node transfers, then by corresponding between the two quantum network service stations (or network node) that direction communication connects
Quantum key distribution equipment formed station between quantum key, and successively transfer transmission ciphertext.
Between standing, the distribution of quantum key is the mode shared using the strange land key that fundamental principles of quantum mechanics is realized, preferably
Be based on detect illumination quantum key distribution, the quantum key distribution based on discrete variable, the quantum based on continuous variable
Key is distributed.
Quantum network service station belonging to user side B, response by user side A send the communication information request when in addition it is also necessary to
Complete the authentication with user side B, confirm whether user side B is legal.
After authentication success, the quantum network service station belonging to user side B is close using the quantum according to user side B coupling
Key seed ID of key card, obtains corresponding 3rd key to the information of plaintext version again in the quantum network service station pointed to
Encryption, obtains the second ciphertext.
The quantum key card of user side B coupling receives after the second ciphertext via user side B, with key seed corresponding in card
Generate and the 3rd key identical the 4th key.
Reuse the 4th key the second ciphertext is decrypted, obtain the information of plaintext version, complete logical with user side A
Letter.
Embodiment 2, belongs to two user side communications in a quantum network service station in LAN
When user side A, user side B belong to a quantum network service station, avoid the need for by quantum key
Discharge device produces quantum key between new station it is only necessary to utilize the user side key of quantum network service station storage to transmission
Cipher-text information carries out encryption and decryption.
The quantum key card that user side A, user side B are utilized respectively each Self Matching completes the identity with quantum network service station
Certification.
The key seed of the quantum key Cali storage of user side A coupling generates first key and encrypts formation to information
First ciphertext, the first ciphertext is transmitted to quantum network service station via transmitting terminal;
Quantum network service station is generated with first key identical second key to first using the user side key in station
Ciphertext deciphering obtains information;
The quantum key card that quantum network service station is mated according to user side B, extracts corresponding user side key in station
Generate the 3rd cipher key pair information encryption and form the second ciphertext, the second ciphertext sends via receiving terminal close to the quantum of receiving terminal coupling
Key card;
The key seed of the quantum key Cali storage of user side B coupling generates close with the 3rd key identical the 4th
Key, and information is obtained to the second ciphertext deciphering.
Claims (14)
1. a kind of communication system realizing information encryption and decryption based on quantum network, including the quantum network service being configured at network side
Stand and be configured at the user side of user side it is characterised in that being additionally provided with quantum key card, network side generates true random number in amount
Sub-key card is stored with network side respectively to form corresponding user side key;Quantum key card and the user side key of network side
It is respectively used to when user side is communicated with corresponding quantum network service station, the Encrypt and Decrypt to information.
2. as claimed in claim 1 the communication system of information encryption and decryption is realized based on quantum network it is characterised in that described true
Random number is generated by the quantum network service station of network side, and deposits respectively in described quantum key card and this quantum network service station
Storage is to form corresponding user side key.
3. as claimed in claim 2 the communication system of information encryption and decryption is realized it is characterised in that quantum is close based on quantum network
Be downloaded from one or more quantum network service stations under user side key in key card, quantum key card be stored with mark user side close
The quantum network service station information in key source, while quantum network service station is by user side key write quantum key card,
Call when being stored in this service station for Encrypt and Decrypt.
4. as claimed in claim 3 the communication system of information encryption and decryption is realized it is characterised in that described use based on quantum network
As key seed, the described quantum key card and quantum network service station corresponding key that is stored with generates and calculates family side key
Method, is respectively used to required key during generation information Encrypt and Decrypt.
5. as claimed in claim 4 the communication system of information encryption and decryption is realized it is characterised in that described amount based on quantum network
Key seed in sub-key card is divided into some key seed collection according to source difference, and the key seed of same key seed collection is come
From same quantum network service station, different key seed collection carries different key seed ID.
6. as claimed in claim 5 the communication system of information encryption and decryption is realized it is characterised in that key kind based on quantum network
Son is renewable, when key seed updates:
User side sends to update applies for quantum key card and notifies quantum network service station, and quantum key clamping is received and updated application
And press pre-defined rule renewal key seed, the corresponding key seed of quantum network service station synchronized update;
Or the access times of statistics key seed, when access times reach threshold value, quantum key card is taken with corresponding quantum network
The business station corresponding key seed of synchronized update;
Or the key seed quantity that quantum key card statistics is not used by, reach and pointed out during marginal value, client exists on demand
New user side key is downloaded in quantum network service station.
7. as claimed in claim 1 the communication system of information encryption and decryption is realized based on quantum network it is characterised in that in user
Side, the generation of the key used by Encrypt and Decrypt and Encrypt and Decrypt computing is carried out to information, all carry out in quantum key card.
8. as claimed in claim 1 the communication system of information encryption and decryption is realized it is characterised in that network side based on quantum network
Quantum network service station include:
Quantum service centre, for each user side communication connection by classic network and user side;
Quantum random number generator, generates described true random number;
User side Key Management server, with quantum service centre communication connection, for according to user's request will from quantum with
The true random number of machine number generator stores respectively to corresponding quantum key card and this quantum network service station, as corresponding
User side key.
9. as claimed in claim 8 the communication system of information encryption and decryption is realized based on quantum network it is characterised in that in network
Side, two quantum network service stations being connected are equipped with corresponding quantum key control centre, quantum key control centre and institute
Quantum service centre communication connection in quantum network service station, corresponding Liang Ge quantum key control centre passes through quantum network
Carry out key distribution, in order to form quantum key between station between two quantum network service stations being connected.
10. as claimed in claim 8 the communication system of information encryption and decryption is realized based on quantum network it is characterised in that described
User side includes transmitting terminal and receiving terminal, when both carry out information transfer, including:
The key seed of the quantum key Cali storage of transmitting terminal coupling generates first key and encrypts formation first to information
Ciphertext, the first ciphertext is transmitted to quantum network service station via transmitting terminal;
Quantum network service station is generated with described first key identical second key to first using the user side key in station
Ciphertext deciphering obtains information;
The quantum key card that quantum network service station is mated according to receiving terminal, extracts corresponding user side key generation the in station
Three cipher key pair information encryptions form the second ciphertext, and the second ciphertext sends via receiving terminal to the quantum key card of receiving terminal coupling;
The key seed of the quantum key Cali storage of receiving terminal coupling generates and described 3rd key identical the 4th key,
And information is obtained to the second ciphertext deciphering.
11. as claimed in claim 9 realize the communication system of information encryption and decryption it is characterised in that user based on quantum network
Hold the quantum key card matching and there is no corresponding user between the current quantum network service station of this user side communication
Side key, current quantum network service station according to user side plus solution, close when use user side key source, to store this use
This user side key is asked in the quantum network service station of family side key.
12. realize the communication system of information encryption and decryption it is characterised in that storing based on quantum network as claimed in claim 11
The quantum network service station of this user side key utilizes key schedule corresponding with user side, obtains key, by this key
Send to current quantum network service station.
13. as claimed in claim 12 realize the communication system of information encryption and decryption based on quantum network it is characterised in that described
User side includes transmitting terminal and receiving terminal, when both carry out information transfer, including:
The key seed of the quantum key Cali storage of transmitting terminal coupling generates first key and encrypts formation first to information
Ciphertext, the first ciphertext is transmitted to the first quantum network service station via transmitting terminal;
The quantum network that first quantum network service station is pointed to key seed ID according to corresponding key seed ID of the first ciphertext
Service station request and described first key identical second key, obtain information to the first ciphertext deciphering after obtaining the second key;
First quantum network service station, according to receiving terminal address, is set up with the second quantum network service station of receiving terminal ownership and is led to
Letter, by information encryption transmission to the second quantum network service station, the second quantum network by way of quantum key between shared station
Service station obtains information by deciphering;
Key seed ID in the quantum key card that second quantum network service station is mated according to receiving terminal, refers to key seed ID
To quantum network service station ask the 3rd key, obtain the 3rd key after to information encrypt formed the second ciphertext, the second ciphertext
Send via receiving terminal to the quantum key card of receiving terminal coupling;
The key seed of the quantum key Cali storage of receiving terminal coupling generates and described 3rd key identical the 4th key,
And information is obtained to the second ciphertext deciphering.
A kind of 14. communication means, are applied to realizing information based on quantum network and add solution as described in any one of claim 1~13
Close communication system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610845826.7A CN106452741B (en) | 2016-09-23 | 2016-09-23 | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610845826.7A CN106452741B (en) | 2016-09-23 | 2016-09-23 | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106452741A true CN106452741A (en) | 2017-02-22 |
CN106452741B CN106452741B (en) | 2019-11-26 |
Family
ID=58167135
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610845826.7A Active CN106452741B (en) | 2016-09-23 | 2016-09-23 | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106452741B (en) |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106789052A (en) * | 2017-03-28 | 2017-05-31 | 浙江神州量子网络科技有限公司 | A kind of remote cipher key based on quantum communication network issues system and its application method |
CN106899898A (en) * | 2017-04-17 | 2017-06-27 | 江苏亨通问天量子信息研究院有限公司 | Secrecy intercom based on quantum key service station transfer communication |
CN106941403A (en) * | 2017-04-17 | 2017-07-11 | 江苏亨通问天量子信息研究院有限公司 | Secrecy GSM and method based on quantum key |
CN107070663A (en) * | 2017-03-28 | 2017-08-18 | 浙江神州量子网络科技有限公司 | A kind of on-site verification method and on-site verification system based on mobile terminal |
CN108540436A (en) * | 2018-01-10 | 2018-09-14 | 如般量子科技有限公司 | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network |
CN108768653A (en) * | 2018-03-01 | 2018-11-06 | 如般量子科技有限公司 | Identity authorization system based on quantum key card |
CN108847928A (en) * | 2018-04-26 | 2018-11-20 | 如般量子科技有限公司 | The communication system and communication means of the transmission of information encryption and decryption are realized based on group's type quantum key card |
CN108964896A (en) * | 2018-06-28 | 2018-12-07 | 如般量子科技有限公司 | A kind of Kerberos identity authorization system and method based on group key pond |
CN109067705A (en) * | 2018-06-28 | 2018-12-21 | 如般量子科技有限公司 | Modified Kerberos identity authorization system and method based on group communication |
CN109150519A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond |
CN109639407A (en) * | 2018-12-28 | 2019-04-16 | 浙江神州量子通信技术有限公司 | A method of information is encrypted and decrypted based on quantum network |
CN109919611A (en) * | 2019-01-15 | 2019-06-21 | 如般量子科技有限公司 | Anti- quantum calculation block chain method of commerce and system based on symmetric key pool server |
CN110505063A (en) * | 2018-05-17 | 2019-11-26 | 广东国盾量子科技有限公司 | A kind of method and system guaranteeing financial payment safety |
CN110505053A (en) * | 2018-05-17 | 2019-11-26 | 广东国盾量子科技有限公司 | A kind of quantum key filling method, apparatus and system |
CN113014956A (en) * | 2019-12-20 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Video playing method and device |
CN113595725A (en) * | 2021-07-29 | 2021-11-02 | 如般量子科技有限公司 | Communication system and communication method based on quantum key card arrangement |
CN115473627A (en) * | 2021-06-11 | 2022-12-13 | 矩阵时光数字科技有限公司 | Quantum security layer networking method of network |
CN115665735A (en) * | 2022-12-14 | 2023-01-31 | 尚禹河北电子科技股份有限公司 | Data transmission method, device, system and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1458749A (en) * | 2002-05-15 | 2003-11-26 | 深圳市中兴通讯股份有限公司 | Safe quantum communication method |
CN101282222A (en) * | 2008-05-28 | 2008-10-08 | 胡祥义 | Digital signature method based on CSK |
US20110142242A1 (en) * | 2009-12-16 | 2011-06-16 | Sony Corporation | Quantum public key encryption system, key generation apparatus, encryption apparatus, decryption apparatus, key generation method, encryption method, and decryption method |
CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
US20130101119A1 (en) * | 2010-06-15 | 2013-04-25 | Los Alamos National Security Llc | Quantum key distribution using card, base station and trusted authority |
-
2016
- 2016-09-23 CN CN201610845826.7A patent/CN106452741B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1458749A (en) * | 2002-05-15 | 2003-11-26 | 深圳市中兴通讯股份有限公司 | Safe quantum communication method |
CN101282222A (en) * | 2008-05-28 | 2008-10-08 | 胡祥义 | Digital signature method based on CSK |
US20110142242A1 (en) * | 2009-12-16 | 2011-06-16 | Sony Corporation | Quantum public key encryption system, key generation apparatus, encryption apparatus, decryption apparatus, key generation method, encryption method, and decryption method |
US20130101119A1 (en) * | 2010-06-15 | 2013-04-25 | Los Alamos National Security Llc | Quantum key distribution using card, base station and trusted authority |
CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
Non-Patent Citations (1)
Title |
---|
冯福伟,杜丽萍等: "基于组合对称密钥技术认证系统的设计", 《计算机工程与设计》 * |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106789052B (en) * | 2017-03-28 | 2020-06-05 | 浙江神州量子网络科技有限公司 | Remote key issuing system based on quantum communication network and use method thereof |
CN107070663A (en) * | 2017-03-28 | 2017-08-18 | 浙江神州量子网络科技有限公司 | A kind of on-site verification method and on-site verification system based on mobile terminal |
CN107070663B (en) * | 2017-03-28 | 2023-08-18 | 浙江神州量子网络科技有限公司 | Mobile terminal-based field authentication method and field authentication system |
CN106789052A (en) * | 2017-03-28 | 2017-05-31 | 浙江神州量子网络科技有限公司 | A kind of remote cipher key based on quantum communication network issues system and its application method |
CN106899898A (en) * | 2017-04-17 | 2017-06-27 | 江苏亨通问天量子信息研究院有限公司 | Secrecy intercom based on quantum key service station transfer communication |
CN106941403A (en) * | 2017-04-17 | 2017-07-11 | 江苏亨通问天量子信息研究院有限公司 | Secrecy GSM and method based on quantum key |
CN108540436A (en) * | 2018-01-10 | 2018-09-14 | 如般量子科技有限公司 | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network |
CN108540436B (en) * | 2018-01-10 | 2020-08-11 | 如般量子科技有限公司 | Communication system and communication method for realizing information encryption and decryption transmission based on quantum network |
CN108768653A (en) * | 2018-03-01 | 2018-11-06 | 如般量子科技有限公司 | Identity authorization system based on quantum key card |
CN108847928B (en) * | 2018-04-26 | 2021-04-06 | 如般量子科技有限公司 | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card |
CN108847928A (en) * | 2018-04-26 | 2018-11-20 | 如般量子科技有限公司 | The communication system and communication means of the transmission of information encryption and decryption are realized based on group's type quantum key card |
CN110505063A (en) * | 2018-05-17 | 2019-11-26 | 广东国盾量子科技有限公司 | A kind of method and system guaranteeing financial payment safety |
CN110505053A (en) * | 2018-05-17 | 2019-11-26 | 广东国盾量子科技有限公司 | A kind of quantum key filling method, apparatus and system |
CN108964896B (en) * | 2018-06-28 | 2021-01-05 | 如般量子科技有限公司 | Kerberos identity authentication system and method based on group key pool |
CN108964896A (en) * | 2018-06-28 | 2018-12-07 | 如般量子科技有限公司 | A kind of Kerberos identity authorization system and method based on group key pond |
CN109067705A (en) * | 2018-06-28 | 2018-12-21 | 如般量子科技有限公司 | Modified Kerberos identity authorization system and method based on group communication |
CN109067705B (en) * | 2018-06-28 | 2020-12-01 | 如般量子科技有限公司 | Improved Kerberos identity authentication system and method based on group communication |
CN109150519A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method of controlling security and system based on public keys pond |
CN109150519B (en) * | 2018-09-20 | 2021-11-16 | 如般量子科技有限公司 | Anti-quantum computing cloud storage security control method and system based on public key pool |
CN109639407A (en) * | 2018-12-28 | 2019-04-16 | 浙江神州量子通信技术有限公司 | A method of information is encrypted and decrypted based on quantum network |
CN109919611A (en) * | 2019-01-15 | 2019-06-21 | 如般量子科技有限公司 | Anti- quantum calculation block chain method of commerce and system based on symmetric key pool server |
CN113014956A (en) * | 2019-12-20 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Video playing method and device |
CN115473627A (en) * | 2021-06-11 | 2022-12-13 | 矩阵时光数字科技有限公司 | Quantum security layer networking method of network |
CN113595725A (en) * | 2021-07-29 | 2021-11-02 | 如般量子科技有限公司 | Communication system and communication method based on quantum key card arrangement |
CN113595725B (en) * | 2021-07-29 | 2023-08-11 | 如般量子科技有限公司 | Communication system and communication method based on quantum key card arrangement |
CN115665735A (en) * | 2022-12-14 | 2023-01-31 | 尚禹河北电子科技股份有限公司 | Data transmission method, device, system and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN106452741B (en) | 2019-11-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106452741B (en) | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network | |
CN106357396B (en) | Digital signature method and system and quantum key card | |
CN108540436B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on quantum network | |
CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
CN108462573B (en) | Flexible quantum secure mobile communication method | |
WO2019128753A1 (en) | Quantum key mobile service method with low delay | |
CN108683501B (en) | Multiple identity authentication system and method with timestamp as random number based on quantum communication network | |
CN106411525A (en) | Message authentication method and system | |
CN106452739A (en) | Quantum network service station and quantum communication network | |
CN208986966U (en) | A kind of ciphering terminal and corresponding data transmission system | |
CN113114460B (en) | Quantum encryption-based power distribution network information secure transmission method | |
US11212265B2 (en) | Perfect forward secrecy (PFS) protected media access control security (MACSEC) key distribution | |
CN108809636B (en) | Communication system for realizing message authentication between members based on group type quantum key card | |
CN108964896B (en) | Kerberos identity authentication system and method based on group key pool | |
CN109995514A (en) | A kind of safe and efficient quantum key Information Mobile Service method | |
CN102088352B (en) | Data encryption transmission method and system for message-oriented middleware | |
CN108964895B (en) | User-to-User identity authentication system and method based on group key pool and improved Kerberos | |
CN102223629A (en) | Distribution method of threshold keys of mobile Ad hoc network | |
CN108600152A (en) | Modified Kerberos identity authorization systems based on quantum communication network and method | |
CN109756325A (en) | A method of mobile office system safety is promoted using quantum key | |
CN109842442B (en) | Quantum key service method taking airport as regional center | |
CN103763095B (en) | Intelligent substation key management method | |
CN101364866B (en) | Entity secret talk establishing system based on multiple key distribution centers and method therefor | |
Hajyvahabzadeh et al. | A new group key management protocol using code for key calculation: CKC | |
CN108965266B (en) | User-to-User identity authentication system and method based on group key pool and Kerberos |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |