CN109842442A - It is a kind of using airport as the quantum key service network and method of regional center - Google Patents
It is a kind of using airport as the quantum key service network and method of regional center Download PDFInfo
- Publication number
- CN109842442A CN109842442A CN201711199553.4A CN201711199553A CN109842442A CN 109842442 A CN109842442 A CN 109842442A CN 201711199553 A CN201711199553 A CN 201711199553A CN 109842442 A CN109842442 A CN 109842442A
- Authority
- CN
- China
- Prior art keywords
- quantum
- key
- node
- service
- airport
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a kind of using airport as the quantum key service network and method of regional center, mainly solves the technology and expense problem of establishment scale quantum communication network;Inventive network includes the exit passageway between the airport quantum communications subnet of multiple star topologies and airport quantum communications subnet;The method of the present invention is to distribute shared key by exit passageway between different airport quantum central nodes;Quantum key is shared by QKD system link negotiation between quantum central node and quantum service node;Pass through quantum key service network center online negotiation session key between application terminal.Inventive network can promote the safety of the operation systems network such as airfield communication, control and monitoring, the injection service of quantum key flow can be provided again convenient for high-end travel for commercial purpose personage, with better services efficiency and access, there is superior technique feasibility and cost performance;There is broad prospect of application in network safety filed.
Description
Technical field
It the present invention relates to the use of quantum communication network and internet carry out the technical field of quantum key service, more particularly to
It is a kind of using airport as the quantum key service network and method of regional center.
Background technique
Quantum key distribution (QKD) is the novel method that the key distribution of safety is carried out by quantum channel.QKD is based on amount
Sub- state can not the principle of quantum mechanics such as perfect clone, can be realized the quantum key distribution of unconditional security.But due to QKD
Network needs dedicated fiber channel, and not landing Quantum repeater technology and quantum routing, there are technical difficulty, complex topology structures
Quantum network laying and maintenance be all difficult, and involve great expense.In fact, the core function of quantum communication network be for
Family provides quantum key service, and it is convenient and quick to have service using the network for having the advantages that center, and meets national network
Security management and control strategy is conducive to country, the control of enterprise and mechanism to sensitive information.Under the conditions of current technology, using fly
Machine, which carries out remote delivery service, has higher cost performance and efficiency, and constructing quantum key service network centered on airport can
The safety of airport business network is promoted, and quantum key access service can be provided convenient for high-end travel for commercial purpose personage.With
Airport is that the quantum key service network platform in the regional center building covering whole nation has good technical feasibility and wide
Application market.
Summary of the invention
In order to overcome the technical problem of establishment scale quantum communication network and realize safe and efficient and high performance-price ratio quantum
Cipher key service, the present invention provides a kind of using airport as the quantum key service network of regional center, which is characterized in that including but
The exit passageway being not limited between one or more airport quantum communications subnets and airport quantum communications subnet;Wherein, the machine
Field quantum communication subnet includes but is not limited to a quantum central node, multiple quantum service nodes, connects quantum central node
With the quantum fiber channel and public communication network of quantum service node;The quantum central node is including but not limited to multiple
The transmitting terminal of QKD system or/and receiving end (can be switched over by matrix optical switch between multichannel, be sent with reaching multiplexing
The purpose at end or receiving end), quantum random number generator module, password management services (different business networks can be directed to
Multiple password management services of mutual logic isolation are set), quantum key storage server (different service networks can be directed to
Multiple quantum key storage servers of mutual logic isolation are arranged in network), the mobile dress of one or more quantum key secure storage
Set the optical transceiver module with fiber optic communication;The quantum service node includes but is not limited to the reception of one or more QKD systems
End or/and transmitting terminal (forming one or more QKD systems with the transmitting terminal of quantum central node or receiving end), quantum random number
Generator module, quantum key storage server, quantum key are served by the optical transceiver module of interface and fiber optic communication;Quantum
Service node is served by interface by quantum key and provides registration service or the injection service of quantum key flow for application terminal
And create service relation list;The unified quantum key service network service centre of the whole network (note is constructed based on quantum central node
For QKSC);Amount associated by the request of QKSC real-time response application terminal and the application terminal according to service relation list lookup
Subcenter node, and specifying the quantum central node is that session key is distributed in application terminal;The optical transceiver module of fiber optic communication
For the classical data communication between quantum central node and quantum service node and synchronised clock is provided for QKD system.
In order to realize above-mentioned network function, the dispositions method of airport quantum communications subnet includes but is not limited to:
The deployed position of (2-1) quantum central node includes but is not limited to the control center of airport business network;
The deployed position of (2-2) quantum service node includes but is not limited to the control computer room of airport business network, airport service network
The router of network and the network service point in vpn gateway computer room, boarding lounge, aircraft anchor point, high-speed rail station business network computer room, enterprise
(wherein, the quantum service node of high-speed rail station business network computer room can be high-speed rail station business to the business network computer room of industry and mechanism
The application terminal of network and passenger's mobile application terminal provide quantum key service, and the business network computer room of enterprise and mechanism can be with
Quantum key service is provided for the application terminal and other application terminal of the business network of enterprise and mechanism);
It is laid with quantum communications optical fiber between (2-3) quantum central node and each quantum service node or is multiplexed the light being laid with
Fine route;A QKD link is at least formed between each quantum service node and quantum central node, is formed with quantum center
Star network centered on node.
Further, the exit passageway in the network between airport quantum communications subnet includes but is not limited to offline channel
With quantum satellite channel, wherein the described offline channel (3-1) are as follows: the quantum central node utilization of airport quantum communications subnet
Sub- randomizer module prepares a certain amount of quantum random number and increases key identification, then quantum random number and key
Mark is encrypted together (for example, the root key shared in advance with another quantum central node and a stochastic variable is utilized to carry out
The result obtained after XOR operation is encrypted as working key;When decryption, first with public network channel the random change
Amount tells another quantum central node, after root key and the stochastic variable are carried out XOR operation by another quantum central node
Obtained result is decrypted as working key), quantum key secure storage mobile device is injected by secured fashion;It is described
Quantum key secure storage mobile device is sent to the amount of another airport and Safety Injection airport quantum communications subnet by aircraft
The quantum central node of subcenter node, the airport quantum communications subnet is decrypted and shares the quantum random number and key mark
Know;(3-2) described quantum satellite channel are as follows: the QKD channel between utilization subsatellite and earth station is the negotiation of Liang Ge earth station
Then shared quantum key recycles the quantum key point between earth station and the quantum central node of airport quantum communications subnet
Link is sent out the shared quantum key distribution to the quantum central node of airport quantum communications subnet.
Further, the function of the password management services used in the network includes but is not limited to deposit to quantum key
Storage and application carry out safety management, carry out encryption and decryption to quantum key agreement protocol interaction data, on public communication network
The data of transmission carry out encryption and decryption.
Further, the function of the quantum random number generator module used in the network includes but is not limited to according to being
System demand generate quantum random number, the quantum random number is carried out Randomness test, to by the quantum of Randomness test with
Machine number is split, and is formed sub-key and is created key identification, carries out secure storage to sub-key and key identification.
Further, the method that the network provides registration service for application terminal includes but is not limited to: (6-1) user to
Quantum service node application network registration, quantum service node acquire the biological attribute data of user using the application terminal of user
(biological characteristic includes but is not limited to fingerprint, vein pattern, iris and face characteristic), quantum service node are the application of user
Unique user identification number and root key RK in terminal distribution net, and secure storage (including but not limited to encryption storage) arrives user
Application terminal or permanent storage media in;(6-2) quantum service node the biological attribute data of user, user identification number and
Root key encryption is sent to quantum central node.
In order to provide quantum key service towards scale user using the network, the present invention also provides one kind with airport
For the quantum key method of servicing of regional center, it is characterised in that: the quantum centromere of (7-1) difference airport quantum communications subnet
Shared key is distributed by exit passageway between point, that is, is generated by a quantum central node and is transmitted to by exit passageway
Another quantum central node;Pass through between the quantum central node and quantum service node of (7-2) airport quantum communications subnet
Quantum key is shared in QKD system link negotiation;Shared session cipher negotiating method between the application terminal (7-3) includes but unlimited
In: (7-3-1) quantum service node is served by the application terminal that interface is airport business network by quantum key and (is denoted as
AT) provide the method for service: quantum central node plans the shared key (being denoted as Key_CT) between quantum central node and AT
Simultaneously key identification is respectively created in intercommunication key (being denoted as Key_TT) between different AT;Quantum central node is used to be taken with quantum
Shared quantum key between business node encrypts Key_CT and Key_TT and is sent to each quantum service node, quantum service section
Point according to key identification by safe interface after decryption Key_CT and Key_TT be injected separately into corresponding application terminal;
It is the mobile application end other than the business network of airport that (7-3-2) quantum service node, which is served by interface by quantum key,
Hold (being denoted as MT) to provide the method for service: quantum service node provides registration service according to MT application and quantum key flow injects
Service, and create service relation list;Service relation list encryption is sent to quantum central node, quantum by quantum service node
Central node is service relation list synchronization to QKSC;QKSC provides quantum key clothes according to the service relation list for MT
Business, that is, when two application terminals MT_A and MT_B need shared quantum key, shared quantum of the MT_A to QKSC request and MT_B
Key, QKSC search quantum central node associated by MT_A and MT_B, if quantum centromere associated by MT_A and MT_B
Point is identical, then, QKSC specifies the quantum central node to generate a session key, and the quantum central node is utilized respectively
The session key is encrypted with a sub-key of the MT_A and MT_B quantum key flow shared and issues MT_A and MT_B
If (the quantum key flow of MT_A and MT_B are all stored in quantum service node A and quantum service node B, the quantum
It is close that the shared quantum key that central node is utilized respectively between quantum service node A and quantum service node B encrypts the session
Key, and it is respectively issued to quantum service node A and quantum service node B, quantum service node A and quantum service node B is solved respectively
Close and obtain the session key, then quantum service node A and quantum service node B is utilized respectively total with MT_A and MT_B again
One sub-key of the quantum key flow enjoyed encrypts the session key and issues MT_A and MT_B), MT_A and MT_B difference
It decrypts and obtains shared session key;If quantum central node associated by MT_A and MT_B is quantum central node A respectively
With quantum central node B, then, a QKSC specified amount subcenter node A selection quantum shared with quantum central node B is close
Key is utilized respectively the quantum key shared with MT_A and MT_B as session key, quantum central node A and quantum central node B
If a sub-key of flow encrypts the session key and issues the quantum key flow of MT_A and MT_B(MT_A and MT_B
All be stored in quantum service node A and quantum service node B, then quantum central node A and quantum central node B be utilized respectively with
Shared quantum key between quantum service node A and quantum service node B encrypts the session key, and is respectively issued to quantum clothes
Business node A and quantum service node B, quantum service node A and quantum service node B decrypt respectively and obtain the session key,
Then quantum service node A and quantum service node B is utilized respectively quantum key flow shared with MT_A and MT_B again
One sub-key encrypts the session key and issues MT_A and MT_B), MT_A and MT_B are decrypted respectively and are obtained shared session
Key;Identical strategy is respectively adopted to used quantum key in quantum central node, quantum service node and application terminal
Flow, quantum key and session key carry out safety deleting processing.
Further, the information that the service relation list in the method is included includes but is not limited to the body of application terminal
Part mark, the key identification of quantum key flow, quantum service node and quantum central node associated by application terminal net
Network address mark;The information that the key identification is included includes but is not limited to generate the quantum service node institute of key data
In the ID of network, key data number, key data length and integrity check information.
Further, the network further includes that the quantum key secure storage mobile device has secure storage medium
The output of (including but not limited to secure storage medium includes but is not limited to system storage, safe U disc and SD cipher card), data is protected
(including but not limited to quantum key reads counter to protection unit, and corresponding data will be by after data are read or are illegally exported
Delete, the data surplus that real-time display is not read or is illegally exported by counter), the protective device of secure storage medium
(including but not limited to numerical ciphers case).
Further, the data enciphering/deciphering in the method includes but is not limited to use one-time pad Encryption Algorithm sum number
According to Encryption Standard algorithm;The enciphering/deciphering of the one-time pad Encryption Algorithm be using quantum key directly with plain/cipher text data
It carries out XOR operation and realizes enciphering/deciphering;The enciphering/deciphering of the data encryption standard algorithm is using identical quantum key conduct
The enciphering/deciphering operation of working key.
Compared with prior art, the present invention has following significant technical advantage:
(1) business networks such as airfield communication, control and monitoring can be promoted by quantum key service network being constructed centered on airport
Safety, and can convenient for high-end travel for commercial purpose personage provide quantum key flow injection service;(2) using airport as region
The quantum key service network platform in the center construction covering whole nation has superior technique feasibility and cost performance;(3) based on system
One quantum key service platform can promote the flexibility and efficiency of quantum key service.
Detailed description of the invention
Fig. 1 is the topological structure and service cut-in method schematic diagram of quantum communications subnet in airport of the invention;
Fig. 2 is the QKD system dispositions method schematic diagram of quantum communications subnet in airport of the invention;
Fig. 3 is of the invention using airport as the topological structure and application schematic diagram of the quantum key service network of regional center.
Specific embodiment
To keep technical solution of the present invention and advantage clearer, as a part of the invention, below in conjunction with attached drawing and
Specific embodiment, the present invention is described in further detail, and embodiments of the present invention include but is not limited to the following example.
It encrypts and decrypts with uniformity involved in the present invention program, that is, some key and Encryption Algorithm is selected to encrypt
Some data obtains a ciphertext, and when decryption must select corresponding key and decipherment algorithm that could decrypt the ciphertext;For adopting
Quantum key is directlyed adopt with the enciphering/deciphering of one-time pad Encryption Algorithm and plain/cipher text data carry out XOR operation;For adopting
With the enciphering/deciphering of data encryption standard algorithm, first it is multiple working keys of cryptographic algorithm shared quantum key layout, adopts
Enciphering/deciphering operation is carried out to data with the working key, and promotes the replacement frequency of the working key.
Communication channel involved in the present invention program includes: that aircraft transfer mode is utilized between airport quantum communications subnet
Or the exit passageway that quantum communications satellite mode is formed;Quantum key distribution between quantum central node and quantum service node
Cordless communication network channel between channel and public communication network channel (including wired and wireless network), application terminal is answered
With the cordless communication network channel between terminal and quantum key service network center;Wherein, in addition to quantum key distribution needs
It occupies other than quantum channel, other network communication processes all use traditional public communication network.
Application terminal (or mobile application terminal) in the present invention program includes but is not limited to smart phone and portable communication
Terminal etc., application terminal are configured to permanent memory, SD cipher card and the flash card of storage key data;Application terminal has
The hardware module for supporting wireless network access ability, has the processor of enough computing capabilitys, can carry out data encrypting and deciphering
Processing, can operate normally the client software of quantum key service network application system, and can be based on cordless communication network
The server software of (such as 4G network) and quantum key service network application system carries out data interaction;When application terminal institute
After the quantum key flow of acquisition is finished, application terminal can to any one quantum service node application quantum key flow,
If application terminal application obtains shared quantum key flow from non-primary registration quantum service node, non-primary registration
Quantum service node needs to establish new service relation list after providing shared quantum key flow for application terminal.
The data for needing secure storage (including but not limited to encryption storage) involved in the method for the present invention mainly include
But it is not limited to: quantum key flow, the quantum service section of quantum key, the generation of quantum service node that quantum central node generates
The registration information and service relation list for the application terminal that point is collected.
Fig. 1 is the topological structure and service cut-in method schematic diagram of quantum communications subnet in airport of the invention, airport amount
Sub- communication subnet is by a quantum central node (BJ_A) and 16 quantum service nodes (A1, A2 ..., A16) one star of composition
The network of shape topological structure;Wherein, the QKD system deployment way of the airport quantum communications subnet is as shown in Fig. 2, quantum centromere
The receiving end (R1, R2 ..., R8) that point connects 8 QKD systems by 8 ports of two 4 × 8 matrix optical switch passes through two
Other 16 ports of a 4 × 8 matrix optical switch connect the QKD system of 16 quantum service nodes transmitting terminal (S1,
S2 ..., S16);R1, R2, R3 and R4 by matrix optical switch can simultaneously with S1, S2 ..., 4 formation QKD links in S8,
R5, R6, R7 and R8 by matrix optical switch can simultaneously with S9, S10 ..., 4 formation QKD links in S16;Quantum center
Quantum random number generator (QRNG) in node configures Safety output interface P0;Each quantum service node configure QRNG and
2 application interfaces API1 and API2(API1 are that quantum service node for the application terminal of airport business network provides connecing for service
Mouthful, API2 is that quantum service node for the mobile application terminal other than the business network of airport provides the interface of service).
It is of the invention using airport as the topological structure of the quantum key service network of regional center and application schematic diagram such as Fig. 3
Shown, including but not limited to airport quantum communications subnet BJ_A, SH_B, CD_B and the GZ_A on 4 airports, wherein airport is measured
Shared quantum key between sub- communication subnet passes through airline carriers of passengers delivering (ratio by means of quantum key secure storage mobile device
Such as, the quantum key for delivering 1TB once a day was used for second day, was equivalent to more than the quantum-key distribution rate of 10MB/s,
The rate is 1000 times of the quantum-key distribution rate (being less than 10KB/s) of current " Beijing-Shanghai quantum main line ";And airline carriers of passengers is passed
The 1TB quantum key expense sent be " Beijing-Shanghai quantum main line " online distribution 1TB quantum key expense 1 percent in addition thousand points
One of);Application terminal U and V are close by the acquisition online negotiation session of quantum key service network center using method of the invention
The service of key.
Based on of the invention a kind of structure is equally applicable to by the quantum key service network of regional center and method of airport
It builds using city, post or other geographical coordinates as the quantum key service network of Regional service center, for only " in region
The heart " or defining for " Regional service center " have differences and belong to protection model of the invention without the different situation of other essence
It encloses.
Claims (10)
1. a kind of using airport as the quantum key service network of regional center, which is characterized in that include but is not limited to one or more
Exit passageway between a airport quantum communications subnet and airport quantum communications subnet;Wherein,
The airport quantum communications subnet includes but is not limited to a quantum central node, multiple quantum service nodes, connection amount
The quantum fiber channel and public communication network of subcenter node and quantum service node;
The quantum central node includes but is not limited to that the transmitting terminal of multiple QKD systems or/and receiving end, quantum random number occur
Device module, password management services, quantum key storage server, one or more quantum key secure storage mobile device and
The optical transceiver module of fiber optic communication;
The receiving end of the including but not limited to one or more QKD systems of the quantum service node or/and transmitting terminal, quantum are random
Number generator module, quantum key storage server, quantum key are served by the optical transceiver module of interface and fiber optic communication;Amount
Sub-services node is served by interface by quantum key and provides registration service or quantum key flow injection clothes for application terminal
It is engaged in and creates service relation list;
The unified quantum key service network service centre (being denoted as QKSC) of the whole network is constructed based on quantum central node;QKSC is real-time
Quantum central node associated by response application terminal request and the application terminal according to service relation list lookup, and specify
The quantum central node is application terminal consult session key;
The optical transceiver module of fiber optic communication is for the data communication between quantum central node and quantum service node and is QKD system
System provides synchronised clock.
2. system according to claim 1, which is characterized in that the dispositions method of the airport quantum communications subnet include but
It is not limited to:
The deployed position of (2-1) quantum central node includes but is not limited to the control center of airport business network;
The deployed position of (2-2) quantum service node includes but is not limited to the control computer room of airport business network, airport service network
The router of network and the network service point in vpn gateway computer room, boarding lounge, aircraft anchor point, high-speed rail station business network computer room, enterprise
The business network computer room of industry and mechanism;
It is laid with quantum communications optical fiber between (2-3) quantum central node and each quantum service node or is multiplexed the light being laid with
Fine route;A QKD link is at least formed between each quantum service node and quantum central node, is formed with quantum center
Star network centered on node.
3. system according to claim 1, which is characterized in that the exit passageway between airport quantum communications subnet include but
It is not limited to offline channel and quantum satellite channel, wherein
Described offline channel (3-1) are as follows: the quantum central node of airport quantum communications subnet utilizes quantum random number generator mould
Block prepares a certain amount of quantum random number and increases key identification, and then quantum random number and key identification are encrypted together, leads to
Cross secured fashion injection quantum key secure storage mobile device;The quantum key secure storage mobile device is sent to by aircraft
The quantum central node of target airport and Safety Injection target machine field quantum communication subnet, the amount of target machine field quantum communication subnet
Subcenter node decryption simultaneously shares the quantum random number and key identification;
(3-2) described quantum satellite channel are as follows: the QKD channel between utilization subsatellite and earth station is the negotiation of Liang Ge earth station
Then shared quantum key recycles the quantum key point between earth station and the quantum central node of airport quantum communications subnet
Link is sent out the shared quantum key distribution to the quantum central node of airport quantum communications subnet.
4. system according to claim 1, which is characterized in that the function of the password management services includes but is not limited to
Quantum key is stored and application carries out safety management, carries out encryption and decryption to quantum key agreement protocol interaction data, in public affairs
The data of transmitted over communications networks carry out encryption and decryption altogether.
5. system according to claim 1, which is characterized in that the function of the quantum random number generator module include but
It is not limited to generate quantum random number according to system requirements, carries out Randomness test to the quantum random number, to passing through randomness
The quantum random number of test is split, and is formed sub-key and is created key identification, carries out safety to sub-key and key identification
Storage.
6. system according to claim 1, which is characterized in that the registration service includes but is not limited to:
(6-1) quantum service node applies for offer network registration service according to user, and quantum service node utilizes the application of user
(biological characteristic includes but is not limited to that fingerprint, vein pattern, iris and face are special to the biological attribute data of terminal acquisition user
Sign), quantum service node is that interior unique user identification number and root key RK, and secure storage are netted in the application terminal distribution of user
Into the application terminal of user or permanent storage media;
(6-2) quantum service node is sent to the biological attribute data of user, user identification number and root key encryption in quantum
Heart node.
7. a kind of using airport as the quantum key method of servicing of regional center, it is characterised in that:
Shared quantum key is distributed by exit passageway between the quantum central node of (7-1) difference airport quantum communications subnet,
Another quantum central node is transmitted to that is, being generated by a quantum central node and passing through exit passageway;
Pass through QKD system link negotiation between the quantum central node and quantum service node of (7-2) airport quantum communications subnet
Shared quantum key;
Shared session cipher negotiating method between the application terminal (7-3) includes but is not limited to:
(7-3-1) quantum service node is served by the application terminal that interface is airport business network by quantum key and (is denoted as
AT) provide the method for service: quantum central node plans the shared key (being denoted as Key_CT) between quantum central node and AT
Simultaneously key identification is respectively created in intercommunication key (being denoted as Key_TT) between different AT;Quantum central node is used to be taken with quantum
Shared quantum key between business node encrypts Key_CT and Key_TT and is sent to each quantum service node, quantum service section
Point according to key identification by safe interface after decryption Key_CT and Key_TT be injected separately into corresponding application terminal;
It is the mobile application end other than the business network of airport that (7-3-2) quantum service node, which is served by interface by quantum key,
Hold (being denoted as MT) to provide the method for service: quantum service node provides registration service according to MT application and quantum key flow injects
Service, and create service relation list;Service relation list encryption is sent to quantum central node, quantum by quantum service node
Central node is service relation list synchronization to QKSC;QKSC provides quantum key clothes according to the service relation list for MT
Business, that is, when two application terminals MT_A and MT_B need shared quantum key, shared quantum of the MT_A to QKSC request and MT_B
Key, QKSC search quantum central node associated by MT_A and MT_B, if quantum centromere associated by MT_A and MT_B
Point is identical, then, QKSC specifies the quantum central node to generate a session key, and the quantum central node is utilized respectively
The session key is encrypted with a sub-key of the MT_A and MT_B quantum key flow shared and issues MT_A and MT_B
If (the quantum key flow of MT_A and MT_B are all stored in quantum service node A and quantum service node B, the quantum
It is close that the shared quantum key that central node is utilized respectively between quantum service node A and quantum service node B encrypts the session
Key, and it is respectively issued to quantum service node A and quantum service node B, quantum service node A and quantum service node B is solved respectively
Close and obtain the session key, then quantum service node A and quantum service node B is utilized respectively total with MT_A and MT_B again
One sub-key of the quantum key flow enjoyed encrypts the session key and issues MT_A and MT_B), MT_A and MT_B difference
It decrypts and obtains shared session key;If quantum central node associated by MT_A and MT_B is quantum central node A respectively
With quantum central node B, then, a QKSC specified amount subcenter node A selection quantum shared with quantum central node B is close
Key is utilized respectively the quantum key shared with MT_A and MT_B as session key, quantum central node A and quantum central node B
If a sub-key of flow encrypts the session key and issues the quantum key flow of MT_A and MT_B(MT_A and MT_B
All be stored in quantum service node A and quantum service node B, then quantum central node A and quantum central node B be utilized respectively with
Shared quantum key between quantum service node A and quantum service node B encrypts the session key, and is respectively issued to quantum clothes
Business node A and quantum service node B, quantum service node A and quantum service node B decrypt respectively and obtain the session key,
Then quantum service node A and quantum service node B is utilized respectively quantum key flow shared with MT_A and MT_B again
One sub-key encrypts the session key and issues MT_A and MT_B), MT_A and MT_B are decrypted respectively and are obtained shared session
Key;Identical strategy is respectively adopted to used quantum key in quantum central node, quantum service node and application terminal
Flow, quantum key and session key carry out safety deleting processing.
8. system according to claim 1, which is characterized in that
The information that the service relation list is included includes but is not limited to the identity of application terminal, quantum key flow
The network address of quantum service node associated by key identification, application terminal and quantum central node identifies;
The information that the key identification is included includes but is not limited to generate network where the quantum service node of key data
ID, key data number, key data length and integrity check information.
9. system according to claim 1, which is characterized in that the quantum key secure storage mobile device has safety
Storage medium (including but not limited to secure storage medium includes but is not limited to system storage, safe U disc and SD cipher card), number
According to output protecting device, (including but not limited to quantum key reads counter, and data are corresponding after being read or illegally being exported
Data will be deleted, the data surplus that real-time display is not read or is illegally exported by counter), the guarantor of secure storage medium
Protection unit (including but not limited to numerical ciphers case).
10. according to the method described in claim 7, it is characterized by:
The data enciphering/deciphering includes but is not limited to use one-time pad Encryption Algorithm and data encryption standard algorithm;Described one
The enciphering/deciphering of a secondary close Encryption Algorithm is directly to carry out XOR operation realization plus/solution with plain/cipher text data using quantum key
It is close;The enciphering/deciphering of the data encryption standard algorithm is that the enciphering/deciphering using identical quantum key as working key is transported
It calculates.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711199553.4A CN109842442B (en) | 2017-11-26 | 2017-11-26 | Quantum key service method taking airport as regional center |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711199553.4A CN109842442B (en) | 2017-11-26 | 2017-11-26 | Quantum key service method taking airport as regional center |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109842442A true CN109842442A (en) | 2019-06-04 |
| CN109842442B CN109842442B (en) | 2020-07-28 |
Family
ID=66878887
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711199553.4A Active CN109842442B (en) | 2017-11-26 | 2017-11-26 | Quantum key service method taking airport as regional center |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109842442B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111934871A (en) * | 2020-09-23 | 2020-11-13 | 南京易科腾信息技术有限公司 | Quantum key management service core network, system and quantum key negotiation method |
| CN114513781A (en) * | 2022-02-11 | 2022-05-17 | 青岛民航空管实业发展有限公司 | Identity authentication method and data encryption and decryption method for air traffic control intelligent station |
| CN114553418A (en) * | 2022-03-24 | 2022-05-27 | 中国电信股份有限公司 | Service method, device, system and terminal |
| CN116089989A (en) * | 2023-04-10 | 2023-05-09 | 广东广宇科技发展有限公司 | Data iterative encryption processing method for offline data terminal |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7103185B1 (en) * | 1999-12-22 | 2006-09-05 | Cisco Technology, Inc. | Method and apparatus for distributing and updating private keys of multicast group managers using directory replication |
| EP2003812A2 (en) * | 2007-06-11 | 2008-12-17 | NEC Corporation | Method and device for managing cryptographic keys in secret communications network |
| CN101627575A (en) * | 2006-12-21 | 2010-01-13 | 维里逊服务运作有限公司 | Large scale quantum cryptographic key distribution network |
| CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
| CN102916806A (en) * | 2011-08-05 | 2013-02-06 | 塞莱斯系统集成公司 | Cryptographic key distribution system |
| US20130083926A1 (en) * | 2011-09-30 | 2013-04-04 | Los Alamos National Security, Llc | Quantum key management |
| CN105357000A (en) * | 2015-12-10 | 2016-02-24 | 安徽问天量子科技股份有限公司 | Quantum secrete key distribution method and system based on low-altitude aircraft, communication network, and communication method |
| CN106507344A (en) * | 2016-09-23 | 2017-03-15 | 浙江神州量子网络科技有限公司 | Quantum communication system and its communication means |
| CN106792677A (en) * | 2017-03-28 | 2017-05-31 | 浙江神州量子网络科技有限公司 | A kind of authentication method and Verification System of mobile terminal binding pertinent service |
| CN107094076A (en) * | 2017-04-14 | 2017-08-25 | 江苏亨通问天量子信息研究院有限公司 | Secret communication method and communication system based on quantum true random number |
-
2017
- 2017-11-26 CN CN201711199553.4A patent/CN109842442B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7103185B1 (en) * | 1999-12-22 | 2006-09-05 | Cisco Technology, Inc. | Method and apparatus for distributing and updating private keys of multicast group managers using directory replication |
| CN101627575A (en) * | 2006-12-21 | 2010-01-13 | 维里逊服务运作有限公司 | Large scale quantum cryptographic key distribution network |
| EP2003812A2 (en) * | 2007-06-11 | 2008-12-17 | NEC Corporation | Method and device for managing cryptographic keys in secret communications network |
| CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
| CN102916806A (en) * | 2011-08-05 | 2013-02-06 | 塞莱斯系统集成公司 | Cryptographic key distribution system |
| US20130083926A1 (en) * | 2011-09-30 | 2013-04-04 | Los Alamos National Security, Llc | Quantum key management |
| CN105357000A (en) * | 2015-12-10 | 2016-02-24 | 安徽问天量子科技股份有限公司 | Quantum secrete key distribution method and system based on low-altitude aircraft, communication network, and communication method |
| CN106507344A (en) * | 2016-09-23 | 2017-03-15 | 浙江神州量子网络科技有限公司 | Quantum communication system and its communication means |
| CN106792677A (en) * | 2017-03-28 | 2017-05-31 | 浙江神州量子网络科技有限公司 | A kind of authentication method and Verification System of mobile terminal binding pertinent service |
| CN107094076A (en) * | 2017-04-14 | 2017-08-25 | 江苏亨通问天量子信息研究院有限公司 | Secret communication method and communication system based on quantum true random number |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111934871A (en) * | 2020-09-23 | 2020-11-13 | 南京易科腾信息技术有限公司 | Quantum key management service core network, system and quantum key negotiation method |
| CN114513781A (en) * | 2022-02-11 | 2022-05-17 | 青岛民航空管实业发展有限公司 | Identity authentication method and data encryption and decryption method for air traffic control intelligent station |
| CN114553418A (en) * | 2022-03-24 | 2022-05-27 | 中国电信股份有限公司 | Service method, device, system and terminal |
| CN116089989A (en) * | 2023-04-10 | 2023-05-09 | 广东广宇科技发展有限公司 | Data iterative encryption processing method for offline data terminal |
| CN116089989B (en) * | 2023-04-10 | 2023-08-01 | 广东广宇科技发展有限公司 | Data iterative encryption processing method for offline data terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109842442B (en) | 2020-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109842485B (en) | Centralized quantum key service network system | |
| CN103490891B (en) | Key updating and the method for use in a kind of electrical network SSL VPN | |
| CN103491531B (en) | Power system WiMAX wireless communication networks uses the method that quantum key improves power information transmission security | |
| CN109995513B (en) | Low-delay quantum key mobile service method | |
| CN103763099B (en) | Electric power security communication network based on quantum key distribution technology | |
| US9680642B2 (en) | Quantum cryptography service network implementation structure | |
| CN109842442A (en) | It is a kind of using airport as the quantum key service network and method of regional center | |
| CN106972922B (en) | A kind of mobile secret communication method based on quantum key distribution network | |
| CN102461329B (en) | Wireless multiband security | |
| CN108462573B (en) | Flexible quantum secure mobile communication method | |
| CN109413194B (en) | User information cloud cooperative processing and transferring method for mobile communication system | |
| CN108510270A (en) | A kind of move and transfer accounts method of quantum safety | |
| CN107094076B (en) | Secret communication method based on quantum true random number and communication system | |
| CN107040378A (en) | A kind of key dispatching system and method based on Multi-user Remote Communication | |
| CN109995514A (en) | A kind of safe and efficient quantum key Information Mobile Service method | |
| CN106411525A (en) | Message authentication method and system | |
| CN109660337A (en) | A kind of communications network system and its cryptographic key distribution method that quantum is merged with classics | |
| CN109995511A (en) | A kind of mobile secret communication method based on quantum key distribution network | |
| CN108540436B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on quantum network | |
| CN111342952B (en) | Safe and efficient quantum key service method and system | |
| CN108377188A (en) | A kind of quantum cryptography system for extraordinary emergent self-organized network communication | |
| CN111277404A (en) | Method for realizing quantum communication service block chain | |
| CN109995512A (en) | A kind of mobile security application method based on quantum key distribution network | |
| CN110224821A (en) | A kind of communication encrypting method of unmanned mobile platform | |
| CN109756325A (en) | A method of mobile office system safety is promoted using quantum key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |