CN114362935A - Method for indirect communication of multiple quantum key management terminal devices - Google Patents
Method for indirect communication of multiple quantum key management terminal devices Download PDFInfo
- Publication number
- CN114362935A CN114362935A CN202111626899.4A CN202111626899A CN114362935A CN 114362935 A CN114362935 A CN 114362935A CN 202111626899 A CN202111626899 A CN 202111626899A CN 114362935 A CN114362935 A CN 114362935A
- Authority
- CN
- China
- Prior art keywords
- kmn
- kms
- connection
- data
- indirect communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 title claims abstract description 51
- 238000000034 method Methods 0.000 title claims abstract description 20
- 230000004044 response Effects 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Abstract
The invention discloses a method for indirect communication of multiple quantum key management terminal devices, which is characterized in that a quantum Key Management Server (KMS) is respectively connected with two key management client sides KM to be communicated, and indirect communication between two KMs is realized without establishing communication links of multiple KMs. The invention reduces the quantity of communication links established in the network, reduces the network complexity and the load of the whole network communication, and improves the robustness of the network; the number of nodes through which the plaintext of the key passes is reduced, so that the security of the key is further improved.
Description
Technical Field
The invention relates to the field of quantum secret communication, in particular to a method for indirect communication of a plurality of quantum key management terminal devices.
Background
Quantum communication is a novel communication mode for information transmission by using quantum superposition states and entanglement effects, and is a novel interdiscipline combining quantum physics and informatics. With the benefit of the rapid development of optical communication technology, quantum secret communication technology based on photons has been gradually applied from theory to engineering. Quantum secure communication can realize absolute safety theoretically, and therefore, the quantum secure communication has attracted wide attention of all social circles.
The main role of quantum secure communication networks is to implement symmetric key sharing between two communicating parties. Since the maximum distance of the unrepeatered quantum secret communication is limited, the long-distance key transmission is completed through the relay node. Currently adopted methods are trusted relays and quantum relays. The difficulty of quantum relay technology is high, the realization is difficult at present, and the credible relay is adopted in the actual quantum secret communication network.
As shown in fig. 1, in an actual quantum secret communication network, there are a large number of user nodes, relay nodes, and backbone network nodes, and data communication between key management terminals is implemented to exchange keys by creating a large number of network connections therebetween. For example: the key sharing between KM1 and KM5 requires establishment of connection links of KM1-KM2, KM2-KM3, KM3-KM4, KM4-KM5, and KMs with each node of KM1-KM5, and maintenance of these links at the time of communication. Obviously, such a method increases the difficulty of link management and also causes resource waste. Meanwhile, in order to ensure safety, authentication between the devices is required to be carried out every time connection is established, communication can be smoothly completed through multiple data and signaling interactions, and challenges are provided for the bearing capacity of a network and the robustness of software.
Therefore, it is necessary to improve the prior art and propose a communication method between quantum key management terminal devices, which can reduce the complexity of the network and reduce the time delay and the network load.
Disclosure of Invention
In order to solve the technical problem, a method for indirect communication of a plurality of quantum key management terminal devices is provided.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows: a method for indirect communication of a plurality of quantum key management terminal devices comprises a KMS and a plurality of KMs, wherein the KMS is connected with each KM through a classical channel of secure authentication respectively, and the method comprises the following steps:
step S1: establishing an indirect communication network among a plurality of KM;
step S2: the plurality of KM are communicated through an established indirect communication network;
in step S1, any two adjacent KMn and KMn +1 between the plurality of kmns establish an indirect communication network, so as to form a sequential connection between the plurality of kmns, and the step of establishing the indirect communication network between any two adjacent KMn and KMn +1 is as follows:
s1-1: the KMn sends a connection establishment request to the KMS, and establishes a network connection session1 with the KMS;
s1-2: the KMS saves 1 the current session of connection;
s1-3: the KMn +1 sends a connection establishment request to the KMS, and establishes a network connection session2 with the KMS;
s1-4: the KMS saves the current session 2;
s1-5: the KMn sends a local ID number to the KMS;
s1-6: the KMS binds the ID number of the KMn with the session1 of the current connection session;
s1-7: the KMn sends the ID number of the adjacent KMn +1 to the KMS;
s1-8: the KMS saves the ID number of the KMn +1 to a session1 of the current connection session;
s1-9: KMn +1 sends the local ID number to KMS;
s1-10: the KMS binds the ID number of the KMn +1 with the session2 of the current connection session;
s1-11: the KMn +1 sends the ID number of the adjacent KMn to the KMS;
s1-12: the KMS saves the ID number of the KMn to a session2 of the current connection;
indirect communication is established between KMn and KMn +1 through the above steps.
Preferably, the binding process between the ID number of the KMn and the current connection session1 in the step S1-6 is as follows:
saving the data by adopting key-value pairs; wherein key represents the ID number of KMn, value represents the current connection session1, and the ID number is known to obtain the connection session 1.
Preferably, the ID number of the KMn +1 in step S1-10 is bound with the current connection session 2: saving the data by adopting key-value pairs; wherein key represents the ID number of KMn +1, value represents the current connection session2, and the connection session2 can be obtained by knowing the ID number.
Preferably, the step of communicating among the plurality of KMs in the plurality of steps S2 is as follows:
s2-1: the KMn transmits data and attaches the ID number of the KMn +1 to a KMS end (namely, a data transmission destination);
s2-2: after receiving the data sent by the KMn, the KMS searches a connection session2 bound with the KMn +1 in all the stored KM connection sessions according to the ID number of the KMn + 1;
s2-3: the KMS forwards data to a KMn +1 end through the connection session 2;
s2-4: after receiving the data forwarded by the KMS, the KMn +1 terminal analyzes the data;
s2-5: the KMn +1 makes response operation according to the analyzed data and sends the response data to the KMS terminal: the ID number of KMn is attached to the response data;
s2-6: after receiving the data sent by the KMn +1, the KMS end searches a connection session1 bound with the KMn in all the stored KM connection sessions according to the ID number attached with the KMn;
s2-7: finding a session1 corresponding to the KMn through the step S2-6, and forwarding the data to the KMn end through the session1 by the KMS;
s2-8: after receiving the data forwarded by the KMS, the KMn end analyzes the data;
to this end, the KMn and KMn +1 indirect communication is completed.
The invention has the beneficial technical effects that:
according to the invention, indirect network connection is established among a plurality of KMs, so that direct connection among the KMs is reduced, unnecessary consumption of system resources and network blocking probability are reduced, meanwhile, the complexity of a network link is reduced, the management efficiency is improved, and multiple equipment safety certification operations are reduced.
Drawings
FIG. 1 is a block diagram of a network architecture of a legacy system;
FIG. 2 is a block diagram of a network architecture of the present invention;
fig. 3 is a flow chart of the present invention for establishing a session between a KMS and a KM;
fig. 4 is a flowchart of establishing a session between KMs according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments, but the scope of the present invention is not limited to the following embodiments.
As shown in fig. 1, the method for indirect communication between multiple quantum key management terminal devices reduces links of multiple quantum key management terminals, reduces network complexity, and improves system robustness. The KMS (Key Management Server) is respectively connected with two KM (Key Management client) to be communicated, a plurality of KM communication links are not required to be established, indirect communication between the two KM is realized, the number of nodes through which Key plaintext passes is reduced, and the safety is further improved.
Specifically, a method for indirect communication of multiple quantum key management terminal devices includes a KMS and multiple KMS, where the KMS and each KM are connected through a classical channel of secure authentication, respectively, and the method includes the following steps:
step S1: establishing an indirect communication network among a plurality of KM;
step S2: the plurality of KMs communicate with each other via an indirect communication network.
In step S1, any two adjacent kmns and KMn +1 between the plurality of KMs establish an indirect communication network, where n is 1,2, and 3 … …, thereby forming a sequential connection between the plurality of KMs.
The steps for any two adjacent KMn and KMn +1 to establish an indirect communication network are as follows:
s1-1: the KMn sends a connection establishment request to the KMS, and establishes a network connection session1 with the KMS;
s1-2: the KMS saves 1 the current session of connection;
s1-3: the KMn +1 sends a connection establishment request to the KMS, and establishes a network connection session2 with the KMS;
s1-4: the KMS saves the current session 2;
s1-5: the KMn sends a local ID number to the KMS;
s1-6: the KMS binds the ID number of the KMn with the session1 of the current connection session;
s1-7: the KMn sends the ID number of the adjacent KMn +1 to the KMS;
s1-8: the KMS saves the ID number of the KMn +1 to a session2 of the current connection session;
s1-9: KMn +1 sends the local ID number to KMS;
s1-10: the KMS binds the ID number of the KMn +1 with the session2 of the current connection session;
s1-11: the KMn +1 sends the ID number of the adjacent KMn to the KMS;
s1-12: the KMS saves the ID number of the KMn to a session2 of the current connection;
through the steps, the KMS establishes network connection with the KMn through the session1, establishes network connection with the KMn +1 through the session2, the KMn and the KMn +1 respectively store the ID numbers of the other party, and the KMS can find the corresponding session according to the ID numbers, so that indirect communication between the KMn and the KMn +1 is established.
Preferably, the binding process between the ID number of the KMn and the current connection session1 in the step S1-6 is as follows:
saving the data by adopting key-value pairs; wherein key represents the ID number of KM1, value represents the current connection session1, and the connection session1 is obtained by knowing the ID number.
The ID number of the KMn +1 in the step S2-10 is bound with the session2 of the current connection session: saving the data by adopting key-value pairs; wherein key represents the ID number of KMn +1, value represents the current connection session2, and the ID number is known to obtain the connection session 2.
The steps of communicating among the plurality of KMs in step S2 are as follows:
s2-1: the KMn transmits data and attaches the ID number of the KMn +1 to a KMS end (namely, a data transmission destination);
s2-2: after receiving the data sent by the KMn, the KMS searches a connection session2 bound with the KMn +1 in all the stored KM connection sessions according to the ID number of the KMn + 1;
s2-3: the KMS forwards data to a KMn +1 end through the connection session 2;
s2-4: after receiving the data forwarded by the KMS, the KMn +1 end analyzes the data;
s2-5: the KMn +1 makes response operation according to the analyzed data and sends the response data to the KMS terminal: the ID number of KMn is attached to the response data;
s2-6: after receiving the data sent by the KMn +1, the KMS end searches a connection session1 bound with the KMn in all the stored KM connection sessions according to the ID number attached with the KMn;
s2-7: finding a session1 corresponding to the KMn through the step S2-6, and forwarding the data to the KMn end through the session1 by the KMS;
s2-8: after receiving the data forwarded by the KMS, the KMn end analyzes the data;
to this end, the KMn and KMn +1 indirect communication is completed.
The invention reduces the complexity of the network link to a certain extent and improves the management efficiency; network connection between KM is reduced, unnecessary consumption of system resources can be reduced; the probability of network blockage is reduced; since the equipment security authentication is required every time the connection is established between the KMs, the work of the equipment security authentication for many times can be reduced.
Variations and modifications to the above-described embodiments may occur to those skilled in the art, which fall within the scope and spirit of the above description. Therefore, the present invention is not limited to the specific embodiments disclosed and described above, and some modifications and variations of the present invention should fall within the scope of the claims of the present invention. Furthermore, although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (4)
1. A method for indirect communication of a plurality of quantum key management terminal devices comprises a KMS key management service system and a plurality of quantum key management terminals KM, wherein the KMS is respectively connected with each KM through a classical channel, and the method comprises the following steps:
step S1: establishing an indirect communication network among a plurality of KM;
step S2: a plurality of KM are communicated through the indirect communication network;
step S1, any two adjacent KMn and KMn +1 between the plurality of KMs establish an indirect communication network, so as to form a sequential connection between the plurality of KMs;
the steps for any two adjacent KMn and KMn +1 to establish an indirect communication network are as follows:
s1-1: the KMn sends a connection establishment request to the KMS, and establishes a network connection session1 with the KMS;
s1-2: the KMS saves 1 the current session of connection;
s1-3: the KMn +1 sends a connection establishment request to the KMS, and establishes a network connection session2 with the KMS;
s1-4: the KMS saves the current session 2;
s1-5: the KMn sends a local ID number to the KMS;
s1-6: the KMS binds the ID number of the KMn with the session1 of the current connection session;
s1-7: the KMn sends the ID number of the adjacent KMn +1 to the KMS;
s1-8: the KMS saves the ID number of the KMn +1 to a session1 of the current connection session;
s1-9: KMn +1 sends the local ID number to KMS;
s1-10: the KMS binds the ID number of the KMn +1 with the session2 of the current connection session;
s1-11: the KMn +1 sends the ID number of the adjacent KMn to the KMS;
s1-12: the KMS saves the local ID number of the KMn to a session2 of the current connection session;
indirect communication is established between KMn and KMn +1 through the above steps.
2. The method for indirect communication among multiple quantum key management terminal devices as claimed in claim 1, wherein the binding of the ID number of KMn and the current connection session1 in step S1-6 is as follows:
storing data of the key-value by adopting a key value; where key denotes the ID number of the KMn and value denotes the current connection session 1.
3. The method for indirect communication among multiple quantum key management terminal devices as claimed in claim 1, wherein the ID number of KMn +1 is bound with the current connection session2 in step S1-10: storing data of the key-value by adopting a key value; where key denotes the ID number of KMn +1 and value denotes the current connection session 2.
4. The method for indirect communication among multiple quantum key management terminal devices as claimed in claim 1, wherein the step of communicating among multiple KMs in step S2 is as follows:
s2-1: the KMn sends data and attaches the ID number of the KMn +1 to the KMS end;
s2-2: after receiving the data sent by the KMn, the KMS searches a connection session2 bound with the KMn +1 in all the stored KM connection sessions according to the ID number of the KMn + 1;
s2-3: the KMS forwards data to the KMn +1 through the session 2;
s2-4: after receiving the data forwarded by the KMS, the KMn +1 end analyzes the data;
s2-5: the KMn +1 makes response operation according to the analyzed data and sends the response data and the ID number of the KMn to the KMS terminal;
s2-6: after receiving the data sent by the KMn +1, the KMS end searches a connection session1 bound with the KMn in all the stored KM connection sessions according to the ID number attached with the KMn;
s2-7: finding a session1 corresponding to the KMn through the step S2-6, and forwarding the data to the KMn end through the session1 by the KMS;
s2-8: after receiving the data forwarded by the KMS, the KMn end analyzes the data;
to this end, the KMn and KMn +1 indirect communication is completed.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011615759 | 2020-12-30 | ||
CN2020116157592 | 2020-12-30 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114362935A true CN114362935A (en) | 2022-04-15 |
CN114362935B CN114362935B (en) | 2023-10-24 |
Family
ID=81103145
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111626899.4A Active CN114362935B (en) | 2020-12-30 | 2021-12-28 | Method for indirectly communicating multiple quantum key management terminal devices |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114362935B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150188701A1 (en) * | 2012-08-24 | 2015-07-02 | Los Alamos National Security, Llc | Scalable software architecture for quantum cryptographic key management |
CN104780040A (en) * | 2015-04-06 | 2015-07-15 | 安徽问天量子科技股份有限公司 | Handheld device encryption method and system based on quantum cryptography |
US20150281185A1 (en) * | 2014-03-26 | 2015-10-01 | Cisco Technology, Inc. | Cloud Collaboration System With External Cryptographic Key Management |
CN111385090A (en) * | 2018-12-29 | 2020-07-07 | 山东量子科学技术研究院有限公司 | Key distribution method and system based on multi-key combination quantum key relay |
CN111756530A (en) * | 2019-03-28 | 2020-10-09 | 广东国盾量子科技有限公司 | Quantum service mobile engine system, network architecture and related equipment |
CN111934871A (en) * | 2020-09-23 | 2020-11-13 | 南京易科腾信息技术有限公司 | Quantum key management service core network, system and quantum key negotiation method |
-
2021
- 2021-12-28 CN CN202111626899.4A patent/CN114362935B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150188701A1 (en) * | 2012-08-24 | 2015-07-02 | Los Alamos National Security, Llc | Scalable software architecture for quantum cryptographic key management |
US20150281185A1 (en) * | 2014-03-26 | 2015-10-01 | Cisco Technology, Inc. | Cloud Collaboration System With External Cryptographic Key Management |
CN104780040A (en) * | 2015-04-06 | 2015-07-15 | 安徽问天量子科技股份有限公司 | Handheld device encryption method and system based on quantum cryptography |
CN111385090A (en) * | 2018-12-29 | 2020-07-07 | 山东量子科学技术研究院有限公司 | Key distribution method and system based on multi-key combination quantum key relay |
CN111756530A (en) * | 2019-03-28 | 2020-10-09 | 广东国盾量子科技有限公司 | Quantum service mobile engine system, network architecture and related equipment |
CN111934871A (en) * | 2020-09-23 | 2020-11-13 | 南京易科腾信息技术有限公司 | Quantum key management service core network, system and quantum key negotiation method |
Also Published As
Publication number | Publication date |
---|---|
CN114362935B (en) | 2023-10-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109995510B (en) | Quantum key relay service method | |
CN110581763B (en) | Quantum key service block chain network system | |
CN106452741A (en) | Communication system for realizing information encryption/decryption transmission based on quantum network and communication method | |
CN105471576A (en) | Quantum key relaying method, quantum terminal nodes and quantum key relaying system | |
CN109995513A (en) | A kind of quantum key Information Mobile Service method of low latency | |
US8855315B2 (en) | Method and system for realizing secure forking call session in IP multimedia subsystem | |
CN108540436B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on quantum network | |
CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
CN109981584B (en) | Block chain-based distributed social contact method | |
CN103490891A (en) | Method for updating and using secret key in power grid SSL VPN | |
CN109067518B (en) | Quantum network system and method based on plug-and-play MDI-QKD | |
CN107147492A (en) | A kind of cipher key service System and method for communicated based on multiple terminals | |
CN102868683A (en) | Terminal-to-terminal based voice safety multi-path communication system and method | |
CN115276976A (en) | Quantum key distribution method and device and electronic equipment | |
CN101296107A (en) | Safe communication method and device based on identity identification encryption technique in communication network | |
CN110430551A (en) | A kind of automobile data transfer method and system based on QUIC technology | |
CN212660171U (en) | Quantum key distribution system applied to mobile communication network | |
CN114362935B (en) | Method for indirectly communicating multiple quantum key management terminal devices | |
CN114362938B (en) | Quantum communication key management dynamic route generation network architecture and method | |
CN114401085B (en) | Network architecture and key storage method of quantum secret communication network | |
CN212463227U (en) | Vehicle-mounted communication device based on quantum encryption | |
CN103200211B (en) | A kind of method of data synchronization, system and equipment | |
CN107147491A (en) | A kind of cipher key service framework communicated based on multiple terminals and distribution method | |
WO2023221856A1 (en) | Quantum secure communication method and device, quantum password service network, and communication system | |
Jyothi | A privacy preserving and efficient randomness routing in adhoc wireless network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |