The utility model content
The advantage of native system binding capacity sub-key distribution network and classical mobile communications network provides a kind of novel mobile encrypted system, makes it to have concurrently the fail safe of quantum cryptography communication and the convenience of mobile communication.
The utility model provides a kind of mobile encrypted system based on the quantum-key distribution network, the unconditional security property guarantee travelling carriage coded communication safety of utilization sub-key subnetwork to the present situation of encryption of communicated data scarce capacity in the present mobile communication; This method can improve the fail safe of mobile encrypted communication effectively.
For realizing above-mentioned purpose, the utility model adopts following technical scheme:
A kind of mobile encrypted system based on the quantum-key distribution network; It comprises the quantum-key distribution network; The quantum-key distribution network comprises several quantum concentrator stations, each quantum concentrator station and at least one quantum terminal communication, and the quantum terminal is through key updating interface and communication of mobile terminal;
Wherein: be provided with storage medium and quantum cryptography module in the said portable terminal, the shared quantum key that storage medium stores is downloaded, the quantum cryptography module is used for data are encrypted; Quantum terminal and quantum concentrator station constitute the nodes at different levels of quantum communications network, and the coupled quantum terminal of quantum concentrator station generates the forwarding capability of sharing key and accomplishing ciphertext.
A kind of communication means of the mobile encrypted system based on the quantum-key distribution network, the performing step of this method is following:
Step1: at first mobile terminal registers is networked, obtain unique quantum ID (QID);
Step2: the portable terminal after the registration connects arbitrary quantum terminal through the key updating interface, and downloads the shared key of a certain size data volume to this quantum terminal to apply;
Step3: behind the mobile terminal downloads key, the quantum terminal passes to portable terminal with concentrator station address QIPT and upgrades, portable terminal with the concentrator station on this QIPT as the caller concentrator station;
Step4: after confirming the caller concentrator station, portable terminal is delivered to the caller concentrator station with ciphertext;
Step5: the caller concentrator station is sent to called concentrator station after ciphertext is encrypted again;
Step6: called concentrator station is sent to the called subscriber after ciphertext is encrypted again;
Step7: after called subscriber's deciphering obtains expressly, sign off;
Among the said step2; When the shared key of a certain size data volume was downloaded in application: authentication was carried out to portable terminal in the quantum terminal; After authentication is legal; If quantum terminal key quantity not sufficient then submits to portable terminal to keep connecting, download key behind the key that generation is enough between wait quantum terminal and the quantum concentrator station.
Among the said step4, ciphertext is carried out XOR calculating acquisition through quantum cryptography module invokes and isometric key and data self bit-by-bit of communication data.
Encrypted process is following again among the said step5: portable terminal is enclosed oneself caller quantum ID QID and called number to ciphertext, gives the caller concentrator station through mobile communications network; According to caller QID; The caller concentrator station calls corresponding secret key decryption; According to caller concentrator station and called concentrator station cipher key shared data decryption is encrypted again simultaneously, encrypted ciphertext sends to called concentrator station through classic network after data recombination again again.
Among the said step6, encrypted process is following again: called concentrator station is received after the ciphertext, with decrypt ciphertext, searches key according to called subscriber QID again, encrypts the line data reorganization back of going forward side by side once more and gives the called subscriber through mobile communications network.
The beneficial effect of the utility model is:
The first, in the method adopt the quantum-key distribution network allocation to share key, can distribute big capacity random key, make AES can adopt the OTP method, in cryptographic calculation, only need carry out an XOR add operation like this.Compare DES, A8 algorithm of using always in AES and the mobile communication or the like AES, this method is encrypted need not carry out the multiple matrix multiplying.Alleviated the operand of encrypting greatly.
The second, quantum-key distribution net distribution key can guarantee the key distribution fail safe of highest level;
Three, portable terminal can be freely on any quantum terminal new key more, kept the convenience of mobile communication to greatest extent.
In addition, the big data quantity random key that utilizes quantum-key distribution to provide can flow to the digital signature of line height safety to data.
Embodiment
Below in conjunction with accompanying drawing and embodiment the utility model is described further:
Mobile encrypted system based on the quantum-key distribution network comprises: portable terminal, the quantum cryptography module, key updating interface, quantum-key distribution network, registration center, the quantum-key distribution network terminal, the quantum-key distribution network concentrator station that are equipped with for portable terminal.The following quantum-key distribution network terminal is called for short the quantum terminal, and quantum-key distribution network concentrator station is called for short the quantum concentrator station.As shown in Figure 4, encryption system comprises the quantum-key distribution network, and the quantum-key distribution network comprises several quantum concentrator stations, each quantum concentrator station and a corresponding quantum terminal communication, and the quantum terminal is through key updating interface and communication of mobile terminal; Wherein: be provided with storage medium in the said portable terminal, the shared quantum key that storage is downloaded; Quantum terminal and quantum concentrator station constitute the nodes at different levels of quantum communications classic network, and the coupled quantum terminal of quantum concentrator station generates the forwarding capability of sharing key and accomplishing ciphertext.
The movable part that portable terminal, the quantum cryptography module that is equipped with for portable terminal and key updating interface constitute this method; Remainder is formed infrastructure portion.Be provided with storage medium in the portable terminal, can store the shared quantum key of download.Quantum terminal and quantum concentrator station constitute the nodes at different levels of quantum-key distribution network; The basic structure of quantum concentrator station is made up of one or several quantum terminals, key storage managing server and encryption devices, can generate the forwarding capability of sharing key and accomplishing ciphertext with coupled quantum terminal.Registration center inserts quantum-key distribution network through certain quantum terminal and obtains key, and the key that critical datas such as the quantum ID of mobile device when registration, identification data all use the quantum key distribution network to distribute is encrypted through classic network with the OTP mode and mail to registration center.
Be example with the process of accomplishing an encrypted short message communication between the portable terminal that uses this method from portable terminal initial registration to two below, the detailed embodiment of the utility model is described.
1. portable terminal initial registration: the portable terminal licence of need at first applying for the registration of, this licence is that length is the random number of 256 bits, the equipment of being authorized by registration center writes the quantum cryptography module of portable terminal.Portable terminal can connect arbitrary quantum terminal through the key updating interface afterwards; The quantum cryptography module of portable terminal is carried out authentication with the identification data that preset of fixed size in licence and the encrypting module to registration center, and the Wegman-Carter scheme is adopted in authentication.Registration center sends to portable terminal with the quantum ID at this terminal of unique sign and the new sub-communication network of identification data throughput after confirming that identity is errorless.And the telephone number of notifying the quantum terminal to read portable terminal returns registration center, registration center's its registration table of renewal.Registration table by quantity variable data cell form, each cell data structure is as shown in table 1,
Table 1. registry data structure
A1: memory mobile terminal telephone number, fixed length 40 bits.
A2: storage quantum ID, fixed length 32 bits;
A3: storage identification data, 256 of regular lengths.
As shown in Figure 3, explain how registration center inserts the quantum-key distribution network through the quantum terminal and obtain key, guarantees the data transmission security of facility registration process.Add the crammed classic network with the OTP mode after critical datas such as the licence of device registration, identification data, telephone number are read by the quantum terminal and be transferred to registration center; The quantum-key distribution network then sends registration center to through the key that internodal shared keys at different levels such as quantum terminal, quantum concentrator station will be encrypted these critical datas, and the acquisition data can be deciphered by registration center.Otherwise the data that registration center issues are submitted portable terminal after delivering to the quantum terminal deciphering with the encryption of OTP cipher mode too.The fail safe of OTP cipher mode and quantum key distribution has guaranteed the safety of data transmission procedure.
Unregistered terminal need be registered through above step, for the terminal of having registered can in order to avoid
Go this step, directly carry out following steps.
2. portable terminal is registered and shared key and download: portable terminal lands quantum network with quantum ID and new identification data; On certain quantum terminal, apply for downloading the shared key of a certain size data volume through the key updating interface; Sharing key is shared by this quantum terminal and certain quantum concentrator station; It is 600 megabits that the data volume size is set in this instance, is equally divided into encryption key storehouse and decruption key storehouse.This size of key can satisfy continuous double-directional speech conversation of encrypting with the OTP mode more than 10 hours, and perhaps the short message of about ten thousand of 15-30 sends and encrypts, and the key of download is stored in the encrypting module.If shared the key greater than 600 megabits through quantum-key distribution between quantum concentrator station and the quantum terminal, then authentication is carried out to portable terminal in the quantum terminal, and the mobile terminal downloads key is agreed in the legal back of identity verification.If quantum terminal key quantity not sufficient is then carried out authentication to portable terminal, after authentication is legal, submit to portable terminal to keep connecting, download key behind the key that generation is enough between wait quantum terminal and the quantum concentrator station.Download and accomplish the identification data that portable terminal is upgraded at the post-registration center once more.The quantum concentrator station is with the corresponding shared key that is downloaded in the portable terminal quantum ID sign concentrator station; That part of shared key of encryption key in the corresponding portable terminal, concentrator station is called decruption key, and it is retained in the continuous address field; That part of shared key of decruption key in the corresponding portable terminal; Concentrator station is called encryption key, and it is retained in another continuous address field, does not allow other-end or communication process to use this part key.And set up registration form the beginning and end address information of key is noted with corresponding quantum ID.Registration form by quantity variable data cell form, each cell data structure is as shown in table 2,
Table 2. registration form data structure
B1: storage quantum ID, fixed length 32 bits;
B2: storage encryption key first address, length is determined by memory;
B3: storage encryption key tail address, length is determined by memory;
B4: store decrypted key first address, length is determined by memory;
B5: store decrypted key tail address, length is determined by memory.
3. the foundation of temporary relation table and renewal: caller quantum concentrator station identifies by the shared key of its download with the quantum ID of portable terminal; This quantum ID is write registration form; And set up the binary array with this quantum ID and self quantum concentrator station address, identify temporary relation between this portable terminal and the concentrator station.Caller quantum concentrator station is submitted registration center with this temporary relation, supplies registration center to upgrade the temporary relation table.When having only in the registration form that after a quantum ID is landing, appears at concentrator stations different when landing with last time, just new temporary relation can occur, at this moment, registration center upgrades the temporary relation table.The temporary relation table by quantity variable data cell form, each cell data structure is as shown in table 3,
Table 3. temporary relation list data structure
C1: storage quantum ID, regular length 32 bits;
C2: memory space subclass control station address, regular length 20 bits.
4. registration is nullified: registration center notifies corresponding concentrator station that the quantum ID that incidence relation is disengaged is deleted from registration form according to the renewal of temporary relation table immediately, and abandons the key of this quantum ID sign.
5. the caller concentrator station is established: behind the mobile terminal downloads key, the quantum terminal is with concentrator station address (QIPT)
Passing to portable terminal upgrades.Portable terminal with the concentrator station on this quantum concentrator station address QIPT as the caller concentrator station.
6. data encryption: the short message data that portable terminal will send is expressly through the quantum cryptography module encrypt; The quantum cryptography module is called in the encryption key storehouse with isometric key and data self bit-by-bit of communication data and is carried out XOR calculating, and the result is ciphertext.Used key is promptly abandoned, and re-uses never.Low level reads to a high position in proper order from the address in the use of key, during sign off, and the record address of reading, the start address that key reads when communicating by letter next time.Used key is promptly abandoned, and re-uses never.
7. data recombination and transmission: portable terminal is enclosed the quantum ID (being called caller quantum ID QID) of oneself and the number (being called called number) of terminal called at the data head of ciphertext, sends to the caller concentrator station through mobile communications network.
8. ciphertext is transmitted: the caller concentrator station can obtain calling terminal number, caller quantum ID and called number after the mobile communications network data sent is changed; According to caller quantum ID; The caller concentrator station can call corresponding secret key decryption in the decruption key storehouse; In registration table, inquire about the corresponding quantum ID of this number according to called number to registration center again, registration center inquires about the temporary relation table again and confirms that there are the quantum concentrator station (being called called concentrator station) of interim incidence relation in current and the corresponding quantum ID of called number.The caller concentrator station is with called concentrator station cipher key shared data decryption being encrypted again; Encryption method is with identical described in the step 6; Again encrypted ciphertext is enclosed rear subscriber number, caller quantum ID, called quantum ID again, sends to called concentrator station through classic network.
9. mobile network's ciphertext is transmitted: called concentrator station is received after the ciphertext, with decrypt ciphertext, searches key according to called subscriber's quantum ID again, encloses caller quantum ID after encrypting again with encryption key and gives the called subscriber through mobile communications network.
As shown in Figure 2, in the quantum distribution network, between quantum terminal and its upper level quantum concentrator station, share key through the method generation of quantum-key distribution at any time between concentrator station and the concentrator station, supply various communication services to use.The encryption and decryption data between concentrator station through ciphertext is transmitted, and can accomplish the classical data encryption communication between any two quantum terminals.
10. data decryption: after called user terminal is received ciphertext, can use the decruption key of storage to solve expressly.The also convertible role of called subscriber initiates step 5-9, can realize two-way communication.
So just accomplish once communication, in order to guarantee that this communication means can repeat, following step after need carrying out.
11. registration form is upgraded: behind the sign off, the first address that concentrator station will remain key accordingly writes registration form.
12. the not enough alarm of key: after each communication, the quantum cryptography module will be checked the residue size of key.In this example, when size of key in certain key store less than 30,000,000 the time, provide the not enough prompting of residue size of key, if size of key is less than 10 megabits, the key in this key store of terminal updating is reminded in then alarm.
13. key freshness alarm: in this instance, the quantum cryptography module lives forever the key of downloading and store up 30 days as encrypting use most.Key memory time since the last time successfully downloads key and calculates, and after key went beyond the time limit in certain key store, encrypting module was reminded the terminal updating key to this key store alarm.
14. key updating: only when alarming, upgrade fully, portable terminal connects the quantum terminal through the key updating interface and lands the new key of quantum network application download.After getting permission, the key of its sign of the concentrator station of registration deletion when the portable terminal last time lands, portable terminal is then abandoned whole old keys in the key store of being alarmed, and writes new key.
Above step is carried out repetitive cycling, can realize the secure communication of high level of security.
Adopt the quantum-key distribution network allocation to share key in this utility model, can distribute big capacity random key, make AES can adopt the OTP method.In cryptographic calculation, only an XOR add operation need be carried out like this, and repeatedly matrix multiplication operation need be do not carried out.Alleviated the operand of encrypting greatly.Simplify the cryptographic calculation algorithm, not only effectively lowered the structural complexity of encrypting module, and when improving fail safe, lowered corresponding cost.
It will be understood by those skilled in the art that top specific descriptions just in order to explain the purpose of the utility model, are not to be used to limit the utility model.The protection range of the utility model is limited claim and equivalent thereof.