CN106330440B - A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication - Google Patents

A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication Download PDF

Info

Publication number
CN106330440B
CN106330440B CN201611047743.XA CN201611047743A CN106330440B CN 106330440 B CN106330440 B CN 106330440B CN 201611047743 A CN201611047743 A CN 201611047743A CN 106330440 B CN106330440 B CN 106330440B
Authority
CN
China
Prior art keywords
key
submodule
quantum
gateway
mobile terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201611047743.XA
Other languages
Chinese (zh)
Other versions
CN106330440A (en
Inventor
韩家伟
徐颖
吴佳楠
朱德新
魏荣凯
李晓辉
宋立军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changchun University
Original Assignee
Changchun University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changchun University filed Critical Changchun University
Priority to CN201611047743.XA priority Critical patent/CN106330440B/en
Publication of CN106330440A publication Critical patent/CN106330440A/en
Application granted granted Critical
Publication of CN106330440B publication Critical patent/CN106330440B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Abstract

The invention discloses a kind of mobile network's quantum key distribution system and its distribution method based on near-field communication, pass through the attack distance constraints module of connection, user authentication module, key distribution module, mobile terminal cipher key storage block, key synchronization module, quantum cryptography document transmission module, mobile terminal cipher key store, pool of keys, near-field communication equipment and fingerprint module, realize the detection to near-field communication key distribution environment, verifying to mobile device user legitimacy, based near field communication protocols to the quantum key distribution of mobile network, realize the key synchronization to server end and gateway end, to the kept secure of mobile device quantum key, coded communication to mobile device and server end, and it takes into account the high portable characteristics of mobile device and applies light characteristic.

Description

A kind of mobile network's quantum key distribution system and its distribution based on near-field communication Method
Technical field
The invention belongs to fields of communication technology, are related to a kind of mobile network's quantum key distribution system based on near-field communication And its distribution method.
Background technique
Nineteen twenty-seven, Heisenberg propose " Heisenberg uncertainty principle ", and principle is pointed out: certain physics of a microcosmic particle Amount, it is impossible to there is determining numerical value, as soon as if there is an amount is determining value, the value of another amount is not known.Last century end section Scholars are on the basis of " Heisenberg uncertainty principle " " the unclonable principle of quantum " and " quantum measures collapsing principle " Propose quantum cryptography.Using single quantum state as information carrier in quantum cryptography, it is based on " the unclonable principle of quantum " Any list quantum can not be cloned, and utilize " quantum measures collapsing principle " quantum state after single quantum is measured that can become Change, therefore the legitimate receiver of information can discover the listener-in in channel according to the collapsing of quantum state to abort communication. Therefore the communication mode based on quantum cryptography is referred to as the communication mode physically " being perfectly safe ", military in national defence, political affairs It controls, the every field such as finance all have important researching value.
So far, quantum secret communication has been subjected to nearly more than 30 years bases to first quantum cryptographic protocols proposed from 1984 Plinth theoretical research and security verification, at present its practical ripe.As various countries gradually recognize quantum communications Significance, the step of commercialization also accelerating.The developed countries such as America and Europe have had begun high speed quantum communications and big rule The exploration of mould secret communication network, China are also classified as key research project and are studied, and are transmitted in August, 2016 Global first quantum satellite " Mo-tse number ", so that quantum cryptography enters a new mileage in practical applications.
During quantum secret communication, information carrier is single photon, it is contemplated that decaying of the single photon in fiber channel And the reasons such as detector detection efficient, the communication distance of commercial system do not exceed 100km generally, this limitation makes invocation point pair Point quantum communication system may be only available for intercity secret communication, and be for the inter-provincial and inter-provincial above secret communication incapability Power, which greatly limits the use scopes of quantum secret communication, and to it, practical development process also brings obstruction.
It is quite mature to the research of quantum cryptography application at present, with the quick hair of mobile device and mobile network Exhibition, the secret communication of mobile network is a huge challenge for scientist, and " being perfectly safe " energy of quantum key art The Communication Security Problem of enough very good solution mobile networks.However the quantum cryptography using single photon as carrier is in quantum key It needs to be attached by quantum channel and classical channel during distribution.Quantum key is divided based on traditional wireless network Hair is very unsafe.Therefore quantum cryptography is become to the quantum key secure distribution of mobile network and moves towards mobile network's Obstacle.High portability and the application that mobile device is how taken into account while carrying out quantum key distribution to mobile device are light Characteristic becomes quantum key art and moves towards mobile network's problem to be solved.
Summary of the invention
The mobile network's quantum key distribution system and its distribution that the object of the present invention is to provide a kind of based on near-field communication Method realizes that the detection to near-field communication key distribution environment, the verifying to mobile device user legitimacy are based on near-field communication Agreement realizes the key synchronization to server end and gateway end to the quantum key distribution of mobile network, to mobile device amount The kept secure of sub-key, the coded communication to mobile device and server end, and take into account mobile device high portable characteristics and Using light characteristic.
The technical scheme adopted by the invention is that a kind of mobile network's quantum key distribution system based on near-field communication, It is same including attack distance constraints module, user authentication module, key distribution module, mobile terminal cipher key storage block, key Walk module, quantum cryptography document transmission module, mobile terminal cipher key store, pool of keys, near-field communication equipment and fingerprint module;
The attack distance constraints module is tested for constraining agreement by attack distance in mobile device progress user identity Detection near-field communication region is eavesdropped with the presence or absence of relay attack before card, if detecting that communication environment is abnormal will stop to set movement Standby key is distributed;
The user authentication module, for determining that it is close that currently used mobile device carries out by biological identification technology The legitimacy of the user identity of key injection enters key distribution module after subscriber authentication success;
The key distribution module, for injecting quantum key to from gateway end to mobile device;
The mobile terminal cipher key storage block will be obtained for being written and read access to mobile terminal cipher key store from gateway end Quantum key carry out kept secure;
The key synchronization module for key information to be written in local SQLite database, and data is believed Breath is synchronized in server-side database;
The quantum cryptography document transmission module, for obtaining the quantum key of mobile terminal cipher key storage block, and from shifting Dynamic equipment end passes data to server end by quantum encryption communication;
The mobile terminal cipher key store, for storing the storage medium of quantum key, as quantum key depositing in mobile terminal Store up carrier;
The pool of keys, for storing the quantum key being distributed to;
The near-field communication equipment, the near-field communication for gateway end and mobile device;
The fingerprint module is used for obtaining user fingerprints information and passing to gateway end authentication submodule Family authentication.
Further, the attack distance constraints module includes mobile terminal attack distance constraint submodule and the attack of gateway end Distance restraint submodule;The user authentication module includes gateway end authentication submodule and mobile terminal authentication Module, the gateway end authentication submodule are connected with gateway end attack distance constraint submodule, and the mobile terminal identity is tested Card submodule is connected with mobile terminal attack distance constraint submodule;The key distribution module includes gateway end key distribution submodule Block and mobile terminal key distribute submodule;The mobile terminal key distribution submodule is connect with mobile terminal authentication submodule, Key distribution submodule in gateway end is connect with gateway end pool of keys, gateway end authentication submodule respectively;The mobile terminal is close Key memory module is connect with mobile terminal key distribution submodule;The key synchronization module includes gateway end key synchronization submodule With server end key synchronization submodule, server end key synchronization submodule and gateway end key synchronization submodule pass through classics Channel carries out the synchronization of key distribution information;Gateway end key synchronization submodule is connect with gateway end key distribution submodule, is taken Business device end key synchronization submodule is connect with server end pool of keys;The quantum cryptography document transmission module includes mobile looking somebody up and down Son encryption file transmission submodule and server end quantum cryptography file transmit submodule;Mobile terminal quantum cryptography file transmission Module and server end quantum cryptography file, which transmit submodule, realizes that slave mobile device end passes through quantum cryptography by classical channel Communication passes data to server end;Mobile terminal quantum cryptography file transmits submodule and mobile terminal cipher key storage block connects It connects, server end quantum cryptography file transmission submodule is connect with server end pool of keys;The mobile terminal cipher key store and movement Hold cipher key storage block connection;The pool of keys includes gateway end pool of keys and server end pool of keys, gateway end pool of keys and Between server end pool of keys by quantum channel connect, can based on quantum key distribution protocol realization quantum server end with The quantum key distribution at gateway end;The near-field communication equipment includes mobile terminal NFC sensor interconnected and gateway end NFC Key distributes induction zone;Mobile terminal NFC sensor is sub with mobile terminal attack distance constraint submodule, mobile terminal authentication respectively Module, mobile terminal key distribution submodule are connected;Gateway end the NFC chip of induction zone is distributed to shifting by gateway end NFC key Dynamic equipment injects quantum key, and mobile device receives the key that gateway end NFC chip passes over by mobile terminal NFC sensor Information;NFC key distribution induction zone in gateway end turns serial ports by near field communications chip and near-field communication aerial and USB and forms, and leads to Cross USB turn serial ports respectively with gateway end attack distance constraint submodule, gateway end authentication submodule, gateway end key distribute Submodule connection;Realize that each module distributes the calling of induction zone to gateway end NFC key by the API library of open source;The fingerprint Module is connect with gateway end authentication submodule.
Further, the mobile terminal NFC sensor is located at using Android4.0 or more operating system, supports that near field is logical In the mobile device of telecommunication function, system has the function of that Android Beam realizes mobile terminal NFC by the api interface that system provides Sensor and mobile terminal attack distance constraint submodule, mobile terminal authentication submodule, mobile terminal key distribution submodule are each A module is connected.
It is of the present invention another solution is that a kind of mobile network's quantum key distribution system based on near-field communication The distribution method of system, follows the steps below:
Step 1, QKD link key generates: being given birth in real time with server end by QKD agreement at the gateway end of quantum key distribution At quantum key and it is injected separately into gateway end pool of keys and server end pool of keys;The gateway end of quantum key distribution and clothes Device end be engaged in by quantum channel connection, server end can connect the key that multiple quantum key distribution gateways carry out QKD links It generates;
Step 2, initial phase: whole system when the gateway end of quantum key distribution is to mobile device progress key distribution The gateway end pool of keys distributed to server end pool of keys and key initializes, and record current key distributes situation, initially Change the parameter of gateway end pool of keys and server end pool of keys, and verifies and currently whether may be used with the communication connection of server end It leans on, to ensure key distribution and synchronous reliability;
Step 3, mobile device distributes induction zone close to gateway end NFC key: it is close that mobile device is placed into quantum by user The gateway end NFC key that key distributes gateway distributes induction zone, and establishes connection;Mobile device is called during establishing connection Attack distance constraint submodule in mobile terminal detects current key distribution environment to ensure the safety of key distribution environment;
Step 4, the subscriber authentication stage: when mobile device distributes induction zone close to gateway end NFC key and detects After key distribution environment safety, authentication submodule in gateway end verifies user identity by fingerprint recognition;It is tested in user identity The mobile terminal authentication submodule of card stage mobile device end is communicated with gateway end authentication submodule, prompts user's typing Finger print information, while authentication submodule in gateway end obtains fingerprint identifier by calling fingerprint module, and fingerprint is believed Verifying user identity is compared with the fingerprint characteristic in the fingerprint base of gateway end registered users in breath;
Step 5, the initialization key library stage: mobile device receive quantum key distribution gateway injection key information it Before, initialize the state and basic parameter of mobile terminal cipher key store;
Step 6, key injection stage: after subscriber authentication success, the gateway end point of mobile device and key distribution Not Tiao Yong mobile terminal key distribution submodule and gateway end key distribution submodule to mobile device carry out key injection;
Step 7, the key storage stage: mobile device receives quantum key number after the data of quantum key distribution gateway Encryption storage is carried out to local file according to decryption, and by mobile terminal cipher key storage block, quantum key data is stored in and is moved It holds in cipher key store;
Step 8, the key synchronization stage: key distribution submodule completes key injection to quantum key distribution gateway on the gateway side Afterwards, record key distributes information to local data base, and the clothes of mobile network are synchronized to by gateway end key synchronization submodule Business device end;
Step 9, server end stage of communication: the gateway end key synchronization submodule and server of quantum key distribution gateway After holding key synchronization submodule to complete key synchronization, the key distribution of mobile network is completed to pass by quantum cryptography file Defeated module realizes that the quantum cryptography file at mobile device and Mobile Server end transmits;
Step 10, it updates cipher key store information: being communicated in quantum cryptography document transmission module with the server end of mobile network After the completion, it records the key information consumed each time and local is recorded in data information, while updating in the cipher key store of mobile terminal Data information.
Further, in the step 1QKD link key generating process, when key production quantity is less than mobile network in system When network is to the demand of quantum key, increase distribution gateway end pool of keys and server end pool of keys using key multiplication method In size of key, to meet the needs of mobile network is to quantum key.
Further, in the step 3, same quantum key distribution gateway can connect multiple gateway ends in systems NFC key distribution induction zone is more mobile device injection keys simultaneously.
Further, it in the step 6, carries out adopting when key injection from the gateway end of quantum key distribution to mobile device It is transmitted with 256 AES encryption modes by one time key text, guarantees the reliability of cipher key delivery.
Further, in the step 8, quantum key distribution gateway end and mobile network during key synchronization It is communicated between server end by classics channel, and the data of transmitting are the data of pointer type.
Further, in the step 3, mobile terminal attack distance constrains submodule detection current key distribution environment with true The safety of secrecy key distribution environment is that determine, whether listener-in is deposited near field communication range by attack distance constraint agreement Initialization information is shared at, protocol initializing stage gateway end and mobile device, initialization information includes: shared key K, safety Parameter is random function F, and the output length of pseudo-random function is 2L, and gateway end needs to be arranged response maximum time Δ tmax, attack Distance restraint agreement is stolen to determine in near-field communication region with the presence or absence of third party by addressing inquires to quick inquiry Qualify Phase at a slow speed It listens.
Further, it before the server end stage of communication for carrying out the step 9, needs to verify using Challenge Mode carry out key correctness verification;In the step 9, gateway end key synchronization submodule and server end key synchronization The data of module transmitting are following hexa-atomic group of I
I=<UserID, MobileMac, StartIndex, EndIndex, Length, Time>
UserID indicates that the ID of user, MobileMac indicate to use the physical network card address of mobile device in hexa-atomic group, StartIndex distributes the initial position of key, and EndIndex distributes the final position of key, and Length distributes the length of key, The time of Time distribution key is not related to the key between server end is asynchronous on the gateway side by hexa-atomic group of transmitting And the transmission to quantum key, pointer information is only transmitted in classical channel, ensure that the quantum for being distributed to mobile network is close Key is not leaked.
The beneficial effects of the invention are as follows pass through detection of the relay attack distance restraint protocol realization to key distribution environment, benefit The verifying to the identity legitimacy of user is realized with biological identification technology, and the amount to mobile network is completed based on near-field communication technology Quantum key distribution, at the same it is same to the quantum key of server end and mobile device end by the ICP/IP protocol realization of classical channel Step and coded communication, and taken into account the high portability of mobile device and applied portability.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Used by Fig. 1 is mobile network's quantum key delivering method provided in an embodiment of the present invention based on near-field communication Structural schematic diagram.
Fig. 2 is the process of mobile network's quantum key delivering method provided in an embodiment of the present invention based on near-field communication Figure.
Fig. 3 is mobile network's quantum key distribution access gateway end provided in an embodiment of the present invention based on near-field communication Integrated schematic diagram.
In figure: 1.1, mobile terminal attack distance constrains submodule;1.2, gateway end attack distance constrains submodule;2.1, it moves Moved end authentication submodule;2.2, gateway end authentication submodule;3.1, mobile terminal key distributes submodule;3.2, gateway Key is held to distribute submodule;4, mobile terminal cipher key storage block;5.1, gateway end key synchronization submodule;5.2, server end is close Key synchronizes submodule;6.1, quantum cryptography file in mobile terminal transmits submodule;6.2, server end quantum cryptography file transmission Module;7, mobile terminal cipher key store;8.1, gateway end pool of keys;8.2, server end pool of keys;9.1, mobile terminal NFC sensor; 9.2, NFC key in gateway end distributes induction zone;10, fingerprint module.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.
Fig. 1 is the structure of mobile network's quantum key delivering method based on near-field communication of the embodiment of the present invention, such as Fig. 1 It is shown, the present invention is implemented as follows: including attack distance constraints module, user authentication module, key distribution module, moving Moved end cipher key storage block 4, key synchronization module, quantum cryptography document transmission module, mobile terminal cipher key store 7 are logical based near field Specific step is as follows for mobile network's quantum key delivering method of letter:
(1) QKD link key generates: the gateway end of quantum key distribution and server end can pass through the QKD agreement such as BB84 Quantum key is generated in real time and is injected separately into gateway end pool of keys 8.1 and server end pool of keys 8.2.Quantum key distribution Gateway end connect with server end by quantum channel, server end can connect multiple quantum key distribution gateways and carry out The key of QKD link generates.In systems when key production quantity is less than demand of the mobile network to quantum key, use is close Key multiplication method come increase distribution gateway end pool of keys 8.1 and server end pool of keys 8.2 in size of key, to meet mobile network Demand of the network to quantum key.
(2) initial phase: whole system is to service when quantum key distribution gateway is to mobile device progress key distribution Device end pool of keys 8.2 and the gateway end pool of keys 8.1 of key distribution are initialized, and record current key distributes situation, initially Change the parameter of gateway end pool of keys 8.1 and server end pool of keys 8.2, and verifying is currently with the communication connection of server end It is no reliable, to ensure key distribution and synchronous reliability.
(3) mobile device distributes induction zone 9.2 close to gateway end NFC key: it is close that mobile device is placed into quantum by user The gateway end NFC key that key distributes gateway distributes induction zone 9.2, and establishes connection;Mobile device during establishing connection Attack distance constraint submodule 1.1 in mobile terminal is called to detect current key distribution environment to ensure the safety of key distribution environment; Same quantum key distribution gateway can connect multiple gateway end NFC key distribution induction zones 9.2 while be more in systems Mobile device injects key.
(4) the subscriber authentication stage: when mobile device distributes induction zone 9.2 close to gateway end NFC key and detects After key distribution environment safety, gateway end authentication submodule 2.2 verifies user identity by fingerprint recognition.In user identity The mobile terminal authentication submodule 2.1 of Qualify Phase mobile device end is communicated with gateway end authentication submodule 2.2, is prompted User's typing finger print information, while gateway end authentication submodule 2.2 is by calling fingerprint module 10 to obtain fingerprint authentication letter Breath, and verifying user identity is compared with the fingerprint characteristic in the fingerprint base of gateway end registered users in finger print information.
(5) the initialization key library stage: before the key information that mobile device receives the injection of quantum key distribution gateway, Initialize the state and basic parameter of mobile terminal cipher key store 7.
(6) key injection stage: after subscriber authentication success, the gateway end of mobile device and key distribution is adjusted respectively Distribute submodule 3.1 with mobile terminal key and key distribution submodule 3.2 in gateway end carries out key injection to mobile device.From amount Pass through one time key using 256 AES encryption modes when the gateway end of quantum key distribution carries out key injection to mobile device Text is transmitted, and guarantees the reliability of cipher key delivery.
(7) the key storage stage: mobile device receives quantum key data after the data of quantum key distribution gateway Decryption, and encryption storage is carried out to local file by mobile terminal cipher key storage block 4, quantum key data is stored in mobile terminal In cipher key store 7.
(8) the key synchronization stage: key distribution submodule 3.2 completes key injection to quantum key distribution gateway on the gateway side Afterwards, record key distribution information is synchronized to mobile network's to local data base, and by gateway end key synchronization submodule 5.1 Server end.Pass through classics between quantum key distribution gateway end and the server end of mobile network during key synchronization Channel is communicated, and the data transmitted are the data of pointer type.
(9) server end stage of communication: the gateway end key synchronization submodule 5.1 and server of quantum key distribution gateway After holding key synchronization submodule 5.2 to complete key synchronization, completing to the key distribution of mobile network can be by quantum cryptography text Part transmission module realizes that the quantum cryptography file at mobile device and Mobile Server end transmits.Quantum cryptography document transmission module packet It includes mobile terminal quantum cryptography file transmission submodule 6.1 and server end quantum cryptography file transmits submodule 6.2.
(10) it updates cipher key store information: communicating completion with the server end of mobile network in quantum cryptography document transmission module Afterwards, it records the key information consumed each time and local is recorded in data information, while updating the number in mobile terminal cipher key store 7 It is believed that breath.
According to the operational process of above system, each functional module is described below:
Attack distance constraints module is divided into two submodules: mobile terminal attack distance constraint submodule 1.1 and gateway end are attacked Distance restraint submodule 1.2 is hit, mobile terminal attack distance constrains submodule 1.1 and gateway end attack distance constrains submodule 1.2 It whether there is relaying in detection near-field communication region before mobile device carries out subscriber authentication by attack distance constraint agreement Attack eavesdropping, to ensure the safety of quantum key distribution, if it is close to mobile device to detect that communication environment exception will stop Key distribution.
User authentication module is divided into two submodules: gateway end authentication submodule 2.2 and mobile terminal identity are tested Submodule 2.1 is demonstrate,proved, gateway end authentication submodule 2.2 is connected with gateway end attack distance constraint submodule 1.2, mobile terminal body Part verifying submodule 2.1 is connected with mobile terminal attack distance constraint submodule 1.1;By biological identification technology (such as: fingerprint know Not, iris recognition) determine that currently used mobile device carries out the legitimacy of the user identity of key injection, it is preferred to use fingerprint It identifies to verify the legitimacy of mobile device user, enters key distribution module after subscriber authentication success.
Key distribution module is divided into two submodules: gateway end key distributes submodule 3.2 and mobile terminal key distribution Module 3.1.For injecting quantum key to from gateway end to mobile device.Mobile terminal key distributes submodule 3.1 and mobile terminal Authentication submodule 2.1 connect, gateway end key distribute submodule 3.2 respectively with gateway end pool of keys 8.1, gateway end identity Submodule 2.2 is verified to connect.Gateway end is injected by the NFC chip that gateway end NFC key distributes induction zone 9.2 to mobile device Quantum key, mobile device receive the key information that gateway end NFC chip passes over by mobile terminal NFC sensor 9.1.It is close Key distribution module guarantees the safety of the key information when key is distributed using the characteristics of NFC short haul connection, and furthermore near field is logical The characteristic of letter wireless transmission has taken into account the high portable characteristics of mobile device well.
Mobile terminal cipher key storage block 4 is connect, for mobile terminal cipher key store 7 with mobile terminal key distribution submodule 3.1 It is written and read access, the quantum key obtained from gateway end is subjected to kept secure.Mobile device from gateway end injection key at Need to verify user identity after function, the cryptographic operation of key file is transparent, key information in order to prevent for users Leakage user can not directly read the content in cipher key store, need to verify user in advance before progress key injection or using key Identity.
Key synchronization module is divided into two submodules: gateway end key synchronization submodule 5.1 and server end key synchronization Submodule 5.2.Gateway end key synchronization submodule 5.1 is connect with gateway end key distribution submodule 3.2, the distribution of gateway end key Key distribution information is passed to gateway end key synchronization submodule 5.1 by submodule 3.2, key information is written to local In SQLite database, and data information is synchronized in server-side database, server end key synchronization submodule 5.2 with Gateway end key synchronization submodule 5.1 passes through classical channel and carries out the synchronization that key distributes information.Server end key synchronization Module 5.2 is connect with server end pool of keys 8.2.
Quantum cryptography document transmission module is divided into two submodules: mobile terminal quantum cryptography file transmit submodule 6.1 with Server end quantum cryptography file transmits submodule 6.2;Mobile terminal quantum cryptography file transmits submodule 6.1 and mobile terminal key Memory module 4 connects and obtains quantum key, and mobile terminal quantum cryptography file transmits submodule 6.1 and server end quantum cryptography File, which transmits submodule 6.2, realizes that slave mobile device end passes data to service by quantum encryption communication by classical channel Device end;Server end quantum cryptography file transmission submodule 6.2 is connect with server end pool of keys 8.2.
Mobile terminal cipher key store 7 is the storage for storing quantum key for connecting with mobile terminal cipher key storage block 4 Medium, the memory carrier as quantum key in mobile terminal.
Pool of keys 8 is divided to for two submodules: gateway end pool of keys 8.1 and server end pool of keys 8.2, gateway end pool of keys It is connected between 8.1 and server end pool of keys 8.2 by quantum channel, it can be based on quantum key distribution agreement (such as: BB84 association View) realize quantum server end and gateway end quantum key distribution, in real time generation key meet mobile network quantum it is close Key demand, server end pool of keys 8.2 and gateway end pool of keys 8.1 are used to store the quantum key being distributed to.
Near-field communication equipment is divided into two submodules: mobile terminal NFC sensor 9.1 interconnected and gateway end NFC are close Key distributes induction zone 9.2.Mobile terminal NFC sensor 9.1 constrains submodule 1.1, mobile terminal body with mobile terminal attack distance respectively Part verifying submodule 2.1, mobile terminal key distribution submodule 3.1 are connected.Mobile device uses Android4.0 in embodiment Above operating system, system have the function of that Android Beam realizes mobile terminal NFC sensing by the api interface that system provides Device 9.1 and mobile terminal attack distance constraint submodule 1.1, mobile terminal authentication submodule 2.1, mobile terminal key distribute submodule 3.1 modules of block are connected.In embodiment gateway end NFC key distribution induction zone 9.2 by USB turn serial ports respectively with net End attack distance constraint submodule 1.2, gateway end authentication submodule 2.2, gateway end key distribution submodule 3.2 is closed to connect It connects.Realize that modules distribute the calling of induction zone 9.2 to gateway end NFC key by the API library of open source in embodiment.It moves Moved end NFC sensor 9.1 is located in mobile device, is the hardware configuration for supporting the mobile terminal itself of near field communication (NFC) function.Gateway End NFC key distribution induction zone 9.2 turns serial ports by near field communications chip and near-field communication aerial and USB and forms, and is turned by USB Serial ports is connected to gateway end, distributes the near field that induction zone 9.2 is capable of gateway support end and mobile device by gateway end NFC key Communication.
Fingerprint module 10 is capacitive fingerprint sensing device, for obtaining user fingerprints information and passing to gateway end identity Submodule 2.2 is verified, subscriber authentication is carried out.
The principle of the present invention is further described in conjunction with Fig. 1-Fig. 3:
Attack distance constraints module has the function of detecting near field communication environment with the presence or absence of relay attack, can pass through Attack distance constrains agreement, and to determine, listener-in whether there is near field communication range.Protocol initializing stage gateway end and shifting Dynamic collaborative share initialization information, initialization information mainly includes the following contents: shared key K, and security parameter is random function F, the output length of pseudo-random function are 2L, and gateway end needs to be arranged response maximum time Δ tmax, it is logical that attack distance constrains agreement It crosses to address inquires at a slow speed and addresses inquires to Qualify Phase quickly to determine in near-field communication region with the presence or absence of third party's eavesdropping.
Third party's data listener-in is not present when gateway end detection key injection environment in the function of user authentication module, User authentication module will be called;The concrete methods of realizing of user authentication module is as follows:
Into after user authentication module, user authentication module is extracted twice respectively with the fingerprint inputted according to user Fingerprint characteristic twice is merged into a new fingerprint characteristic after extracting fingerprint characteristic twice, in combined finger by fingerprint characteristic The set of characteristic points that take the fingerprint in line feature P, set of characteristic points P's is expressed as follows:
This feature point set P and the set of characteristic points Q in the fingerprint base of gateway end registered users are mutually matched.Upper In the set of characteristic points P stated,Indicate ith feature point three information, along X-axis, Y-axis it is big Small and feature vector direction.If can be under corresponding changed factor by specific to the fingerprint characteristic point set P of input Mapping mode be converted into set of characteristic points Q, then P and Q are considered as matching.
In above procedure:
It mainly include fingerprint image preprocessing stage, Finger print characteristic abstract stage and fingerprint minutiae matching stage.Referring to Line pretreatment stage includes fingerprint filtering, the binaryzation of fingerprint image, the refinement of fingerprint image.Fingerprint filtering main purpose is The destruction for removing fingerprint image is mainly filtered as caused by noise and fingerprint pressure by fingerprint in the destruction of fingerprint image Wave removes both noises in image as far as possible.
It needs to carry out binary conversion treatment to fingerprint image after the completion of fingerprint filtering processing, it can be by one by binary conversion treatment Secondary grayscale image is converted into the general gray scale two-valued function of black white image, is expressed as follows:
X is the gray value of grayscale image in above-mentioned formula, and T is specified threshold value.Adaptive two are used in fingerprint case The method of value can obtain preferable fingerprint black white image after binarization.
The feature extraction for carrying out fingerprint is needed to pass through the minutia that takes the fingerprint after completing to the pretreatment stage of fingerprint In terminating point, bifurcation, ramification point, isolated point, circling point and short grain are combined into the global feature of fingerprint image.In fingerprint spy The sign extraction stage is by needing to extract neighborhood points S respectivelypWith intersection points Cp
Wherein R (k) is the pixel P to be put in order in 8 neighborhoods as kkValue, R (9)=R (1).According to the S of said extractedp And CpSize, be terminating point at pixel p if being both equal to 1;It is bifurcation at pixel p if satisfaction is equal to 3;Sp =2, CpIt is streakline continuity point that=2 or 3, which meet pixel p,.
The fingerprint characteristic collection in data fingerprint characteristics of image and feature database extracted according to the Finger print characteristic abstract stage It closes Q to be matched, indicates that two fingerprints are the same fingerprint if given threshold value is more than or equal to if matching result, if matching As a result being less than given threshold value then indicates that the two is not same fingerprint.
As shown in Fig. 2 process, the concrete methods of realizing of key distribution module is as follows:
After system detection injects key Environmental security and subscriber authentication success, gateway end passes through key distribution module Quantum key is injected to mobile device.Preferably, mobile device uses the mobile phone of Android4.0 or more, logical in mobile device end The Android Beam function of crossing android system is realized to NFC communication function.Key distributes submodule 3.2NFC on the gateway side The realization of communication is realized by the NFC chip that USB turns serial ports connection, can be connected simultaneously in the same gateway end equipment multiple NFC chip is that more mobile devices carry out key injection simultaneously.
In key distribution module, it is close that key distribution submodule 3.2 in gateway end obtains quantum from gateway end pool of keys 8.1 Quantum key is simultaneously transmitted to the distribution reception of submodule 3.1 of mobile terminal key by near-field communication with 0,1 bit form by key.Close Carry out the transmitting of key information in key distribution procedure using dynamic reading and writing mode card in cipher key delivery using NFCA chip.Mesh The traffic rate of preceding NFC chip has following three kinds to be respectively as follows: 106kbit/s, 212kbit/s, and 424kbit/s rf frequency is 13.56MHz, the distance of near-field communication is within 10cm.The above characteristic based on near-field communication, it is preferred to use dynamic reading and writing card Mode carries out key distribution, and the rate of data transmission is 424kbit/s, and the efficient communication range of 10cm effectively prevents quantum Key information is stolen.
It is 8192bit in the size of key of each secondary key distribution transmission of key distribution module, key distribution is sub on the gateway side It is by data information transfer to gateway end key synchronization submodule 5.1 after the completion of key is distributed in module 3.2, key information is synchronous To server end.The quantum key that key distribution submodule 3.1 in mobile terminal will acquire passes to mobile terminal cipher key storage block 4, Encryption storage is carried out to key file.
The concrete methods of realizing of mobile terminal cipher key storage block 4:
The quantum key information that mobile terminal cipher key storage block 4 will acquire is written to local, and is encrypted, Encryption processing operation is transparent for users in mobile terminal cipher key storage block 4, and the other application in mobile device is being visited Ask that cipher key storage file is authorized, and the authorization of mobile terminal cipher key store 7 is also required to carry out authentication, is tested by identity Card is to determine whether quantum key visitor is legal, and user cannot be directly viewed the quantum key obtained from gateway end in systems File or encrypted quantum key file, will not be leaked with the quantum key information guaranteed in mobile terminal cipher key store 7.
The information that key is distributed is written to gateway client database and is believed by classical by gateway end key synchronization submodule 5.1 Road is synchronized to server end key synchronization submodule 5.2, and server end key synchronization submodule 5.2 records key distribution information Into server-side database.
It is used in key synchronization module in server end and the data of gateway end transmitting as following hexa-atomic group of I.
I=<UserID, MobileMac, StartIndex, EndIndex, Length, Time>(4)
UserID indicates that the ID of user, MobileMac indicate to use the physical network card address of mobile device in hexa-atomic group, StartIndex distributes the initial position of key, and EndIndex distributes the final position of key, and Length distributes the length of key, The time of Time distribution key.It is asynchronous simultaneously to the key between server end on the gateway side by above-mentioned hexa-atomic group of transmitting It is not related to the transmission of quantum key, pointer information is only transmitted in classical channel, ensure that the amount for being distributed to mobile network Sub-key is not leaked.
After key distribution module and key synchronization module are completed to the key distribution of mobile network and key synchronization, move Effective quantum key secret communication can be carried out between dynamic equipment and server.In embodiment, pass through quantum cryptography file On transmit verifying distribution method validity.Quantum cryptography file transmission submodule 6.1 in mobile terminal by data encryption and transmits clothes Be engaged in device end quantum cryptography file transmit submodule 6.2, server end quantum cryptography file transmit submodule 6.2 by data deciphering simultaneously It is stored in local.
In mobile terminal, quantum cryptography file transmission submodule 6.1 and server end quantum cryptography file transmit submodule 6.2 It carries out with before server end coded communication, i.e., before step 9, mobile terminal is with server by must assure that before quantum encryption communication The consistency of quantum key distribution, whether the key being distributed to verify the same user in server end and mobile device end It is identical, need to carry out key correctness verification before coded communication each time starts.The school Challenge is used in embodiment The mode tested carries out key correctness verification, if check results are correct, server end allows mobile device to access;Otherwise refuse The access of mobile device.The process of Challenge verification is as follows:
1. server end receives and sends one section of random string to mobile device after connection request.
2. mobile device uses 256 AES encryption algorithm for encryption string datas using quantum key, sent out after the completion of encryption Send server end back to.
3. server end encrypts the random string of itself generation and the character string responded with mobile device matches.
4. the key verification success if successful match, otherwise key verification does not have access authority unsuccessfully.
In quantum cryptography document transmission module, enters file if Challenge is verified successfully and upload the stage, will move Moved end file is uploaded by 256 AES encryption transmission, will be stored after file decryption after transmitting file on received server-side Local and more new database in the user key consumption.
It is illustrated in figure 3 the integrated figure of mobile network's quantum key distribution system.Mobile network's quantum based on near-field communication Cryptographic key distribution method is mainly used for realizing the quantum key distribution to mobile network.Mobile network's quantum key distribution system passes through Key is injected into mobile device, and the net after mobile device is properly received gateway end key information from gateway end by near-field communication Key information is synchronized to server end by Guan Duan.Pass through quantum QKD in the key distribution in Fig. 3 between gateway end and server end Link is realized.By generating quantum key to be distributed in quantum QKD link on the gateway side pool of keys and server end pool of keys. A server can be attached with multiple gateway ends in practical applications.Gateway end is set by near-field communication technology and movement It is standby to be attached, quantum key is injected into mobile device, while key information is synchronized to by server by key synchronization module End.It can be carried simultaneously in a gateway end equipment in multiple NFC antennas same time and inject quantum to multiple mobile devices Key.After mobile device successfully injects quantum key, mobile device and server end can carry out quantum by classical channel Coded communication.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention It is interior.

Claims (9)

1. a kind of mobile network's quantum key distribution system based on near-field communication, which is characterized in that constrained including attack distance Module, user authentication module, key distribution module, mobile terminal cipher key storage block (4), key synchronization module, quantum add Close document transmission module, mobile terminal cipher key store (7), pool of keys (8), near-field communication equipment and fingerprint module (10);
The attack distance constraints module, for constraining agreement before mobile device carries out subscriber authentication by attack distance It detects near-field communication region to eavesdrop with the presence or absence of relay attack, if it is close to mobile device to detect that communication environment exception will stop Key distribution;
The user authentication module, for determining that currently used mobile device carries out key note by biological identification technology The legitimacy of the user identity entered enters key distribution module after subscriber authentication success;
The key distribution module, for injecting quantum key from gateway end to mobile device;
The mobile terminal cipher key storage block (4) will be obtained for being written and read access to mobile terminal cipher key store (7) from gateway end The quantum key taken carries out kept secure;
The key synchronization module, for key information to be written in local SQLite database, and data information is same It walks in server-side database;
The quantum cryptography document transmission module, for obtaining the quantum key of mobile terminal cipher key storage block (4), and from movement Equipment end passes data to server end by quantum encryption communication;
The mobile terminal cipher key store (7), the storage for storing the storage medium of quantum key, as quantum key in mobile terminal Carrier;
The pool of keys (8), for storing the quantum key being distributed to;
The near-field communication equipment, the near-field communication for gateway end and mobile device;
The fingerprint module (10), for obtaining user fingerprints information and passing to gateway end authentication submodule (2.2), into Row subscriber authentication;
The attack distance constraints module includes mobile terminal attack distance constraint submodule (1.1) and the constraint of gateway end attack distance Submodule (1.2);
The user authentication module includes gateway end authentication submodule (2.2) and mobile terminal authentication submodule (2.1), the gateway end authentication submodule (2.2) is connected with gateway end attack distance constraint submodule (1.2), the shifting Moved end authentication submodule (2.1) is connected with mobile terminal attack distance constraint submodule (1.1);
The key distribution module includes gateway end key distribution submodule (3.2) and mobile terminal key distribution submodule (3.1); Mobile terminal key distribution submodule (3.1) connect with mobile terminal authentication submodule (2.1), gateway end key distribution Module (3.2) is connect with gateway end pool of keys (8.1), gateway end authentication submodule (2.2) respectively;
The mobile terminal cipher key storage block (4) connect with mobile terminal key distribution submodule (3.1);
The key synchronization module includes gateway end key synchronization submodule (5.1) and server end key synchronization submodule (5.2), server end key synchronization submodule (5.2) and gateway end key synchronization submodule (5.1) pass through classical channel and carry out The synchronization of key distribution information;Gateway end key synchronization submodule (5.1) is connect with gateway end key distribution submodule (3.2), Server end key synchronization submodule (5.2) is connect with server end pool of keys (8.2);
The quantum cryptography document transmission module includes that mobile terminal quantum cryptography file transmission submodule (6.1) and server are look up and down Son encryption file transmission submodule (6.2);Mobile terminal quantum cryptography file transmits submodule (6.1) and server end quantum cryptography File, which transmits submodule (6.2), realizes that slave mobile device end passes data to clothes by quantum encryption communication by classical channel Business device end;Mobile terminal quantum cryptography file transmission submodule (6.1) is connect with mobile terminal cipher key storage block (4), server end Quantum cryptography file transmission submodule (6.2) is connect with server end pool of keys (8.2);
The mobile terminal cipher key store (7) connect with mobile terminal cipher key storage block (4);
The pool of keys (8) includes gateway end pool of keys (8.1) and server end pool of keys (8.2), gateway end pool of keys (8.1) It is connected, can be taken based on quantum key distribution protocol realization quantum by quantum channel between server end pool of keys (8.2) The quantum key distribution at business device end and gateway end;
The near-field communication equipment includes that mobile terminal NFC sensor (9.1) interconnected and the distribution of gateway end NFC key incude Area (9.2);Mobile terminal NFC sensor (9.1) is tested with mobile terminal attack distance constraint submodule (1.1), mobile terminal identity respectively Demonstrate,prove submodule (2.1), mobile terminal key distribution submodule (3.1) is connected;Gateway end induction zone is distributed by gateway end NFC key (9.2) NFC chip injects quantum key to mobile device, and mobile device receives gateway by mobile terminal NFC sensor (9.1) The key information that end NFC chip passes over;Gateway end NFC key distributes induction zone (9.2) by near field communications chip and near field Communication antenna and USB turn serial ports composition, turn serial ports by USB and constrain submodule (1.2), net with gateway end attack distance respectively Close end authentication submodule (2.2), gateway end key distribution submodule (3.2) connection;Each mould is realized by the API library of open source Calling of the block to gateway end NFC key distribution induction zone (9.2);
The fingerprint module (10) connect with gateway end authentication submodule (2.2).
2. a kind of mobile network's quantum key distribution system based on near-field communication according to claim 1, feature exist In the mobile terminal NFC sensor (9.1) is located at using Android4.0 or more operating system, supports near field communication (NFC) function In mobile device, system has the function of that Android Beam realizes mobile terminal NFC sensor by the api interface that system provides (9.1) distribute with mobile terminal attack distance constraint submodule (1.1), mobile terminal authentication submodule (2.1), mobile terminal key Submodule (3.1) modules are connected.
3. a kind of distributor of mobile network's quantum key distribution system based on near-field communication as claimed in claim 1 or 2 Method, which is characterized in that follow the steps below:
Step 1, QKD link key generates: the gateway end of quantum key distribution and server end pass through the real-time production quantity of QKD agreement Sub-key is simultaneously injected separately into gateway end pool of keys (8.1) and server end pool of keys (8.2);The gateway of quantum key distribution End is connect with server end by quantum channel, and server end can connect multiple quantum key distribution gateways and carry out QKD link Key generate;
Step 2, initial phase: whole system is to clothes when the gateway end of quantum key distribution is to mobile device progress key distribution The gateway end pool of keys (8.1) of business device end pool of keys (8.2) and key distribution is initialized, and record current key distributes feelings Condition initializes the parameter of gateway end pool of keys (8.1) and server end pool of keys (8.2), and verifying is currently and server end Communication connection it is whether reliable, with ensure key distribution and synchronous reliability;
Step 3, mobile device distributes induction zone (9.2) close to gateway end NFC key: it is close that mobile device is placed into quantum by user The gateway end NFC key that key distributes gateway distributes induction zone (9.2), and establishes connection;Movement is set during establishing connection It is standby to call mobile terminal attack distance constraint submodule (1.1) detection current key distribution environment to ensure the peace of key distribution environment Entirely;
Step 4, the subscriber authentication stage: when mobile device close to gateway end NFC key distribution induction zone (9.2) and detects After key distribution environment safety, gateway end authentication submodule (2.2) verifies user identity by fingerprint recognition;In user's body The mobile terminal authentication submodule (2.1) and gateway end authentication submodule (2.2) of part Qualify Phase mobile device end are logical Letter prompts user's typing finger print information, while gateway end authentication submodule (2.2) is by calling fingerprint module (10) to obtain Fingerprint identifier, and verifying is compared with the fingerprint characteristic in the fingerprint base of gateway end registered users in finger print information and is used Family identity;
Step 5, the initialization key library stage: before the key information that mobile device receives the injection of quantum key distribution gateway, Initialize the state and basic parameter of mobile terminal cipher key store (7);
Step 6, key injection stage: after subscriber authentication success, the gateway end of mobile device and key distribution is adjusted respectively Key injection is carried out to mobile device with mobile terminal key distribution submodule (3.1) and gateway end key distribution submodule (3.2);
Step 7, the key storage stage: mobile device receives quantum key data solution after the data of quantum key distribution gateway It is close, and encryption storage is carried out to local file by mobile terminal cipher key storage block (4), quantum key data is stored in mobile terminal In cipher key store (7);
Step 8, the key synchronization stage: key note is completed in key distribution submodule (3.2) to quantum key distribution gateway on the gateway side After entering, record key distribution information is synchronized to mobile network to local data base, and by gateway end key synchronization submodule (5.1) The server end of network;
Step 9, server end stage of communication: the gateway end key synchronization submodule (5.1) of quantum key distribution gateway and service After device end key synchronization submodule (5.2) completes key synchronization, the key distribution of mobile network is completed to add by quantum Close document transmission module realizes that the quantum cryptography file at mobile device and Mobile Server end transmits;
Step 10, it updates cipher key store information: communicating completion with the server end of mobile network in quantum cryptography document transmission module Afterwards, it records the key information consumed each time and local is recorded in data information, while updating in mobile terminal cipher key store (7) Data information.
4. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3 Method, which is characterized in that in the step 1QKD link key generating process, when key production quantity is less than mobile network couple in system When the demand of quantum key, increase distribution gateway end pool of keys (8.1) and server end key using key multiplication method Size of key in pond (8.2), to meet the needs of mobile network is to quantum key.
5. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3 Method, which is characterized in that in the step 3, it is close to can connect multiple gateway end NFC for same quantum key distribution gateway in systems Key distributes induction zone (9.2) and injects key simultaneously for more mobile devices.
6. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3 Method, which is characterized in that in the step 6, carry out using when key injection from the gateway end of quantum key distribution to mobile device 256 AES encryption modes are transmitted by one time key text, guarantee the reliability of cipher key delivery.
7. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3 Method, which is characterized in that in the step 8, the clothes at quantum key distribution gateway end and mobile network during key synchronization It is communicated between business device end by classical channel, and the data of transmitting are the data of pointer type.
8. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3 Method, which is characterized in that in the step 3, mobile terminal attack distance constrain submodule (1.1) detection current key distribution environment with The safety for ensuring key distribution environment is that agreement is constrained by attack distance to determine near field communication range whether is listener-in In the presence of protocol initializing stage gateway end and mobile device share initialization information, and initialization information includes: shared key K, peace Population parameter is random function F, and the output length of pseudo-random function is 2L, and gateway end needs to be arranged response maximum time △ tmax, attack Distance restraint agreement is hit by addressing inquires to quick inquiry Qualify Phase at a slow speed to determine in near-field communication region with the presence or absence of third party Eavesdropping.
9. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3 Method, which is characterized in that before the server end stage of communication for carrying out the step 9, need the side using Challenge verification Formula carries out the verification of key correctness;
In the step 9, gateway end key synchronization submodule (5.1) and server end key synchronization submodule (5.2) transmitting Data are following hexa-atomic group of I
I=<UserID, MobileMac, StattIndex, EndIndex, Length, Time>
UserID indicates that the ID of user, MobileMac indicate to use the physical network card address of mobile device in hexa-atomic group, StartIndex distributes the initial position of key, and EndIndex distributes the final position of key, and Length distributes the length of key, The time of Time distribution key is not related to the key between server end is asynchronous on the gateway side by hexa-atomic group of transmitting And the transmission to quantum key, pointer information is only transmitted in classical channel, ensure that the quantum for being distributed to mobile network is close Key is not leaked.
CN201611047743.XA 2016-11-23 2016-11-23 A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication Expired - Fee Related CN106330440B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611047743.XA CN106330440B (en) 2016-11-23 2016-11-23 A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611047743.XA CN106330440B (en) 2016-11-23 2016-11-23 A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication

Publications (2)

Publication Number Publication Date
CN106330440A CN106330440A (en) 2017-01-11
CN106330440B true CN106330440B (en) 2019-05-14

Family

ID=57817462

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611047743.XA Expired - Fee Related CN106330440B (en) 2016-11-23 2016-11-23 A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication

Country Status (1)

Country Link
CN (1) CN106330440B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107257283B (en) * 2017-04-26 2019-11-08 中南大学 Fingerprint verification method based on quantum figure state
CN107888376B (en) * 2017-10-23 2020-08-11 浙江神州量子网络科技有限公司 NFC authentication system based on quantum communication network
CN108494550B (en) * 2018-03-12 2021-08-06 长春大学 Mobile terminal safety unlocking method based on quantum key
CN109714166A (en) * 2019-03-07 2019-05-03 山东鲁能软件技术有限公司 A kind of mobile distribution method, system, terminal and storage medium based on quantum key
CN110149204B (en) * 2019-05-09 2021-01-05 北京邮电大学 Key resource distribution method and system for QKD network
CN110519222B (en) * 2019-07-12 2021-10-22 如般量子科技有限公司 External network access identity authentication method and system based on disposable asymmetric key pair and key fob
CN110557246B (en) * 2019-07-16 2023-05-05 如般量子科技有限公司 Quantum-resistant computing access control method and system based on disposable asymmetric key pair and movable identity recognition device
US11200333B2 (en) * 2019-08-13 2021-12-14 International Business Machines Corporation File exposure to an intended recipient
CN110650009B (en) * 2019-09-23 2023-04-07 中国联合网络通信集团有限公司 Mobile network and communication method
CN110572265B (en) * 2019-10-24 2022-04-05 国网山东省电力公司信息通信公司 Terminal security access gateway method, device and system based on quantum communication
CN110868412A (en) * 2019-11-11 2020-03-06 龙冠敏 Block chain financial information processing system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101292455A (en) * 2005-09-30 2008-10-22 威瑞森全球商务有限责任公司 Quantum key distribution system
CN102196425A (en) * 2011-07-01 2011-09-21 安徽量子通信技术有限公司 Quantum-key-distribution-network-based mobile encryption system and communication method thereof
CN205510073U (en) * 2016-04-15 2016-08-24 长春大学 Remove data security store and forward device based on quantum encryption technology

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101292455A (en) * 2005-09-30 2008-10-22 威瑞森全球商务有限责任公司 Quantum key distribution system
CN102196425A (en) * 2011-07-01 2011-09-21 安徽量子通信技术有限公司 Quantum-key-distribution-network-based mobile encryption system and communication method thereof
CN205510073U (en) * 2016-04-15 2016-08-24 长春大学 Remove data security store and forward device based on quantum encryption technology

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
传输距离对实际量子密钥分发系统的影响;吴佳楠等;《吉 林 大 学 学 报 ( 理 学 版 )》;20140930(第5期);全文
基于 BB84 协议的光纤量子密钥分发实验;盖永杰等;《大 学 物 理》;20131031(第10期);全文

Also Published As

Publication number Publication date
CN106330440A (en) 2017-01-11

Similar Documents

Publication Publication Date Title
CN106330440B (en) A kind of mobile network&#39;s quantum key distribution system and its distribution method based on near-field communication
US10681025B2 (en) Systems and methods for securely managing biometric data
US10015154B2 (en) Un-password: risk aware end-to-end multi-factor authentication via dynamic pairing
CN103001773B (en) Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC)
CN108833114A (en) A kind of decentralization identity authorization system and method based on block chain
CN107978047A (en) Use the methods, devices and systems of password unlocking
US11463435B2 (en) Identity authentication method and system based on wearable device
WO2016061118A1 (en) Securing host card emulation credentials
CN110290134B (en) Identity authentication method, identity authentication device, storage medium and processor
EP2500872A1 (en) Secured method for controlling the opening of locking devices by means of a communication object such as a mobile phone
CN101300808A (en) Method and arrangement for secure autentication
JP2003535559A (en) Email biometric encryption method
CN101420301A (en) Human face recognizing identity authentication system
CN105205944A (en) Self-service deposit and withdrawal system based on intelligent terminal
Mars et al. Operator and manufacturer independent D2D private link for future 5G networks
CN107612949A (en) A kind of intelligent wireless terminal access authentication method and system based on radio-frequency fingerprint
CN102892102A (en) Method, system and device for binding mobile terminal and smart card in mobile network
CN107911211A (en) Quick Response Code Verification System based on quantum communication network
CN107888376B (en) NFC authentication system based on quantum communication network
CN207251631U (en) A kind of follow-on SIM card and mobile terminal and identification system
CN203104483U (en) Fingerprint authentication platform and NFC application terminal
CN107609878A (en) A kind of safety certifying method and system of shared automobile
Huang et al. RFID systems integrated OTP security authentication design
CN105743859B (en) A kind of method, apparatus and system of light application certification
CN103854177A (en) Safe E-bank implementation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190514

Termination date: 20201123

CF01 Termination of patent right due to non-payment of annual fee