CN106452741B - The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network - Google Patents
The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network Download PDFInfo
- Publication number
- CN106452741B CN106452741B CN201610845826.7A CN201610845826A CN106452741B CN 106452741 B CN106452741 B CN 106452741B CN 201610845826 A CN201610845826 A CN 201610845826A CN 106452741 B CN106452741 B CN 106452741B
- Authority
- CN
- China
- Prior art keywords
- key
- quantum
- network service
- service station
- quantum network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Abstract
The invention discloses a kind of communication systems and communication means that information encryption and decryption is realized based on quantum network, wherein communication system includes the quantum network service station for being configured at network side and the user terminal for being configured at user side, it is additionally provided with quantum key card, network side generates true random number and stored respectively with network side to form corresponding user side key in quantum key card;The user side key of quantum key card and network side is respectively used to when user terminal is communicated with corresponding quantum network service station, to the Encrypt and Decrypt of information.The present invention, to quantum key seed operation, generates a large amount of keys, the encryption process of direct participation information using quantum key card in a short time.The utilization efficiency of key is improved, and optimizes the workflow of communication system, is conducive to the application in the establishment and production, life of quantum communication network.
Description
Technical field
The present invention relates to Technique on Quantum Communication fields, more particularly to a kind of realized based on quantum network to carry out plus solve to information
Close, transmission safe communication system.
Background technique
With the outburst of 21 century information revolution and the continuous development of science and technology, how to guarantee the safety between user terminal
Communication is the hot spot of current research.Realize that, to information securities such as data encryption, transmission and privacies, either daily progress business is living
All there are urgent demand in dynamic enterprise-like corporation or government bodies, bank etc. to this, especially in current globalised economy
In generation, guarantees the unconditional security of information, is one of the focus of current public attention.Earliest period proposes the communication information between user terminal
Transmitting, be nearly all cleartext information, be very easy to be ravesdropping, safety is lower;Later people are further by based on mathematics
The classical Encryption Algorithm of complexity problem encrypts information, although not being the direct transmission for carrying out cleartext information, by
It is improved in the speed of the progress of breaking techniques and the progress of computer, decryption, the safety of password is reducing, in theory
On still be able to realize Encryption Algorithm cracked, therefore the security related of encryption information can not be ensured completely.
Such as in January, 2010, the researcher of Israel have successfully cracked 128 communication encryption algorithms of 3G network;In June, 2012 day
This Kyushu University, Fujitsu Research Institute and Japanimation Communication Studies mechanism have successfully cracked Encryption Algorithm-of new generation " pairing
Encryption ", this secret key length cracked are 923bit, have created new world record.
In recent years, with the continuous development of quantum information technology and acquirement important breakthrough, it can become each field of society
The important technical guarantee of information security, be the Novel Communication technology of a science researcher extensive concern and research.Quantum is close
Key distribution be used to realize the unconditional key of different user sharings, it be based on Heisenberg uncertainty principle, measurement avalanche principle,
Quantum can not the basic principles such as grand principle, guarantee that key distributes not only safety with higher, but also overcome mathematics complexity
Property theoretical Construction Problems.Meanwhile the encryption of one-time pad is carried out to information, guarantee the secure communication of information transmitting.
Many scholars propose different thinking and scheme at present, and key is used in the middle of the encryption process to information.
Such as " the multi-user quantum key distribution protocol based on BB84 "-" micro computer and application ", o. 11ths of volume 35 in 2016, author
It is proposed a kind of multi-user quantum key distribution protocol based on BB84, the program can be realized a side to multi-party quantum communications net
The quantum key distribution of network has the drawback that the generation for increasing transmitting terminal, the workload for distributing key, when point of recipient
When group number is larger, certain bit error rate is increased, the utilization efficiency of key is lower, and redundancy is more, is unfavorable for practical life
Application and popularization in work.
“Architecture of multicast centralized key management scheme using
quantum key distribution and classical symmetric encryption”[J].European
Physical Journal Special Topics, 2014,223 (8): 1711-1728. is proposed in a kind of quantum key distribution
The method that center device and classical symmetric cryptography combine realizes the process of quantum key distribution and information communication.Existing deficiency
Place is the communication task request between each user's proposition strange land, when carrying out Encrypt and Decrypt to the information of transmission, required key
It requires to generate by quantum key distribution center fixture, distribute key.The resource consumption of the process is larger, workflow phase
To cost that is complicated, increasing mating communication network device construction and related work, entire workflow it is not perfect, will lead to
System operation reliability is poor, and the establishment and engineering for being unfavorable for communication network are realized.
Problem of the existing technology:
1. realizing that redundancy is compared in the generation of quantum key, distribution procedure, the utilization efficiency of key is lower.
2. the quantum key distribution system proposed at present needs to increase more QKD to make user obtain more keys
The cost of corollary equipment, and cause system operation reliability poor, workflow is relative complex, and resource consumption is larger, needs more
Good reasonable deployment and use.
Summary of the invention
The present invention provide it is a kind of using quantum key card to quantum key seed operation, generate key participation information encryption and decryption
The communication system of process.
A kind of communication system for being realized information encryption and decryption based on quantum network, the quantum network including being configured at network side are taken
Business station and the user terminal for being configured at user side, are additionally provided with quantum key card, and network side generates true random number in quantum key card
It is stored respectively with network side to form corresponding user side key;The user side key of quantum key card and network side is respectively used to
When user terminal is communicated with corresponding quantum network service station, to the Encrypt and Decrypt of information.
When user terminal is communicated with corresponding quantum network service station, which needs to establish with a quantum key card in advance
Communication connection, such as quantum key card is plugged on the data-interface of user terminal, user terminal side when carrying out Encrypt and Decrypt,
All using the user side key in quantum key card, and specific Encrypt and Decrypt operation in the quantum key card it is also preferred that carry out.
The true random number is generated by the quantum network service station of network side, and in the quantum key card and the quantum net
Network service station is stored respectively to form corresponding user side key.
The user terminal includes transmitting terminal and receiving end, and transmitting terminal and receiving end are in contrast, only according to generation
Type of service depending on, preferably, the transmitting terminal and receiving end all have the data matched with respective quantum key card
Coffret.
Quantum key card is USBkey or pluggable board/chip, preferably mobile device, is stored and processed with data
Function can be realized for itself based on existing hardware technology.
The quantum key be stuck in corresponding quantum network service station be registered for auditing it is granted after issue, there is unique amount
Sub-key card ID is directed toward the quantum network service station for issuing the quantum key card.The quantum key card is stored with relative users
Identity information, and issue the information in the quantum network service station of the quantum key card.
Since quantum key card is mutually bound with owning user, the relevant information that stores in quantum key card can also be with
For doing user identity authentication.Optionally, quantum key card is mutually bound with exclusive user terminal ID, at this time in quantum key card
The relevant information of storage is also used as the authentication of exclusive user terminal.
One or more quantum network service stations, the storage of quantum key card are downloaded under user side key in quantum key card
There is the quantum network service station information in identity user side key source, quantum network service station is close by user side key write-in quantum
While key card, calling when for Encrypt and Decrypt also is stored in this service station.
In order to improve safety, when downloading, needs not move through the progress of certain user terminal, but quantum key card and generates true
Random number directly establishes communication connection in quantum network service station.Only in information encryption and decryption or other specific business, quantum is close
Key card need to be communicated to connect by user terminal and quantum network service station.
Preferably, the user side key is as key seed, the quantum key card and quantum network service station
It is stored with corresponding key schedule, is respectively used to generate key needed for information Encrypt and Decrypt process.
Key seed in quantum key card can come from different quantum network service stations, but key schedule stores
In quantum key card and each quantum network service station.
When key schedule and message authentication code generating algorithm there are many when, user terminal is communicated with quantum network service station
When, identical algorithm can be specified by forms such as algorithm label or indexes.
Key seed in the quantum key card is divided into several key seed collection, same key seed according to source difference
The key seed of collection comes from same quantum network service station, and different key seed collection has different key seed ID.
The quantum network service station information in key seed ID identity user side key source, may point to store the key seed
Quantum network service station, also contain storage address of the key seed in the quantum network service station, convenient for search call
Key seed storage address.
In order to improve safety, key seed of the present invention be it is renewable, when key seed updates:
Optionally, user terminal, which is sent, updates application to quantum key card and notifies quantum network service station, quantum key card
It receives to update and applies and update key seed, the corresponding key seed of quantum network service station synchronized update by pre-defined rule.
Optionally, the access times for counting key seed, when access times reach threshold value when quantum key card with it is corresponding
The corresponding key seed of quantum network service station synchronized update.
Both access times threshold value is pre-set, while being stored in quantum network service station and quantum key card, make
It is able to count and synchronize.
Optionally, quantum key card counts the key seed quantity being not used by, and is prompted when reaching critical value, client
New user side key is downloaded in quantum network service station on demand.
Key seed update when, be between the quantum network service station pointed by quantum key card and key seed ID into
Row.Certainly, if downloading new key seed, then quantum network service station is not limited strictly.
Preferably, since there is quantum key card data-handling capacity, in user side, to add, solve to improve safety
The generation of close key used and Encrypt and Decrypt operation is carried out to information, is all carried out in quantum key card.
Communication system of the present invention can be implemented in local area network, and the quantum network service station includes:
Quantum service centre, for being communicated to connect by each user terminal of classic network and user side;
Quantum random number generator generates the true random number;
User side Key Management server is communicated to connect with quantum service centre, for requesting to estimate one's own ability in the future according to user
The true random number of sub- randomizer is stored respectively to corresponding quantum key card and this quantum network service station, as
Corresponding user side key.
When multiple quantum network service stations constitute wide area network, communication system of the present invention can be implemented in wide area network, in network
Side, two quantum network service stations being connected are equipped with corresponding quantum key control centre, quantum key control centre and institute
Quantum service centre in quantum network service station communicates to connect, and corresponding Liang Ge quantum key control centre passes through quantum network
Key distribution is carried out, to quantum key between the formation station between two quantum network service stations being connected.
In the present invention, quantum service centre and quantum key control centre can use existing framework, such as quantum is close
Key control centre is equipped with the quantum key distribution equipment for implementing QKD;Quantum service centre includes authentication server and plus solution
Close server.
The user side Key Management server stores the true random number from quantum random number generator respectively to phase
User side key is used as in the quantum key card answered and this quantum network service station, and in quantum network service station, the use
Family side key is storable in user side Key Management server and/or quantum service centre, the user side key management clothes
Business device and quantum service centre communicate to connect, to respond the calling to user side key.
Optionally, it is close that there is related user side when Encrypt and Decrypt in the current quantum network service station communicated with user terminal
Key then calls directly the user side key for Encrypt and Decrypt in station.
When communication system of the present invention can be implemented in local area network, the user terminal includes transmitting terminal and receiving end, the two into
When row information is transmitted, comprising:
The key seed of the quantum key Cali storage of transmitting terminal matching (establish and communicate to connect with transmitting terminal) generates
First key simultaneously encrypts information to form the first ciphertext, and the first ciphertext is transmitted to quantum network service station via transmitting terminal;
Quantum network service station generates the second key pair identical with the first key using the user side key in station
First ciphertext decrypts to obtain information;
The quantum key card that quantum network service station matches according to receiving end and (establishes and communicate to connect with receiving end), is standing
The interior corresponding user side key of extraction generates third cipher key pair information and encrypts to form the second ciphertext, and the second ciphertext is sent out via receiving end
It send to the matched quantum key card in receiving end;
The key seed of the matched quantum key Cali storage in receiving end generates and the third key the identical 4th
Key, and the second ciphertext is decrypted to obtain information.
Communication system of the present invention can be implemented in wide area network, and optionally, the quantum network service station of the network side is extremely
It is two few.
No matter whether transmitting terminal and receiving end belong to same quantum network service station, it may occur however that be raw in certain user terminal
At key seed ID involved in ciphertext, it is not directed toward the quantum network service station of user terminal direct communication connection, but
It is directed toward another quantum network service station, key calls between being in this case related to station.
Optionally, the quantum key card and the current quantum network service station communicated with the user terminal that user terminal matches
Between without corresponding user side key, current quantum network service station according to user terminal add solution, it is close when the user side that uses
The user side key is requested to the quantum network service station for storing the user side key in key source.
User terminal add solution, it is close when the user side key source that uses, can be according to the key of user terminal quantum key card
Seed ID, when user terminal is interacted with current quantum network service station, current quantum network service station can obtain key seed ID,
The user side key is requested to the quantum network service station of key seed ID meaning again.
If current quantum network service station and the quantum network service station of key seed ID meaning are directly connected to, can be direct
Send request;If current quantum network service station and the quantum network service station of key seed ID meaning are indirectly connected with, that is, need
By other network node transfers, then suitable path is selected according to preset rules or network real-time status, with key seed ID
Signified quantum network service station communication.
Preferably, the quantum network service station for storing the user side key utilizes and user terminal in order to improve safety
Corresponding key schedule, obtains key, which is sent to current quantum network service station.
It stores between the quantum network service station of the user side key and current quantum network service station using between shared station
The mode of quantum key transmit using ciphertext to the key.
When transmitting terminal and receiving end ownership at different quantum network service stations, can also be related to ciphertext in two quantum networks
Transmission between service station, the user terminal includes transmitting terminal and receiving end, when the two carries out information transmission, comprising:
The key seed of the matched quantum key Cali storage of transmitting terminal generates first key and encrypts to be formed to information
First ciphertext, the first ciphertext are transmitted to the first quantum network service station via transmitting terminal;
The quantum that first quantum network service station is directed toward according to the corresponding key seed ID of the first ciphertext to key seed ID
Network service station (it could also be possible that the first quantum network service station our station, then directly transfer) request is identical as the first key
The second key, obtain the second key after the first ciphertext is decrypted to obtain information;
First quantum network service station is established according to receiving end address with the second quantum network service station of receiving end ownership
Communication, by information encryption transmission to the second quantum network service station, the second quantum net by way of quantum key between shared station
Network service station obtains information by decryption;
Second quantum network service station is according to the key seed ID in the matched quantum key card in receiving end, to key seed
Quantum network service station (it could also be possible that the second quantum network service station our station, then directly transfer) the request third that ID is directed toward is close
Key encrypts information to form the second ciphertext after obtaining third key, and it is matched that the second ciphertext via receiving end is sent to receiving end
Quantum key card;
The key seed of the matched quantum key Cali storage in receiving end generates and the third key the identical 4th
Key, and the second ciphertext is decrypted to obtain information.
If the first quantum network service station and the second quantum network service station will also pass through other network node transfers, institute
Quantum key is interpreted as passing through between the two quantum network service stations (or network node) that direct communication connects between the station stated
Quantum key between the station that corresponding quantum key distribution equipment is formed, and not refer in particular to the first quantum network service station and the second amount
Quantum key between station between sub-network service station.
Optionally, the quantum key card and the current quantum network service station communicated with the user terminal that user terminal matches
Between without corresponding user side key, current quantum network service station according to user terminal add solution, it is close when the user side that uses
Key source is established with the quantum network service station for storing the user side key and is communicated, the data interacted with user terminal are sent
Corresponding Encrypt and Decrypt processing is carried out to the quantum network service station for storing the user side key.
When current quantum network service station is interacted with transmitting terminal, the data are ciphertext to be decrypted.
When current quantum network service station is interacted with receiving end, the data are information to be encrypted.
When data are ciphertext to be decrypted, the quantum network service station for storing the user side key is called accordingly in station
User side key decrypts ciphertext to obtain information, is encrypted using quantum key between station to information after decryption and is sent to current amount
Sub-network service station, current quantum network service station obtain information after decrypting using quantum key between station.
When data are information to be encrypted, current quantum network service station information is encrypted using quantum key between station and with
Ciphertext form is sent to the quantum network service station for storing the user side key, stores the quantum network service of the user side key
It stands and obtains information after decrypting using quantum key between station;Phase is called in station in the quantum network service station for storing the user side key
The user side key answered encrypts information and is sent to receiving end via current quantum network service station with ciphertext form.This hair
It is bright that a kind of communication means is also provided, it is applied to communication system of the present invention.Specific each implementation steps can be found in related communication
The narration of system.
The present invention, to quantum key seed operation, generates a large amount of keys using quantum key card in a short time, directly joins
With the encryption process of information.The utilization efficiency of key is improved, and optimizes the workflow of communication system, when saving work
Between, improve the working efficiency of encryption and decryption.User terminal does not need to go to obtain newly by quantum network service station within a certain period of time
Key can meet the needs to the encryption and decryption of information using the key that quantum key card generates, can thus reduce use
The cost of QKD corollary equipment and work required for the encryption and decryption of family end, reduces the consumption of resource, is conducive to the establishment of communication network
And the application in production, life.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of communication system of the present invention;
Fig. 2 is the structural schematic diagram in quantum network service station in communication system of the present invention.
Specific embodiment
Referring to Fig. 1, Fig. 2, the present embodiment communication system include the primary centre configured in order, secondary switching center,
Three-level switching centre and quantum network service station.
Wherein, primary centre can refer to the quantum network core station of a prefecture-level city or suitable size area, pass through
Preferably star topology network is connected with the secondary switching center.Wherein, primary centre can be handed over multiple second levels
Switching center9 is utilized respectively quantum key distribution equipment and realizes between station the distribution of quantum key and shared, and wherein cipher key distribution system can
To use a set of or more sets integrated.
Wherein, secondary switching center can refer to the quantum network core station of a county-level city or suitable size area, pass through
Preferably star topology network is connected with the three-level switching centre.Wherein, secondary switching center can be handed over multiple three-levels
Switching center9 is utilized respectively quantum key distribution equipment and realizes between station the distribution of quantum key and shared, and wherein quantum key distribution is set
It is integrated for a set of or more sets can be used.
Wherein, three-level switching centre can refer to the quantum network core station of a small towns or subdistrict office's size area,
It is connected by being preferably star topology network with the quantum network service station.Wherein, three-level switching centre can with it is multiple
Quantum network service station is utilized respectively quantum key distribution equipment and realizes between station the distribution of quantum key and shared, and wherein quantum is close
It is integrated that a set of or more sets can be used in key discharge device.
Wherein, quantum network service station refers to the quantum network station of a residential communities or suitable size area.
Quantum network service station includes:
Quantum service centre, be mainly used for by each user terminal of classic network and user side communicate to connect and and other
The communication connection of quantum network service station;Classic network includes but is not limited to telecommunications network, internet, broadcasting and television network or other are logical
Communication network etc..
Quantum key distribution equipment is mainly used for realizing the shared of quantum key between station by QKD mode.
Quantum random number generator is generated for receiving the application key request of user side Key Management server proposition
User side key, and it is sent to user side Key Management server;Use herein is true random number.It can be for based on circuit
Real random number generator, the real random number generator based on physical resource and other kinds of truly random generator.
User side Key Management server, storage, the user side key that generates from quantum random number generator of management can be with
The quantum key card of packaged type is accessed, hair fastener, registration, the copy user side key of realization can be in reception amount sub-services
The application key request that the heart proposes, the user side key for sending corresponding length give quantum service centre.
Wherein quantum service centre includes: authentication server and encryption and decryption server, other can be set as needed
Server, such as settable message authentication server, digital signature authentication server etc..
Authentication server extracts user side key according to the difference of user from user side Key Management server,
Plaintext identity information is decrypted into the identity information for transmitting encryption from user terminal, and the identity information of decryption is issued
It is whether identical compared with the identity information for being pre-stored in authentication server, it is if the same proved to be successful, user is allowed to enter
Its system logged in, otherwise authentication failed, does not allow user to log in the system that it to be logged in.
Encryption and decryption server obtains from quantum key management server or user side Key Management server close according to demand
Key decrypts the encryption information transmitted from user terminal, or the data encryption for needing to be transferred to user terminal.
The quantum key card that user terminal is matched with when communicating with quantum network service station may be implemented and quantum network service
The authentication stood can also be continuously generated newly using the user side key provided by quantum network service station as key seed
Key, realize that the cleartext informations such as video file, voice document, picture file, text file for transmitting to user terminal add
The function of decryption.
User issues quantum key card after the registration in quantum network service station is granted, and record has ownership in quantum key card
User information (such as User ID), and issue the quantum network service station ID of the quantum key card).Quantum network service station to
When user side key is written in quantum key card, these user side keys are also stored in quantum network service station, it is symmetrical to realize
Encryption.
Quantum key card can choose a small amount of user side key as key seed and carry out quantum key generating algorithm fortune
It calculates, generates a large amount of key, and store in quantum key card simultaneously.
Configured with the user terminal A1~user terminal An and user in user terminal, such as figure under each quantum network service station
Hold B1~user terminal Bn.It is whole also to can according to need progress on hardware for different servers or other devices in the present embodiment
It closes.
Embodiment 1, the information communication between two user terminals in wide area network
Firstly, user terminal A carries out authentication using the quantum key card held.
User terminal A (being equivalent to transmitting terminal) is configured from user terminal B (being equivalent to receiving end) in different quantum network services
It stands, user terminal A sends ID authentication request to the quantum network service station at place.
The quantum service station address information itself stored is sent to present communications by the matched quantum key card of user terminal A
Quantum service station carries out authentication if identity validation is legal and carries out information transmitting, if terminating operation, i.e. user terminal A hair
Play the strange land communication task failure between user terminal B.
The encryption of second, user terminal A to information.
The matched quantum key card of user terminal A can use key seed and carry out key schedule operation, obtain first
Key encrypts the cleartext informations such as video file, picture file, voice document, text file, obtains the first ciphertext.
Since the quantum key seed capacity of quantum key card once stored can achieve 10GB, it can guarantee one
In fixing time, quantum key card generates sufficient key by quantum key seed, for the encryption to information, do not need by
Quantum network service station obtains key and is used as key seed.The thus workflow that optimization quantum key generates, saves the time,
Accelerate the process of key participation information encryption and decryption, and all keys using it is complete it is primary after just directly abandon or do not use, from
And improve the safety to transmission information.
Third: user terminal A carries out cipher-text information transmitting and user terminal B receives information and completes decryption.
After user terminal A initiates the request communicated with user terminal B to network side, classical communication network can establish user terminal
The communication channel of A and user terminal B.First ciphertext can be sent to affiliated quantum network by classical communication network by user terminal A
Service station.
Quantum network service station according to the key seed ID of the matched quantum key card of user terminal A direction quantum network
Service station obtains the second key identical with first key, decrypts the first ciphertext using the second key and obtains the letter of plaintext version
Breath.
Quantum network service station belonging to user terminal A utilizes respective amount with quantum network service station belonging to user terminal B
Quantum key is shared between quantum key distribution equipment realization station, so that the information of plaintext version quantum net belonging to user terminal A
Quantum network service station belonging to user terminal B, then the decrypted information for recovering plaintext version are sent to after the encryption of network service station.
If also wanted between quantum network service station belonging to quantum network service station and user terminal B belonging to user terminal A
By other network node transfers, then by corresponding between two quantum network service stations (or network node) of direct communication connection
Quantum key distribution equipment formed station between quantum key, and successively transfer transmit ciphertext.
Between standing the distribution of quantum key be by the strange land key that fundamental principles of quantum mechanics is realized it is shared in the way of, preferably
It is the quantum key distribution based on detection illumination, the quantum key distribution based on discrete variable, based on the quantum of continuous variable
Key distribution.
Quantum network service station belonging to user terminal B, when response sends communication information request by user terminal A, it is also necessary to
The authentication with user terminal B is completed, whether confirmation user terminal B is legal.
After authentication success, quantum network service station belonging to user terminal B utilizes close according to the matched quantum of user terminal B
The key seed ID of key card obtains the information of corresponding third key pair plaintext version again in the quantum network service station of direction
Encryption, obtains the second ciphertext.
After the matched quantum key card of user terminal B receives the second ciphertext via user terminal B, with corresponding key seed in card
Generate the 4th key identical with third key.
It reuses the 4th the second ciphertext of key pair to be decrypted, obtains the information of plaintext version, complete logical with user terminal A
Letter.
Embodiment 2 belongs to two user terminals communication in a quantum network service station in local area network
When user terminal A, user terminal B belong to a quantum network service station, there is no need to by quantum key
Discharge device generates quantum key between new station, it is only necessary to be transmitted using the user side key pair of quantum network service station storage
Cipher-text information carries out encryption and decryption.
User terminal A, user terminal B are utilized respectively the identity of respectively matched quantum key card completion and quantum network service station
Certification.
The key seed of the matched quantum key Cali storage of user terminal A generates first key and encrypts to be formed to information
First ciphertext, the first ciphertext are transmitted to quantum network service station via transmitting terminal;
Quantum network service station generates the second key pair first identical with first key using the user side key in station
Ciphertext decrypts to obtain information;
Quantum network service station corresponding user side key is extracted in station according to the matched quantum key card of user terminal B
It generates third cipher key pair information to encrypt to form the second ciphertext, it is close that the second ciphertext via receiving end is sent to the matched quantum in receiving end
Key card;
It is close that the key seed of the matched quantum key Cali storage of user terminal B generates the identical with third key the 4th
Key, and the second ciphertext is decrypted to obtain information.
Claims (13)
1. a kind of communication system for realizing information encryption and decryption based on quantum network, the quantum network service including being configured at network side
Stand and be configured at the user terminal of user side, which is characterized in that be additionally provided with quantum key card, network side generates true random number and measuring
Sub-key card is stored with network side respectively to form corresponding user side key;The user side key of quantum key card and network side
It is respectively used to when user terminal is communicated with corresponding quantum network service station, to the Encrypt and Decrypt of information;
The user side key is as key seed, in user side, the generation of key used in Encrypt and Decrypt and carries out to information
Encrypt and Decrypt operation all carries out in quantum key card.
2. the communication system of information encryption and decryption is realized based on quantum network as described in claim 1, which is characterized in that described true
Random number is generated by the quantum network service station of network side, and is deposited respectively in the quantum key card and the quantum network service station
Storage is to form corresponding user side key.
3. the communication system of information encryption and decryption is realized based on quantum network as claimed in claim 2, which is characterized in that quantum is close
One or more quantum network service stations are downloaded under user side key in key card, it is close that quantum key card is stored with identity user side
The quantum network service station information in key source, while quantum key card is written in user side key by quantum network service station,
Calling when for Encrypt and Decrypt is stored in this service station.
4. the communication system of information encryption and decryption is realized based on quantum network as claimed in claim 3, which is characterized in that the use
Family side key is stored with corresponding key and generates calculation as key seed, the quantum key card and quantum network service station
Method is respectively used to generate key needed for information Encrypt and Decrypt process.
5. the communication system of information encryption and decryption is realized based on quantum network as claimed in claim 4, which is characterized in that the amount
Key seed in sub-key card is divided into several key seed collection according to source difference, and the key seed of same key seed collection is come
From same quantum network service station, different key seed collection has different key seed ID.
6. the communication system of information encryption and decryption is realized based on quantum network as claimed in claim 5, which is characterized in that key kind
Son be it is renewable, key seed update when:
User terminal, which is sent, to be updated application to quantum key card and notifies quantum network service station, and quantum key clamping, which is received, updates application
And key seed, the corresponding key seed of quantum network service station synchronized update are updated by pre-defined rule;
Or the access times of statistics key seed, when access times reach threshold value, quantum key card takes with corresponding quantum network
The business station corresponding key seed of synchronized update;
Or quantum key card counts the key seed quantity being not used by, and is prompted when reaching critical value, client exists on demand
Download new user side key in quantum network service station.
7. the communication system of information encryption and decryption is realized based on quantum network as described in claim 1, which is characterized in that network side
Quantum network service station include:
Quantum service centre, for being communicated to connect by each user terminal of classic network and user side;
Quantum random number generator generates the true random number;
User side Key Management server, with quantum service centre communicate to connect, for according to user request will from quantum with
The true random number of machine number generator is stored respectively to corresponding quantum key card and this quantum network service station, as corresponding
User side key.
8. the communication system of information encryption and decryption is realized based on quantum network as claimed in claim 7, which is characterized in that in network
Side, two quantum network service stations being connected are equipped with corresponding quantum key control centre, quantum key control centre and institute
Quantum service centre in quantum network service station communicates to connect, and corresponding Liang Ge quantum key control centre passes through quantum network
Key distribution is carried out, to quantum key between the formation station between two quantum network service stations being connected.
9. the communication system of information encryption and decryption is realized based on quantum network as claimed in claim 7, which is characterized in that the use
Family end includes transmitting terminal and receiving end, when the two carries out information transmission, comprising:
The key seed of the matched quantum key Cali storage of transmitting terminal generates first key and encrypts to form first to information
Ciphertext, the first ciphertext are transmitted to quantum network service station via transmitting terminal;
Quantum network service station generates the second key pair first identical with the first key using the user side key in station
Ciphertext decrypts to obtain information;
Corresponding user side key is extracted in station and generates the according to the matched quantum key card in receiving end in quantum network service station
Three cipher key pair informations encrypt to form the second ciphertext, and the second ciphertext is sent to the matched quantum key card in receiving end via receiving end;
The key seed of the matched quantum key Cali storage in receiving end generates the 4th key identical with the third key,
And the second ciphertext is decrypted to obtain information.
10. the communication system of information encryption and decryption is realized based on quantum network as claimed in claim 8, which is characterized in that user
Hold the quantum key card to match and between the current quantum network service station of user terminal communication without corresponding user
Side key, current quantum network service station according to user terminal add solution, it is close when the user side key source that uses, to storing the use
Request the user side key in the quantum network service station of family side key.
11. the communication system of information encryption and decryption is realized based on quantum network as claimed in claim 10, which is characterized in that storage
The quantum network service station of the user side key utilizes key schedule corresponding with user terminal, key is obtained, by the key
It is sent to current quantum network service station.
12. the communication system of information encryption and decryption is realized based on quantum network as claimed in claim 11, which is characterized in that described
User terminal includes transmitting terminal and receiving end, when the two carries out information transmission, comprising:
The key seed of the matched quantum key Cali storage of transmitting terminal generates first key and encrypts to form first to information
Ciphertext, the first ciphertext are transmitted to the first quantum network service station via transmitting terminal;
The quantum network that first quantum network service station is directed toward according to the corresponding key seed ID of the first ciphertext to key seed ID
The second key identical with the first key is requested in service station, decrypts to obtain information to the first ciphertext after obtaining the second key;
First quantum network service station is established logical according to receiving end address with the second quantum network service station of receiving end ownership
Letter, by information encryption transmission to the second quantum network service station, the second quantum network by way of quantum key between shared station
Service station obtains information by decryption;
Second quantum network service station refers to according to the key seed ID in the matched quantum key card in receiving end to key seed ID
To quantum network service station request third key, obtain third key after information is encrypted to form the second ciphertext, the second ciphertext
The matched quantum key card in receiving end is sent to via receiving end;
The key seed of the matched quantum key Cali storage in receiving end generates the 4th key identical with the third key,
And the second ciphertext is decrypted to obtain information.
13. a kind of communication means realizes that information adds solution applied to the described in any item quantum networks that are based on of such as claim 1~12
Close communication system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610845826.7A CN106452741B (en) | 2016-09-23 | 2016-09-23 | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610845826.7A CN106452741B (en) | 2016-09-23 | 2016-09-23 | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106452741A CN106452741A (en) | 2017-02-22 |
| CN106452741B true CN106452741B (en) | 2019-11-26 |
Family
ID=58167135
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610845826.7A Active CN106452741B (en) | 2016-09-23 | 2016-09-23 | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106452741B (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789052B (en) * | 2017-03-28 | 2020-06-05 | 浙江神州量子网络科技有限公司 | Remote key issuing system based on quantum communication network and use method thereof |
| CN107070663B (en) * | 2017-03-28 | 2023-08-18 | 浙江神州量子网络科技有限公司 | Mobile terminal-based field authentication method and field authentication system |
| CN106899898A (en) * | 2017-04-17 | 2017-06-27 | 江苏亨通问天量子信息研究院有限公司 | Secrecy intercom based on quantum key service station transfer communication |
| CN106941403A (en) * | 2017-04-17 | 2017-07-11 | 江苏亨通问天量子信息研究院有限公司 | Secrecy GSM and method based on quantum key |
| CN108540436B (en) * | 2018-01-10 | 2020-08-11 | 如般量子科技有限公司 | Communication system and communication method for realizing information encryption and decryption transmission based on quantum network |
| CN108768653A (en) * | 2018-03-01 | 2018-11-06 | 如般量子科技有限公司 | Identity authorization system based on quantum key card |
| CN108847928B (en) * | 2018-04-26 | 2021-04-06 | 如般量子科技有限公司 | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card |
| CN110505063B (en) * | 2018-05-17 | 2022-08-02 | 广东国盾量子科技有限公司 | Method and system for ensuring security of financial payment |
| CN110505053B (en) * | 2018-05-17 | 2022-04-12 | 广东国盾量子科技有限公司 | Quantum key filling method, device and system |
| CN109067705B (en) * | 2018-06-28 | 2020-12-01 | 如般量子科技有限公司 | Improved Kerberos identity authentication system and method based on group communication |
| CN108964896B (en) * | 2018-06-28 | 2021-01-05 | 如般量子科技有限公司 | Kerberos identity authentication system and method based on group key pool |
| CN109150519B (en) * | 2018-09-20 | 2021-11-16 | 如般量子科技有限公司 | Anti-quantum computing cloud storage security control method and system based on public key pool |
| CN109639407A (en) * | 2018-12-28 | 2019-04-16 | 浙江神州量子通信技术有限公司 | A method of information is encrypted and decrypted based on quantum network |
| CN109919611B (en) * | 2019-01-15 | 2021-11-16 | 如般量子科技有限公司 | Quantum computation resistant blockchain transaction method and system based on symmetric key pool server |
| CN113014956B (en) * | 2019-12-20 | 2022-06-03 | 腾讯科技(深圳)有限公司 | Video playing method and device |
| CN115473627A (en) * | 2021-06-11 | 2022-12-13 | 矩阵时光数字科技有限公司 | Quantum security layer networking method of network |
| CN113595725B (en) * | 2021-07-29 | 2023-08-11 | 如般量子科技有限公司 | Communication system and communication method based on quantum key card arrangement |
| CN115665735B (en) * | 2022-12-14 | 2023-03-14 | 尚禹河北电子科技股份有限公司 | Data transmission method, device, system and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1458749A (en) * | 2002-05-15 | 2003-11-26 | 深圳市中兴通讯股份有限公司 | Safe quantum communication method |
| CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282222B (en) * | 2008-05-28 | 2011-09-28 | 胡祥义 | Digital signature method based on CSK |
| JP2011130120A (en) * | 2009-12-16 | 2011-06-30 | Sony Corp | Quantum public key cryptosystem, key generation device, encryption device, decoder, key generating method, encryption method, and decoding method |
| US9002009B2 (en) * | 2010-06-15 | 2015-04-07 | Los Alamos National Security, Llc | Quantum key distribution using card, base station and trusted authority |
-
2016
- 2016-09-23 CN CN201610845826.7A patent/CN106452741B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1458749A (en) * | 2002-05-15 | 2003-11-26 | 深圳市中兴通讯股份有限公司 | Safe quantum communication method |
| CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106452741A (en) | 2017-02-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106452741B (en) | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network | |
| CN106357396B (en) | Digital signature method and system and quantum key card | |
| CN108540436B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on quantum network | |
| CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
| CN108462573B (en) | Flexible quantum secure mobile communication method | |
| CN101282211B (en) | Method for distributing key | |
| Zhang | Key management scheme for secure channel establishment in fog computing | |
| CN106411525A (en) | Message authentication method and system | |
| CN102088441B (en) | Data encryption transmission method and system for message-oriented middleware | |
| CN106452739A (en) | Quantum network service station and quantum communication network | |
| CN208986966U (en) | A kind of ciphering terminal and corresponding data transmission system | |
| CN102088352B (en) | Data encryption transmission method and system for message-oriented middleware | |
| CN108769986A (en) | A kind of GPRS remote transmitting gas meters encryption communication method | |
| CN108809636A (en) | The communication system and communication means of message authentication between member are realized based on group's type quantum key card | |
| CN108964895B (en) | User-to-User identity authentication system and method based on group key pool and improved Kerberos | |
| CN109995739A (en) | A kind of information transferring method, client, server and storage medium | |
| CN109842442B (en) | Quantum key service method taking airport as regional center | |
| CN111988260B (en) | Symmetric key management system, transmission method and device | |
| CN109889329A (en) | Anti- quantum calculation wired home quantum communications method and system based on quantum key card | |
| CN101471771B (en) | Method and system for transmitting and enciphering medium based on P2P network | |
| CN100438614C (en) | Method for realizing distributing asymmetric video conference safety system | |
| CN111371551A (en) | Quantum key synchronous relay device | |
| CN114531680B (en) | Light-weight IBC bidirectional identity authentication system and method based on quantum key | |
| CN108260125A (en) | A kind of cryptographic key distribution method of the content distribution application based on D2D communications | |
| CN103427985B (en) | A kind of method that data encryption key is distributed to telecommunication terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |