CN109525390B - Quantum key wireless distribution method and system for terminal equipment secret communication - Google Patents
Quantum key wireless distribution method and system for terminal equipment secret communication Download PDFInfo
- Publication number
- CN109525390B CN109525390B CN201811383187.2A CN201811383187A CN109525390B CN 109525390 B CN109525390 B CN 109525390B CN 201811383187 A CN201811383187 A CN 201811383187A CN 109525390 B CN109525390 B CN 109525390B
- Authority
- CN
- China
- Prior art keywords
- quantum key
- key
- quantum
- terminal equipment
- distribution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention discloses a quantum key wireless distribution method for secret communication of terminal equipment, wherein seeds of a distributed key used for quantum key distribution are quantum true random numbers; the quantum key server encrypts a quantum key by using a distribution key and sends the quantum key to terminal equipment in a wireless transmission mode; (2) and the terminal equipment receives the encrypted quantum key sent by the quantum key server, decrypts the encrypted quantum key by using the same distribution key, and obtains the quantum key distributed by the quantum key server. According to the quantum key wireless distribution method, the distribution of the quantum key is separated from the quantum trunk network, the wireless transmission of the quantum key is completed only by means of the traditional communication channel, the project deployment is convenient and fast, the investment cost is low, and the distribution mode is simple. On the other hand, the seeds for generating the distribution key are expanded into quantum true random numbers, so that the safety and the safety level of the wireless distribution quantum key can be greatly improved.
Description
Technical Field
The invention belongs to the technical field of quantum communication, and particularly relates to a quantum key wireless distribution method for terminal equipment secret communication and a quantum key wireless distribution system for terminal equipment secret communication.
Background
In recent years, traditional encryption methods based on mathematical principles have proven to present security concerns that will reinforce people's concerns about the security of classical cryptography. The widely used mathematical cryptosystem which is not well proven at present is likely to be deciphered or found to have fatal security holes when people are unexpected. In addition, quantum computing also brings unprecedented potential threats to classical cryptosystems. Therefore, the research on the cryptosystem trend capable of resisting quantum computing attack is imperative, all the factors promote the development of the secret communication technology to the next stage, and the quantum communication technology represents a technically feasible development direction and is also an important means for realizing the information theory safety.
Quantum communication is an important branch of quantum informatics, and mainly relates to aspects such as Quantum Key Distribution (QKD), quantum crypto-morphism, quantum secure communication and the like. Quantum secure communication is a communication technology for encrypting and decrypting service data by using a random number key (or quantum key) with the same length as encrypted data, and how to generate or distribute the quantum key is the basis of quantum secure communication. Quantum Key Distribution (QKD) has both wireless distribution, where wired distribution is transmitted through optical fibers, and limited distribution, where wireless distribution is transmitted through optical signals over air as the transmission medium. At present, the security of wired quantum key distribution depends on the principle of physics, the quantum key distribution depends on a quantum trunk network, the requirements on equipment of a quantum key sending end and a quantum key receiving end are high, a lot of equipment needs to be erected on the quantum trunk network, the investment cost is high, and the project deployment is complex. On the other hand, the security level of wirelessly distributing quantum keys is not high because the seed that generates the key is extended to a pseudo-random number using a mathematical approach.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a quantum key wireless distribution method for terminal equipment secret communication, the distribution of the quantum key is separated from a quantum trunk network, the wireless transmission of the quantum key is completed only by means of a traditional communication channel, the project deployment is convenient and fast, the investment cost is low, and the distribution mode is simple. On the other hand, the seeds for generating the distribution key are expanded into quantum true random numbers, so that the safety and the safety level of the wireless distribution quantum key can be greatly improved.
In order to solve the technical problem, the invention provides a quantum key wireless distribution method for terminal equipment secret communication, wherein seeds of a distribution key used for quantum key distribution are quantum true random numbers; the quantum key wireless distribution method comprises the following steps,
(1) the quantum key server encrypts the quantum key by using the distributed key and sends the encrypted quantum key to the terminal equipment in a wireless transmission mode;
(2) and the terminal equipment receives the encrypted quantum key sent by the quantum key server, decrypts the encrypted quantum key by using the same distribution key, and obtains the quantum key distributed by the quantum key server.
In a preferred embodiment of the present invention, the distributing key is generated by expanding the remaining quantum key on the terminal device.
In a preferred embodiment of the present invention, the terminal device further uses a key expansion algorithm to expand the remaining quantum keys of a certain byte, so as to generate the distribution key.
In a preferred embodiment of the present invention, the terminal device further includes a means for obtaining an initial quantum key by interface perfusion; and the same initial quantum key is backed up and stored on the quantum key server.
In a preferred embodiment of the present invention, the method for wirelessly distributing quantum keys further comprises,
the terminal equipment sends a request for distributing the quantum key to a quantum key server, and sends position information of the quantum key for generating the distributed key in an expansion mode and a key expansion algorithm to the quantum key server;
after the quantum key server side verifies the identity of the terminal equipment, the position information and the key expansion algorithm of the quantum key which is used for generating the distribution key in an expansion mode and sent by the terminal equipment are received, the same key expansion algorithm is used for expanding the quantum key at the same position, and the distribution key which is the same as the distribution key of the terminal equipment is generated.
In a preferred embodiment of the present invention, the method for wirelessly distributing quantum keys further comprises,
the terminal equipment performs hash operation on the expanded distributed key and sends a first hash value obtained by the hash operation to the quantum key server;
the quantum key service end performs hash operation on the expanded distributed key to obtain a second hash value, and performs hash check on the second hash value and the first hash value sent by the terminal equipment; after the Hash check is qualified, the quantum key service end performs Hash operation on the quantum key distributed to the terminal equipment, and sends a third Hash value obtained by the Hash operation to the terminal equipment;
and the terminal equipment performs hash operation on the quantum key distributed by the quantum key server to obtain a fourth hash value, and performs hash check on the fourth hash value and a third hash value sent by the quantum key server.
In a preferred embodiment of the present invention, the method for wirelessly distributing quantum keys further comprises,
the terminal equipment encrypts a first hash value, position information of a quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using a service quantum key and transmits the encrypted position information to a quantum key server; the quantum key server decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a first hash value sent by the terminal equipment, position information of the quantum key used for generating the distribution key in an expansion mode and a key expansion algorithm;
the quantum key server encrypts a third hash value, position information of a quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using a service quantum key and transmits the encrypted third hash value, the position information and the key expansion algorithm to terminal equipment; and the terminal equipment decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a third hash value sent by the quantum key server, position information of the quantum key for generating the distribution key in an expansion mode and a key expansion algorithm.
In a preferred embodiment of the present invention, it is further included that the key expansion algorithm includes, but is not limited to, SHA128 algorithm, SHA256 algorithm, AES algorithm.
In a preferred embodiment of the present invention, the quantum key server sends the encrypted quantum key to the terminal device using a wireless transmission method including, but not limited to, 4G network and Wifi.
In order to solve the technical problem, the invention also provides a quantum key wireless distribution system for terminal equipment secret communication, which comprises terminal equipment and a quantum key server, wherein the terminal equipment and the quantum key server are respectively provided with a quantum true random number for generating a distribution key;
the quantum key server is used for encrypting the quantum key by using the distributed key and sending the encrypted quantum key to the terminal equipment in a wireless transmission mode;
the terminal device is used for receiving the encrypted quantum key sent by the quantum key server and decrypting the encrypted quantum key through the distribution key same as the quantum key server to obtain the quantum key.
In a preferred embodiment of the present invention, the terminal device is further configured to expand the remaining quantum key of a certain byte by using a key expansion algorithm, so as to generate the distribution key.
In a preferred embodiment of the present invention, the terminal device is further configured to receive an initial quantum key through an interface perfusion method, and the quantum key server is further configured to backup and store the same initial quantum key.
In a preferred embodiment of the present invention, the terminal device is further configured to send a request for distributing a quantum key to a quantum key server, and send location information and key expansion algorithm information of the quantum key used for generating the distributed key by expansion to the quantum key server;
the quantum key server is used for receiving a quantum key distribution request of the terminal equipment, receiving the position information and the key expansion algorithm of the quantum key used for generating the distribution key in an expansion mode sent by the terminal equipment after the identity of the terminal equipment is verified, expanding the quantum key at the same position by using the same key expansion algorithm, and generating the distribution key the same as that of the terminal equipment.
In a preferred embodiment of the present invention, the terminal device is further configured to perform a hash operation on the distribution key generated by the expansion, and send a first hash value obtained by the hash operation to the quantum key server;
the quantum key server is also used for carrying out Hash operation on the distribution key generated by expansion to obtain a second Hash value and carrying out Hash check on the second Hash value and the first Hash value sent by the terminal equipment; after the Hash check is qualified, the quantum key service end performs Hash operation on the quantum key distributed to the terminal equipment, and sends a third Hash value obtained by the Hash operation to the terminal equipment;
the terminal device is further used for performing hash operation on the quantum key distributed by the quantum key server to obtain a fourth hash value, and performing hash check on the fourth hash value and a third hash value sent by the quantum key server.
In a preferred embodiment of the present invention, the terminal device is further configured to encrypt the first hash value, the position information of the quantum key used for generating the distribution key by using the service quantum key, and the key expansion algorithm, and transmit the encrypted result to the quantum key server; the quantum key server decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a first hash value sent by the terminal equipment, position information of the quantum key used for generating the distribution key in an expansion mode and a key expansion algorithm;
the quantum key server is also used for encrypting a third hash value, position information of a quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using a service quantum key and transmitting the encrypted position information to the terminal equipment; and the terminal equipment decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a third hash value sent by the quantum key server, position information of the quantum key for generating the distribution key in an expansion mode and a key expansion algorithm.
In a preferred embodiment of the present invention, it is further included that the key expansion algorithm includes, but is not limited to, SHA128 algorithm, SHA256 algorithm, AES algorithm.
In a preferred embodiment of the present invention, the quantum key server sends the encrypted quantum key to the terminal device using a wireless transmission method including, but not limited to, 4G network and Wifi.
The invention has the beneficial effects that:
first, compared with a wired distribution mode of the quantum key in the prior art, the wireless distribution mode of the quantum key can reduce the difficulty of project deployment, reduce the investment cost and simplify the distribution mode.
In the prior art, wired distribution of quantum keys needs to be realized by means of a quantum trunk network, and the project for deploying the quantum trunk network is high in cost and complex in project deployment.
In the technology of the invention, the quantum key reaches the terminal equipment in a wireless transmission mode, the distribution of the quantum key and the separation of the quantum trunk network are realized, the wireless transmission of the quantum key is completed only by the aid of a traditional communication channel, the project deployment is convenient and fast, the investment cost is low, the construction period is short, and the distribution mode is simple.
Compared with a wireless distribution mode of the quantum key in the prior art, the method and the device can greatly improve the security and the security level of the wireless distribution of the quantum key.
In the prior art, a pseudo-random number obtained by an algorithm based on a mathematical principle is used as a seed for generating a distribution key, so that the security level is low and the security is poor.
Compared with the wireless distribution mode of the quantum key in the prior art, the wireless distribution mode of the quantum key can greatly improve the security and the security level of the wireless distribution quantum key.
On the other hand, in the wireless distribution mode of the quantum key, the terminal equipment and the quantum key server side respectively expand to generate the same distributed key without distributing through algorithms such as RSA and the like, so that the safety of the generation of the distributed key is further improved.
Drawings
FIG. 1 is a flow chart of a method for wireless distribution of quantum keys in a preferred embodiment of the invention;
fig. 2 is a schematic structural diagram of the terminal device obtaining the initial quantum key in the preferred embodiment of the present invention;
fig. 3 is a schematic structural diagram of a terminal device obtaining a distributed quantum key in a preferred embodiment of the present invention.
Detailed Description
The present invention is further described below in conjunction with the following figures and specific examples so that those skilled in the art may better understand the present invention and practice it, but the examples are not intended to limit the present invention.
Example one
The embodiment discloses a quantum key wireless distribution method, which is used for secret communication of services by terminal equipment through distributing obtained quantum keys.
The main hardware devices involved in the wireless distribution of the quantum key in this embodiment include:
(1) terminal device
The terminal device may be a mobile terminal such as a smart phone, a tablet computer, a notebook computer, a PDA (personal digital assistant), or other terminal devices such as a set-top box and a PC, which are a request end and a receiving end for quantum key distribution.
And a storage device, a USB, a Type-C and other common data interfaces are arranged in the terminal device. And the terminal equipment pours the initial quantum key into the internal storage equipment through common data interfaces such as USB, Type-C and the like.
(2) Quantum key server
The quantum key server is a sending end for quantum key distribution. And the quantum key server shares the initial quantum key with the terminal equipment passing the identity authentication. The initial quantum key acquired by the terminal equipment is generated by the quantum key server and is poured into the storage equipment of the terminal equipment in an interface pouring mode.
In the technical solution of this embodiment, the quantum key perfused or/and distributed to the terminal device has the following functions: firstly, the encryption and decryption service data are used when the terminal equipment carries out quantum secret communication; and the encryption and decryption seeds are used for expanding and generating the distribution key.
In an initial state, the terminal device obtains an initial quantum key in a pouring mode, quantum secret communication is carried out by using the initial quantum key, when the key quantity of the initial quantum key is lower than a critical value, the terminal device sends a quantum key distribution request to the quantum key server, and the quantum key server distributes the quantum key to the terminal device in a wireless distribution mode.
In the invention, the seed of the distributed key used in the quantum key wireless distribution method is a quantum true random number. In the technical solution of this embodiment, the seed of the distributed key is a remaining quantum key on the terminal device. In actual use, the residual quantum key of a certain byte is taken as a seed for generating a distribution key in an expansion mode. Because the quantum key is a quantum true random number, the quantum true random number is taken as a seed for distributing the key, so that the safety level and safety of quantum key distribution can be greatly improved.
As shown in fig. 1, in the technical solution of this embodiment, when the quantum key server distributes the quantum key to the terminal device, the two terminals use the same distributed key, and the process of obtaining the same distributed key by the two terminals is as follows:
the process of the terminal device obtaining the distribution key is as follows:
s1, as shown in fig. 2, the terminal device obtains a first quantum key (initial quantum key) by interface perfusion, and the quantum key server backups and stores the same initial quantum key;
s2, the terminal device consumes the quantum key to carry out quantum secret communication, and when the amount of the residual quantum key is lower than a critical value, the terminal device takes the residual quantum key of a certain byte as a seed of a distribution key;
s3, the terminal device expands the seed of the distributed key using the key expansion algorithm to generate the distributed key.
The process of obtaining the distributed key by the quantum key server is as follows:
when a terminal device initiates a quantum key distribution request to a quantum key sub-server, data information such as a key expansion algorithm for generating a distribution key in an expansion mode, the initial position and the number of bytes of a quantum key used as a distribution key seed is sent to the quantum key server, the quantum key server receives the quantum key distribution request initiated by the terminal device, verifies the terminal device and then receives the data information, the quantum key at the same position is expanded by using the same key expansion algorithm (when the initial position and the number of bytes from the initial position are consistent, the terminal device and the quantum key server can uniquely determine the same quantum key), and the distribution key identical with the terminal device is generated.
In the above, the key expansion algorithm for expanding the generated distributed key includes, but is not limited to, SHA128 algorithm, SHA256 algorithm, AES algorithm.
As shown in fig. 1-3, the quantum key wireless distribution method of the present invention specifically includes the following steps,
(1) the terminal equipment initiates a quantum key distribution request to the quantum key server;
(2) the quantum key server encrypts the quantum key by using the distributed key and sends the quantum key to the terminal equipment in a wireless transmission mode;
(3) and the terminal equipment receives the encrypted quantum key sent by the quantum key server, decrypts the encrypted quantum key by using the same distribution key, and obtains the quantum key distributed by the quantum key server.
As described above, in the technical solution of this embodiment, the wireless transmission mode used by the quantum key server to send the encrypted quantum key to the terminal device includes, but is not limited to, a 4G network and Wifi.
In order to further improve the security and the security level of the quantum key distribution, the quantum key wireless distribution method further comprises,
the terminal equipment performs hash operation on the expanded distributed key and sends a first hash value obtained by the hash operation to the quantum key server;
the quantum key service end performs hash operation on the expanded distributed key to obtain a second hash value, and performs hash check on the second hash value and the first hash value sent by the terminal equipment; after the Hash check is qualified, the quantum key service end performs Hash operation on the quantum key distributed to the terminal equipment, and sends a third Hash value obtained by the Hash operation to the terminal equipment;
the terminal device performs hash operation on the quantum key distributed by the quantum key server to obtain a fourth hash value, and performs hash check on the fourth hash value and a third hash value sent by the quantum key server.
In the above, the quantum key service end performs hash check on the distributed key to verify the correctness and integrity of the distributed key; meanwhile, the terminal equipment performs hash check on the distributed quantum key so as to verify the correctness and the integrity of the distributed quantum key.
Further, hash values are transmitted between the terminal device and the quantum key server, and the quantum key position information and the key expansion algorithm are transmitted after being encrypted, so that the security and the security level of quantum key distribution are further improved:
the terminal equipment encrypts a first hash value, position information of a quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using a business quantum key and transmits the encrypted position information to a quantum key server; the quantum key server decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a first hash value sent by the terminal equipment, position information of the quantum key used for generating the distribution key in an expansion mode and a key expansion algorithm;
the quantum key server encrypts a third hash value, position information of a quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using a service quantum key and transmits the encrypted third hash value to terminal equipment; and the terminal equipment decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a third hash value sent by a quantum key server, position information of the quantum key for generating the distribution key in an expansion mode and a key expansion algorithm.
Specifically, for convenience of description, starting from the i position of the remaining quantum key of the terminal device, a description is given of a process of distributing the quantum key by taking the remaining quantum key of 16 bytes as a seed of the distribution key (of course, according to actual use needs, other byte numbers of the quantum key may also be used, such as 20 bytes, 25 bytes, and the like, where the byte number does not limit the protection scope of the present application):
s01, the terminal equipment takes the 16-byte quantum key from the position i, expands the 16-byte quantum key from the position i by using a key expansion algorithm to generate a 32-byte distribution key, and performs hash operation on the expanded distribution key to obtain a digest sig;
s02, the terminal equipment sends the abstract sig, the position information i and the byte number (16 bytes) to the quantum key server;
s03, the quantum key server side finds out a corresponding position i' according to the position mapping table of the terminal device;
s04 the quantum key server side takes 16-byte quantum keys from the i ' position, expands the 16-byte quantum keys from the i ' position by using the same key expansion algorithm to generate 32-byte distribution keys, and performs Hash operation on the expanded distribution keys to obtain an abstract sig ';
s05, the quantum key service end compares the digest sig with the digest sig ', and the verification is successful when the digest sig is the same as the digest sig';
s06, after the digest sig and the digest sig' are successfully verified, the quantum key service end performs Hash operation on the distributed quantum key to obtain a digest sig;
s07, the quantum key server encrypts the quantum key QKey by using the distributed key to obtain the QKey ', and sends the QKey ' and the digest sig ' to the terminal equipment in a wireless transmission mode;
s08, the terminal equipment receives the QKey 'and the digest sig', decrypts the QKey 'by using the distributed key to obtain the quantum key QKey, and performs Hash operation on the decrypted quantum key QKey to obtain the digest sig';
s09 the terminal equipment compares the abstract sig 'with the abstract sig' ″, when the abstract sig 'is the same as the abstract sig', the verification is successful, and the terminal equipment uses the quantum key QKey distributed by the quantum key server side to carry out secret communication.
Example two
The embodiment discloses a quantum key wireless distribution system for terminal equipment secret communication, which comprises terminal equipment and a quantum key server.
The terminal device may be a mobile terminal such as a smart phone, a tablet computer, a notebook computer, a PDA (personal digital assistant), or other terminal devices such as a set-top box and a PC, and is a request end and a receiving end for quantum key distribution.
And a storage device, a USB, a Type-C and other common data interfaces are arranged in the terminal device. And the terminal equipment pours the initial quantum key into the internal storage equipment through common data interfaces such as USB, Type-C and the like.
The quantum key server is a sending end for quantum key distribution. And the quantum key server shares the initial quantum key with the terminal equipment passing the identity authentication. The initial quantum key acquired by the terminal equipment is generated by the quantum key server and is poured into the storage equipment of the terminal equipment in an interface pouring mode.
The quantum key server is used for encrypting the quantum key by using the distributed key and sending the encrypted quantum key to the terminal equipment in a wireless transmission mode;
the terminal device is used for receiving the encrypted quantum key sent by the quantum key server and decrypting the encrypted quantum key through the distribution key same as the quantum key server to obtain the quantum key.
In an initial state, the terminal device obtains an initial quantum key in a pouring mode, quantum secret communication is carried out by using the initial quantum key, when the key quantity of the initial quantum key is lower than a critical value, the terminal device sends a quantum key distribution request to the quantum key server, and the quantum key server distributes the quantum key to the terminal device in a wireless distribution mode.
In the invention, the terminal device and the quantum key server have quantum true random numbers for generating the distribution key. In the technical solution of this embodiment, the seed of the distributed key is a remaining quantum key on the terminal device. In actual use, the residual quantum key of a certain byte is taken as a seed for generating a distribution key in an expansion mode. Because the quantum key is a quantum true random number, the quantum true random number is taken as a seed for distributing the key, so that the safety level and safety of quantum key distribution can be greatly improved.
In the technical scheme of this embodiment, when the quantum key server distributes the quantum key to the terminal device, the quantum key server and the terminal device use the same distributed key for encryption and decryption, and the process of obtaining the same distributed key by the quantum key server and the terminal device is as follows:
the process of the terminal device obtaining the distribution key is as follows:
s1, as shown in fig. 2, the terminal device obtains a first quantum key (initial quantum key) by interface perfusion, and the quantum key server backups and stores the same initial quantum key;
s2, the terminal device consumes the quantum key to carry out quantum secret communication, and when the amount of the residual quantum key is lower than a critical value, the terminal device takes the residual quantum key of a certain byte as a seed of a distribution key;
s3, the terminal device expands the seed of the distributed key using the key expansion algorithm to generate the distributed key.
The process of obtaining the distributed key by the quantum key server is as follows:
when a terminal device initiates a quantum key distribution request to a quantum key sub-server, data information such as a key expansion algorithm for expanding generated distribution keys, the initial position and the number of bytes of the quantum key is sent to the quantum key sub-server, the quantum key sub-server receives the quantum key distribution request initiated by the terminal device, verifies the terminal device and then receives the data information, expands the quantum key at the same position by using the same key expansion algorithm (here, when the initial position and the number of bytes from the initial position are consistent, the terminal device and the quantum key sub-server can uniquely determine the same quantum key), and generates the distribution key which is the same as that of the terminal device.
In the above, the key expansion algorithm for expanding the generated distributed key includes, but is not limited to, SHA128 algorithm, SHA256 algorithm, AES algorithm.
As described above, in the technical solution of this embodiment, the wireless transmission mode used by the quantum key server to send the encrypted quantum key to the terminal device includes, but is not limited to, a 4G network and Wifi.
In order to further improve the security and the security level of quantum key distribution, the terminal device is further configured to perform hash operation on the distributed key generated by expansion, and send a first hash value obtained by the hash operation to the quantum key server;
the quantum key server is further used for performing hash operation on the distribution key generated by expansion to obtain a second hash value, and performing hash check on the second hash value and the first hash value sent by the terminal device; after the Hash check is qualified, the quantum key service end performs Hash operation on the quantum key distributed to the terminal equipment, and sends a third Hash value obtained by the Hash operation to the terminal equipment;
the terminal device is further configured to perform hash operation on the quantum key distributed by the quantum key server to obtain a fourth hash value, and perform hash check on the fourth hash value and a third hash value sent by the quantum key server.
In the above, the quantum key service end performs hash check on the distributed key to verify the correctness and integrity of the distributed key; meanwhile, the terminal equipment performs hash check on the distributed quantum key so as to verify the correctness and the integrity of the distributed quantum key.
Further, hash values are transmitted between the terminal device and the quantum key server, and the quantum key position information and the key expansion algorithm are transmitted after being encrypted, so that the security and the security level of quantum key distribution are further improved:
the terminal equipment encrypts a first hash value, position information of a quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using a business quantum key and transmits the encrypted position information to a quantum key server; the quantum key server decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a first hash value sent by the terminal equipment, position information of the quantum key used for generating the distribution key in an expansion mode and a key expansion algorithm;
the quantum key server encrypts a third hash value, position information of a quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using a service quantum key and transmits the encrypted third hash value to terminal equipment; and the terminal equipment decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a third hash value sent by a quantum key server, position information of the quantum key for generating the distribution key in an expansion mode and a key expansion algorithm.
Specifically, for convenience of description, starting from the i position of the remaining quantum key of the terminal device, a description is given of a process of distributing the quantum key by taking the remaining quantum key of 16 bytes as a seed of the distribution key (of course, according to actual use requirements, other quantum keys of byte numbers, such as 20 bytes, 25 bytes, and the like, may also be used, and the byte number here does not limit the protection scope of the present application):
s01, the terminal equipment takes the 16-byte quantum key from the position i, expands the 16-byte quantum key from the position i by using a key expansion algorithm to generate a 32-byte distribution key, and performs hash operation on the expanded distribution key to obtain a digest sig;
s02, the terminal equipment sends the abstract sig, the position information i and the byte number (16 bytes) to the quantum key server;
s03, the quantum key server side finds out a corresponding position i' according to the position mapping table of the terminal device;
s04 the quantum key server side takes 16-byte quantum keys from the i ' position, expands the 16-byte quantum keys from the i ' position by using the same key expansion algorithm to generate 32-byte distribution keys, and performs Hash operation on the expanded distribution keys to obtain an abstract sig ';
s05, the quantum key service end compares the digest sig with the digest sig ', and the verification is successful when the digest sig is the same as the digest sig';
s06, after the digest sig and the digest sig' are successfully verified, the quantum key service end performs Hash operation on the distributed quantum key to obtain a digest sig;
s07, the quantum key server encrypts the quantum key QKey by using the distributed key to obtain the QKey ', and sends the QKey ' and the digest sig ' to the terminal equipment in a wireless transmission mode;
s08, the terminal equipment receives the QKey 'and the digest sig', decrypts the QKey 'by using the distributed key to obtain the quantum key QKey, and performs Hash operation on the decrypted quantum key QKey to obtain the digest sig';
s09 the terminal equipment compares the abstract sig 'with the abstract sig' ″, when the abstract sig 'is the same as the abstract sig', the verification is successful, and the terminal equipment uses the quantum key QKey distributed by the quantum key server side to carry out secret communication.
The above-mentioned embodiments are merely preferred embodiments for fully illustrating the present invention, and the scope of the present invention is not limited thereto. The equivalent substitution or change made by the technical personnel in the technical field on the basis of the invention is all within the protection scope of the invention. The protection scope of the invention is subject to the claims.
Claims (15)
1. A quantum key wireless distribution method for terminal equipment secret communication is characterized in that: the seed of the distributed key used for distributing the quantum key is a quantum true random number; the quantum key wireless distribution method comprises the following steps,
(1) the quantum key server encrypts the quantum key by using the distributed key and sends the encrypted quantum key to the terminal equipment in a wireless transmission mode;
(2) the terminal equipment receives the encrypted quantum key sent by the quantum key server, decrypts the encrypted quantum key by using the same distribution key, and obtains the quantum key distributed by the quantum key server;
the quantum key wireless distribution method further comprises,
the terminal equipment sends a request for distributing the quantum key to a quantum key server, and sends position information of the quantum key for generating the distributed key in an expansion mode and a key expansion algorithm to the quantum key server;
after the quantum key server side verifies the identity of the terminal equipment, the position information and the key expansion algorithm of the quantum key which is used for generating the distribution key in an expansion mode and sent by the terminal equipment are received, the same key expansion algorithm is used for expanding the quantum key at the same position, and the distribution key which is the same as the distribution key of the terminal equipment is generated.
2. The wireless distribution method of quantum keys for secure communication of terminal devices according to claim 1, characterized in that: the distribution key is generated by the quantum key expansion left on the terminal equipment.
3. The method as claimed in claim 2, wherein the terminal device expands the remaining quantum key of a byte by using a key expansion algorithm to generate the distributed key.
4. The wireless quantum key distribution method for terminal device secure communication as claimed in claim 1, wherein the terminal device obtains the initial quantum key by interface perfusion; and the same initial quantum key is backed up and stored on the quantum key server.
5. The wireless distribution method of quantum keys for secure communication of terminal devices according to claim 1, characterized in that: the quantum key wireless distribution method further comprises,
the terminal equipment performs hash operation on the expanded distributed key and sends a first hash value obtained by the hash operation to the quantum key server;
the quantum key service end performs hash operation on the expanded distributed key to obtain a second hash value, and performs hash check on the second hash value and the first hash value sent by the terminal equipment; after the Hash check is qualified, the quantum key service end performs Hash operation on the quantum key distributed to the terminal equipment, and sends a third Hash value obtained by the Hash operation to the terminal equipment;
and the terminal equipment performs hash operation on the quantum key distributed by the quantum key server to obtain a fourth hash value, and performs hash check on the fourth hash value and a third hash value sent by the quantum key server.
6. The wireless distribution method of quantum keys for secure communication of terminal devices according to claim 5, characterized in that: the quantum key wireless distribution method further comprises,
the terminal equipment encrypts a first hash value, position information of a quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using a service quantum key and transmits the encrypted position information to a quantum key server; the quantum key server decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a first hash value sent by the terminal equipment, position information of the quantum key used for generating the distribution key in an expansion mode and a key expansion algorithm;
the quantum key server encrypts a third hash value, position information of a quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using a service quantum key and transmits the encrypted third hash value, the position information and the key expansion algorithm to terminal equipment; and the terminal equipment decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a third hash value sent by the quantum key server, position information of the quantum key for generating the distribution key in an expansion mode and a key expansion algorithm.
7. The wireless distribution method of quantum keys for secure communication of terminal devices according to claim 3, characterized in that: the key expansion algorithm includes, but is not limited to, SHA128 algorithm, SHA256 algorithm, AES algorithm.
8. The wireless distribution method of quantum keys for secure communication of terminal devices according to claim 1, characterized in that: the quantum key server sends the encrypted quantum key to the terminal device for use in a wireless transmission mode including, but not limited to, 4G network and Wifi.
9. A quantum key wireless distribution system for secure communication of terminal devices, characterized by: the system comprises terminal equipment and a quantum key server, wherein the terminal equipment and the quantum key server are respectively provided with a quantum true random number used for generating a distribution key;
the quantum key server is used for encrypting the quantum key by using the distributed key and sending the encrypted quantum key to the terminal equipment in a wireless transmission mode;
the terminal device is used for receiving the encrypted quantum key sent by the quantum key server and decrypting the encrypted quantum key through a distribution key which is the same as that of the quantum key server to obtain the quantum key;
the terminal equipment is also used for sending a request for distributing the quantum key to a quantum key server and sending the position information and the key expansion algorithm information of the quantum key for generating the distributed key in an expansion mode to the quantum key server;
the quantum key server is used for receiving a quantum key distribution request of the terminal equipment, receiving the position information and the key expansion algorithm of the quantum key used for generating the distribution key in an expansion mode sent by the terminal equipment after the identity of the terminal equipment is verified, expanding the quantum key at the same position by using the same key expansion algorithm, and generating the distribution key the same as that of the terminal equipment.
10. The wireless quantum key distribution system for secure communication of terminal devices according to claim 9, wherein: the terminal device is further configured to expand the remaining quantum key of a certain byte by using a key expansion algorithm to generate the distribution key.
11. The wireless quantum key distribution system for secure communication of terminal devices according to claim 9, wherein: the terminal device is further used for receiving an initial quantum key through an interface perfusion mode, and the quantum key server is further used for backing up and storing the same initial quantum key.
12. The wireless quantum key distribution system for secure communication of terminal devices according to claim 9, wherein: the terminal equipment is also used for carrying out Hash operation on the expanded and generated distribution key and sending a first Hash value obtained by the Hash operation to the quantum key server;
the quantum key server is also used for carrying out Hash operation on the distribution key generated by expansion to obtain a second Hash value and carrying out Hash check on the second Hash value and the first Hash value sent by the terminal equipment; after the Hash check is qualified, the quantum key service end performs Hash operation on the quantum key distributed to the terminal equipment, and sends a third Hash value obtained by the Hash operation to the terminal equipment;
the terminal device is further used for performing hash operation on the quantum key distributed by the quantum key server to obtain a fourth hash value, and performing hash check on the fourth hash value and a third hash value sent by the quantum key server.
13. The wireless distribution system of quantum keys for secure communication of terminal devices according to claim 12, wherein: the terminal equipment is also used for encrypting the first hash value, the position information of the quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using the service quantum key and transmitting the encrypted position information to the quantum key server; the quantum key server decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a first hash value sent by the terminal equipment, position information of the quantum key used for generating the distribution key in an expansion mode and a key expansion algorithm;
the quantum key server is also used for encrypting a third hash value, position information of a quantum key for generating the distribution key in an expansion mode and a key expansion algorithm by using a service quantum key and transmitting the encrypted position information to the terminal equipment; and the terminal equipment decrypts the encrypted information sent by the terminal equipment by using the same service quantum key, and obtains a third hash value sent by the quantum key server, position information of the quantum key for generating the distribution key in an expansion mode and a key expansion algorithm.
14. The wireless quantum key distribution system for secure communication of terminal devices as recited in claim 13, wherein: the key expansion algorithm includes, but is not limited to, SHA128, algorithm, SHA256 algorithm, AES algorithm.
15. The wireless quantum key distribution system for secure communication of terminal devices according to claim 9, wherein: the quantum key server sends the encrypted quantum key to the terminal device for use in a wireless transmission mode including, but not limited to, 4G network and Wifi.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811383187.2A CN109525390B (en) | 2018-11-20 | 2018-11-20 | Quantum key wireless distribution method and system for terminal equipment secret communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811383187.2A CN109525390B (en) | 2018-11-20 | 2018-11-20 | Quantum key wireless distribution method and system for terminal equipment secret communication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109525390A CN109525390A (en) | 2019-03-26 |
| CN109525390B true CN109525390B (en) | 2021-08-24 |
Family
ID=65776695
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811383187.2A Active CN109525390B (en) | 2018-11-20 | 2018-11-20 | Quantum key wireless distribution method and system for terminal equipment secret communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109525390B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10735189B2 (en) | 2019-07-01 | 2020-08-04 | Alibaba Group Holding Limited | Data exchange for multi-party computation |
| CN110460435B (en) * | 2019-07-01 | 2021-01-01 | 创新先进技术有限公司 | Data interaction method and device, server and electronic equipment |
| CN112187449B (en) * | 2019-07-01 | 2022-03-08 | 北京国盾量子信息技术有限公司 | Quantum database query method, encryption and decryption method and system |
| CN110490051A (en) * | 2019-07-03 | 2019-11-22 | 武汉虹识技术有限公司 | Iris authentication system and method |
| CN117527232A (en) * | 2019-08-07 | 2024-02-06 | 科大国盾量子技术股份有限公司 | Key distribution method, device and equipment |
| CN110535637A (en) * | 2019-08-15 | 2019-12-03 | 国网安徽省电力有限公司信息通信分公司 | A kind of the wireless dispatch method, apparatus and system of quantum key |
| CN112468287B (en) * | 2019-09-09 | 2022-02-22 | 科大国盾量子技术股份有限公司 | Key distribution method, system, mobile terminal and wearable device |
| CN110808834B (en) * | 2019-11-15 | 2022-05-27 | 中国联合网络通信集团有限公司 | Quantum key distribution method and quantum key distribution system |
| CN111865590B (en) * | 2020-08-28 | 2023-07-14 | 国科量子通信网络有限公司 | Working key distribution system based on quantum secret communication technology in financial field and application method thereof |
| CN114070555A (en) * | 2021-11-12 | 2022-02-18 | 江苏亨通问天量子信息研究院有限公司 | Quantum key distribution method and computer-readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104918243A (en) * | 2015-06-15 | 2015-09-16 | 上海交通大学 | Mobile terminal secrecy system and method based on quantum true random number |
| CN105471576A (en) * | 2015-12-28 | 2016-04-06 | 科大国盾量子技术股份有限公司 | Quantum key relaying method, quantum terminal nodes and quantum key relaying system |
| CN106209363A (en) * | 2016-08-26 | 2016-12-07 | 安徽问天量子科技股份有限公司 | Quantum key distribution system based on quantum true random number and method |
| CN107094076A (en) * | 2017-04-14 | 2017-08-25 | 江苏亨通问天量子信息研究院有限公司 | Secret communication method and communication system based on quantum true random number |
Family Cites Families (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10560265B2 (en) * | 2013-06-08 | 2020-02-11 | Quantumctek Co., Ltd. | Mobile secret communications method based on quantum key distribution network |
| CN104243143B (en) * | 2013-06-08 | 2017-03-29 | 科大国盾量子技术股份有限公司 | A kind of mobile secret communication method based on quantum key distribution network |
| CN105553648B (en) * | 2014-10-30 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Quantum key distribution, privacy amplification and data transmission method, apparatus and system |
| CN106209358B (en) * | 2016-07-12 | 2019-03-12 | 黑龙江大学 | A kind of realization system and method for the SM4 key schedule based on long key |
| JP2018033079A (en) * | 2016-08-26 | 2018-03-01 | 株式会社東芝 | Communication device, communication system and communication method |
| CN106357396B (en) * | 2016-09-23 | 2019-11-12 | 浙江神州量子网络科技有限公司 | Digital signature method and system and quantum key card |
| CN106453318A (en) * | 2016-10-14 | 2017-02-22 | 北京握奇智能科技有限公司 | Data transmission system and method based on security module |
| CN108347404B (en) * | 2017-01-24 | 2021-10-26 | 中国移动通信有限公司研究院 | Identity authentication method and device |
| CN106878015A (en) * | 2017-04-14 | 2017-06-20 | 江苏亨通问天量子信息研究院有限公司 | Encryption satellite communication system and method |
| CN107888376B (en) * | 2017-10-23 | 2020-08-11 | 浙江神州量子网络科技有限公司 | NFC authentication system based on quantum communication network |
| CN108632042A (en) * | 2018-03-20 | 2018-10-09 | 如般量子科技有限公司 | A kind of class AKA identity authorization systems and method based on pool of symmetric keys |
| CN108694580B (en) * | 2018-04-23 | 2021-11-02 | 三峡大学 | Payment system and method based on quantum encryption |
| CN108696353A (en) * | 2018-05-30 | 2018-10-23 | 厦门科华恒盛股份有限公司 | A kind of distribution method of quantum key and system, service station |
-
2018
- 2018-11-20 CN CN201811383187.2A patent/CN109525390B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104918243A (en) * | 2015-06-15 | 2015-09-16 | 上海交通大学 | Mobile terminal secrecy system and method based on quantum true random number |
| CN105471576A (en) * | 2015-12-28 | 2016-04-06 | 科大国盾量子技术股份有限公司 | Quantum key relaying method, quantum terminal nodes and quantum key relaying system |
| CN106209363A (en) * | 2016-08-26 | 2016-12-07 | 安徽问天量子科技股份有限公司 | Quantum key distribution system based on quantum true random number and method |
| CN107094076A (en) * | 2017-04-14 | 2017-08-25 | 江苏亨通问天量子信息研究院有限公司 | Secret communication method and communication system based on quantum true random number |
Non-Patent Citations (1)
| Title |
|---|
| "Quantum cryptography";Dag Roar Hjelme;《arXiv preprint arXiv:1108.1718》;20111231;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109525390A (en) | 2019-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109525390B (en) | Quantum key wireless distribution method and system for terminal equipment secret communication | |
| CN109495274B (en) | Decentralized intelligent lock electronic key distribution method and system | |
| US20050154896A1 (en) | Data communication security arrangement and method | |
| EP3644548B1 (en) | Key exchange system and key exchange method | |
| CN106227503A (en) | Safety chip COS firmware update, service end, terminal and system | |
| CN107733654B (en) | Intelligent equipment firmware updating and official user certificate distribution method based on combined key | |
| TW201541923A (en) | Method and apparatus for cloud-assisted cryptography | |
| US11870891B2 (en) | Certificateless public key encryption using pairings | |
| CN105245328A (en) | User and file key generation and management method based on third party | |
| US11831753B2 (en) | Secure distributed key management system | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN109544747A (en) | Encryption key update method, system and the computer storage medium of intelligent door lock | |
| CN101296086A (en) | Method, system and device for access authentication | |
| CN105142134A (en) | Parameter obtaining and transmission methods/devices | |
| CN103117850B (en) | A kind of method for building up of the cryptographic system based on random sequence database | |
| CN210955077U (en) | Bus encryption and decryption device based on state cryptographic algorithm and PUF | |
| CN104660631A (en) | Photo backup method, device and system and mobile terminal | |
| CN110212991B (en) | Quantum wireless network communication system | |
| CN105554008A (en) | User terminal, authentication server, middle server, system and transmission method | |
| CN106953917B (en) | Method of data synchronization and system | |
| CN103856938A (en) | Encryption and decryption method, system and device | |
| CN117041956A (en) | Communication authentication method, device, computer equipment and storage medium | |
| CN116208330A (en) | Industrial Internet cloud-edge cooperative data secure transmission method and system based on quantum encryption | |
| US20160359620A1 (en) | Method and system for remotely keyed encrypting/decrypting data with prior checking a token | |
| CN115967790A (en) | Monitoring system and monitoring data encryption transmission method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |