CN106330440B - A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication - Google Patents
A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication Download PDFInfo
- Publication number
- CN106330440B CN106330440B CN201611047743.XA CN201611047743A CN106330440B CN 106330440 B CN106330440 B CN 106330440B CN 201611047743 A CN201611047743 A CN 201611047743A CN 106330440 B CN106330440 B CN 106330440B
- Authority
- CN
- China
- Prior art keywords
- key
- submodule
- quantum
- gateway
- mobile terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Abstract
The invention discloses a kind of mobile network's quantum key distribution system and its distribution method based on near-field communication, pass through the attack distance constraints module of connection, user authentication module, key distribution module, mobile terminal cipher key storage block, key synchronization module, quantum cryptography document transmission module, mobile terminal cipher key store, pool of keys, near-field communication equipment and fingerprint module, realize the detection to near-field communication key distribution environment, verifying to mobile device user legitimacy, based near field communication protocols to the quantum key distribution of mobile network, realize the key synchronization to server end and gateway end, to the kept secure of mobile device quantum key, coded communication to mobile device and server end, and it takes into account the high portable characteristics of mobile device and applies light characteristic.
Description
Technical field
The invention belongs to fields of communication technology, are related to a kind of mobile network's quantum key distribution system based on near-field communication
And its distribution method.
Background technique
Nineteen twenty-seven, Heisenberg propose " Heisenberg uncertainty principle ", and principle is pointed out: certain physics of a microcosmic particle
Amount, it is impossible to there is determining numerical value, as soon as if there is an amount is determining value, the value of another amount is not known.Last century end section
Scholars are on the basis of " Heisenberg uncertainty principle " " the unclonable principle of quantum " and " quantum measures collapsing principle "
Propose quantum cryptography.Using single quantum state as information carrier in quantum cryptography, it is based on " the unclonable principle of quantum "
Any list quantum can not be cloned, and utilize " quantum measures collapsing principle " quantum state after single quantum is measured that can become
Change, therefore the legitimate receiver of information can discover the listener-in in channel according to the collapsing of quantum state to abort communication.
Therefore the communication mode based on quantum cryptography is referred to as the communication mode physically " being perfectly safe ", military in national defence, political affairs
It controls, the every field such as finance all have important researching value.
So far, quantum secret communication has been subjected to nearly more than 30 years bases to first quantum cryptographic protocols proposed from 1984
Plinth theoretical research and security verification, at present its practical ripe.As various countries gradually recognize quantum communications
Significance, the step of commercialization also accelerating.The developed countries such as America and Europe have had begun high speed quantum communications and big rule
The exploration of mould secret communication network, China are also classified as key research project and are studied, and are transmitted in August, 2016
Global first quantum satellite " Mo-tse number ", so that quantum cryptography enters a new mileage in practical applications.
During quantum secret communication, information carrier is single photon, it is contemplated that decaying of the single photon in fiber channel
And the reasons such as detector detection efficient, the communication distance of commercial system do not exceed 100km generally, this limitation makes invocation point pair
Point quantum communication system may be only available for intercity secret communication, and be for the inter-provincial and inter-provincial above secret communication incapability
Power, which greatly limits the use scopes of quantum secret communication, and to it, practical development process also brings obstruction.
It is quite mature to the research of quantum cryptography application at present, with the quick hair of mobile device and mobile network
Exhibition, the secret communication of mobile network is a huge challenge for scientist, and " being perfectly safe " energy of quantum key art
The Communication Security Problem of enough very good solution mobile networks.However the quantum cryptography using single photon as carrier is in quantum key
It needs to be attached by quantum channel and classical channel during distribution.Quantum key is divided based on traditional wireless network
Hair is very unsafe.Therefore quantum cryptography is become to the quantum key secure distribution of mobile network and moves towards mobile network's
Obstacle.High portability and the application that mobile device is how taken into account while carrying out quantum key distribution to mobile device are light
Characteristic becomes quantum key art and moves towards mobile network's problem to be solved.
Summary of the invention
The mobile network's quantum key distribution system and its distribution that the object of the present invention is to provide a kind of based on near-field communication
Method realizes that the detection to near-field communication key distribution environment, the verifying to mobile device user legitimacy are based on near-field communication
Agreement realizes the key synchronization to server end and gateway end to the quantum key distribution of mobile network, to mobile device amount
The kept secure of sub-key, the coded communication to mobile device and server end, and take into account mobile device high portable characteristics and
Using light characteristic.
The technical scheme adopted by the invention is that a kind of mobile network's quantum key distribution system based on near-field communication,
It is same including attack distance constraints module, user authentication module, key distribution module, mobile terminal cipher key storage block, key
Walk module, quantum cryptography document transmission module, mobile terminal cipher key store, pool of keys, near-field communication equipment and fingerprint module;
The attack distance constraints module is tested for constraining agreement by attack distance in mobile device progress user identity
Detection near-field communication region is eavesdropped with the presence or absence of relay attack before card, if detecting that communication environment is abnormal will stop to set movement
Standby key is distributed;
The user authentication module, for determining that it is close that currently used mobile device carries out by biological identification technology
The legitimacy of the user identity of key injection enters key distribution module after subscriber authentication success;
The key distribution module, for injecting quantum key to from gateway end to mobile device;
The mobile terminal cipher key storage block will be obtained for being written and read access to mobile terminal cipher key store from gateway end
Quantum key carry out kept secure;
The key synchronization module for key information to be written in local SQLite database, and data is believed
Breath is synchronized in server-side database;
The quantum cryptography document transmission module, for obtaining the quantum key of mobile terminal cipher key storage block, and from shifting
Dynamic equipment end passes data to server end by quantum encryption communication;
The mobile terminal cipher key store, for storing the storage medium of quantum key, as quantum key depositing in mobile terminal
Store up carrier;
The pool of keys, for storing the quantum key being distributed to;
The near-field communication equipment, the near-field communication for gateway end and mobile device;
The fingerprint module is used for obtaining user fingerprints information and passing to gateway end authentication submodule
Family authentication.
Further, the attack distance constraints module includes mobile terminal attack distance constraint submodule and the attack of gateway end
Distance restraint submodule;The user authentication module includes gateway end authentication submodule and mobile terminal authentication
Module, the gateway end authentication submodule are connected with gateway end attack distance constraint submodule, and the mobile terminal identity is tested
Card submodule is connected with mobile terminal attack distance constraint submodule;The key distribution module includes gateway end key distribution submodule
Block and mobile terminal key distribute submodule;The mobile terminal key distribution submodule is connect with mobile terminal authentication submodule,
Key distribution submodule in gateway end is connect with gateway end pool of keys, gateway end authentication submodule respectively;The mobile terminal is close
Key memory module is connect with mobile terminal key distribution submodule;The key synchronization module includes gateway end key synchronization submodule
With server end key synchronization submodule, server end key synchronization submodule and gateway end key synchronization submodule pass through classics
Channel carries out the synchronization of key distribution information;Gateway end key synchronization submodule is connect with gateway end key distribution submodule, is taken
Business device end key synchronization submodule is connect with server end pool of keys;The quantum cryptography document transmission module includes mobile looking somebody up and down
Son encryption file transmission submodule and server end quantum cryptography file transmit submodule;Mobile terminal quantum cryptography file transmission
Module and server end quantum cryptography file, which transmit submodule, realizes that slave mobile device end passes through quantum cryptography by classical channel
Communication passes data to server end;Mobile terminal quantum cryptography file transmits submodule and mobile terminal cipher key storage block connects
It connects, server end quantum cryptography file transmission submodule is connect with server end pool of keys;The mobile terminal cipher key store and movement
Hold cipher key storage block connection;The pool of keys includes gateway end pool of keys and server end pool of keys, gateway end pool of keys and
Between server end pool of keys by quantum channel connect, can based on quantum key distribution protocol realization quantum server end with
The quantum key distribution at gateway end;The near-field communication equipment includes mobile terminal NFC sensor interconnected and gateway end NFC
Key distributes induction zone;Mobile terminal NFC sensor is sub with mobile terminal attack distance constraint submodule, mobile terminal authentication respectively
Module, mobile terminal key distribution submodule are connected;Gateway end the NFC chip of induction zone is distributed to shifting by gateway end NFC key
Dynamic equipment injects quantum key, and mobile device receives the key that gateway end NFC chip passes over by mobile terminal NFC sensor
Information;NFC key distribution induction zone in gateway end turns serial ports by near field communications chip and near-field communication aerial and USB and forms, and leads to
Cross USB turn serial ports respectively with gateway end attack distance constraint submodule, gateway end authentication submodule, gateway end key distribute
Submodule connection;Realize that each module distributes the calling of induction zone to gateway end NFC key by the API library of open source;The fingerprint
Module is connect with gateway end authentication submodule.
Further, the mobile terminal NFC sensor is located at using Android4.0 or more operating system, supports that near field is logical
In the mobile device of telecommunication function, system has the function of that Android Beam realizes mobile terminal NFC by the api interface that system provides
Sensor and mobile terminal attack distance constraint submodule, mobile terminal authentication submodule, mobile terminal key distribution submodule are each
A module is connected.
It is of the present invention another solution is that a kind of mobile network's quantum key distribution system based on near-field communication
The distribution method of system, follows the steps below:
Step 1, QKD link key generates: being given birth in real time with server end by QKD agreement at the gateway end of quantum key distribution
At quantum key and it is injected separately into gateway end pool of keys and server end pool of keys;The gateway end of quantum key distribution and clothes
Device end be engaged in by quantum channel connection, server end can connect the key that multiple quantum key distribution gateways carry out QKD links
It generates;
Step 2, initial phase: whole system when the gateway end of quantum key distribution is to mobile device progress key distribution
The gateway end pool of keys distributed to server end pool of keys and key initializes, and record current key distributes situation, initially
Change the parameter of gateway end pool of keys and server end pool of keys, and verifies and currently whether may be used with the communication connection of server end
It leans on, to ensure key distribution and synchronous reliability;
Step 3, mobile device distributes induction zone close to gateway end NFC key: it is close that mobile device is placed into quantum by user
The gateway end NFC key that key distributes gateway distributes induction zone, and establishes connection;Mobile device is called during establishing connection
Attack distance constraint submodule in mobile terminal detects current key distribution environment to ensure the safety of key distribution environment;
Step 4, the subscriber authentication stage: when mobile device distributes induction zone close to gateway end NFC key and detects
After key distribution environment safety, authentication submodule in gateway end verifies user identity by fingerprint recognition;It is tested in user identity
The mobile terminal authentication submodule of card stage mobile device end is communicated with gateway end authentication submodule, prompts user's typing
Finger print information, while authentication submodule in gateway end obtains fingerprint identifier by calling fingerprint module, and fingerprint is believed
Verifying user identity is compared with the fingerprint characteristic in the fingerprint base of gateway end registered users in breath;
Step 5, the initialization key library stage: mobile device receive quantum key distribution gateway injection key information it
Before, initialize the state and basic parameter of mobile terminal cipher key store;
Step 6, key injection stage: after subscriber authentication success, the gateway end point of mobile device and key distribution
Not Tiao Yong mobile terminal key distribution submodule and gateway end key distribution submodule to mobile device carry out key injection;
Step 7, the key storage stage: mobile device receives quantum key number after the data of quantum key distribution gateway
Encryption storage is carried out to local file according to decryption, and by mobile terminal cipher key storage block, quantum key data is stored in and is moved
It holds in cipher key store;
Step 8, the key synchronization stage: key distribution submodule completes key injection to quantum key distribution gateway on the gateway side
Afterwards, record key distributes information to local data base, and the clothes of mobile network are synchronized to by gateway end key synchronization submodule
Business device end;
Step 9, server end stage of communication: the gateway end key synchronization submodule and server of quantum key distribution gateway
After holding key synchronization submodule to complete key synchronization, the key distribution of mobile network is completed to pass by quantum cryptography file
Defeated module realizes that the quantum cryptography file at mobile device and Mobile Server end transmits;
Step 10, it updates cipher key store information: being communicated in quantum cryptography document transmission module with the server end of mobile network
After the completion, it records the key information consumed each time and local is recorded in data information, while updating in the cipher key store of mobile terminal
Data information.
Further, in the step 1QKD link key generating process, when key production quantity is less than mobile network in system
When network is to the demand of quantum key, increase distribution gateway end pool of keys and server end pool of keys using key multiplication method
In size of key, to meet the needs of mobile network is to quantum key.
Further, in the step 3, same quantum key distribution gateway can connect multiple gateway ends in systems
NFC key distribution induction zone is more mobile device injection keys simultaneously.
Further, it in the step 6, carries out adopting when key injection from the gateway end of quantum key distribution to mobile device
It is transmitted with 256 AES encryption modes by one time key text, guarantees the reliability of cipher key delivery.
Further, in the step 8, quantum key distribution gateway end and mobile network during key synchronization
It is communicated between server end by classics channel, and the data of transmitting are the data of pointer type.
Further, in the step 3, mobile terminal attack distance constrains submodule detection current key distribution environment with true
The safety of secrecy key distribution environment is that determine, whether listener-in is deposited near field communication range by attack distance constraint agreement
Initialization information is shared at, protocol initializing stage gateway end and mobile device, initialization information includes: shared key K, safety
Parameter is random function F, and the output length of pseudo-random function is 2L, and gateway end needs to be arranged response maximum time Δ tmax, attack
Distance restraint agreement is stolen to determine in near-field communication region with the presence or absence of third party by addressing inquires to quick inquiry Qualify Phase at a slow speed
It listens.
Further, it before the server end stage of communication for carrying out the step 9, needs to verify using Challenge
Mode carry out key correctness verification;In the step 9, gateway end key synchronization submodule and server end key synchronization
The data of module transmitting are following hexa-atomic group of I
I=<UserID, MobileMac, StartIndex, EndIndex, Length, Time>
UserID indicates that the ID of user, MobileMac indicate to use the physical network card address of mobile device in hexa-atomic group,
StartIndex distributes the initial position of key, and EndIndex distributes the final position of key, and Length distributes the length of key,
The time of Time distribution key is not related to the key between server end is asynchronous on the gateway side by hexa-atomic group of transmitting
And the transmission to quantum key, pointer information is only transmitted in classical channel, ensure that the quantum for being distributed to mobile network is close
Key is not leaked.
The beneficial effects of the invention are as follows pass through detection of the relay attack distance restraint protocol realization to key distribution environment, benefit
The verifying to the identity legitimacy of user is realized with biological identification technology, and the amount to mobile network is completed based on near-field communication technology
Quantum key distribution, at the same it is same to the quantum key of server end and mobile device end by the ICP/IP protocol realization of classical channel
Step and coded communication, and taken into account the high portability of mobile device and applied portability.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Used by Fig. 1 is mobile network's quantum key delivering method provided in an embodiment of the present invention based on near-field communication
Structural schematic diagram.
Fig. 2 is the process of mobile network's quantum key delivering method provided in an embodiment of the present invention based on near-field communication
Figure.
Fig. 3 is mobile network's quantum key distribution access gateway end provided in an embodiment of the present invention based on near-field communication
Integrated schematic diagram.
In figure: 1.1, mobile terminal attack distance constrains submodule;1.2, gateway end attack distance constrains submodule;2.1, it moves
Moved end authentication submodule;2.2, gateway end authentication submodule;3.1, mobile terminal key distributes submodule;3.2, gateway
Key is held to distribute submodule;4, mobile terminal cipher key storage block;5.1, gateway end key synchronization submodule;5.2, server end is close
Key synchronizes submodule;6.1, quantum cryptography file in mobile terminal transmits submodule;6.2, server end quantum cryptography file transmission
Module;7, mobile terminal cipher key store;8.1, gateway end pool of keys;8.2, server end pool of keys;9.1, mobile terminal NFC sensor;
9.2, NFC key in gateway end distributes induction zone;10, fingerprint module.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to
Limit the present invention.
Fig. 1 is the structure of mobile network's quantum key delivering method based on near-field communication of the embodiment of the present invention, such as Fig. 1
It is shown, the present invention is implemented as follows: including attack distance constraints module, user authentication module, key distribution module, moving
Moved end cipher key storage block 4, key synchronization module, quantum cryptography document transmission module, mobile terminal cipher key store 7 are logical based near field
Specific step is as follows for mobile network's quantum key delivering method of letter:
(1) QKD link key generates: the gateway end of quantum key distribution and server end can pass through the QKD agreement such as BB84
Quantum key is generated in real time and is injected separately into gateway end pool of keys 8.1 and server end pool of keys 8.2.Quantum key distribution
Gateway end connect with server end by quantum channel, server end can connect multiple quantum key distribution gateways and carry out
The key of QKD link generates.In systems when key production quantity is less than demand of the mobile network to quantum key, use is close
Key multiplication method come increase distribution gateway end pool of keys 8.1 and server end pool of keys 8.2 in size of key, to meet mobile network
Demand of the network to quantum key.
(2) initial phase: whole system is to service when quantum key distribution gateway is to mobile device progress key distribution
Device end pool of keys 8.2 and the gateway end pool of keys 8.1 of key distribution are initialized, and record current key distributes situation, initially
Change the parameter of gateway end pool of keys 8.1 and server end pool of keys 8.2, and verifying is currently with the communication connection of server end
It is no reliable, to ensure key distribution and synchronous reliability.
(3) mobile device distributes induction zone 9.2 close to gateway end NFC key: it is close that mobile device is placed into quantum by user
The gateway end NFC key that key distributes gateway distributes induction zone 9.2, and establishes connection;Mobile device during establishing connection
Attack distance constraint submodule 1.1 in mobile terminal is called to detect current key distribution environment to ensure the safety of key distribution environment;
Same quantum key distribution gateway can connect multiple gateway end NFC key distribution induction zones 9.2 while be more in systems
Mobile device injects key.
(4) the subscriber authentication stage: when mobile device distributes induction zone 9.2 close to gateway end NFC key and detects
After key distribution environment safety, gateway end authentication submodule 2.2 verifies user identity by fingerprint recognition.In user identity
The mobile terminal authentication submodule 2.1 of Qualify Phase mobile device end is communicated with gateway end authentication submodule 2.2, is prompted
User's typing finger print information, while gateway end authentication submodule 2.2 is by calling fingerprint module 10 to obtain fingerprint authentication letter
Breath, and verifying user identity is compared with the fingerprint characteristic in the fingerprint base of gateway end registered users in finger print information.
(5) the initialization key library stage: before the key information that mobile device receives the injection of quantum key distribution gateway,
Initialize the state and basic parameter of mobile terminal cipher key store 7.
(6) key injection stage: after subscriber authentication success, the gateway end of mobile device and key distribution is adjusted respectively
Distribute submodule 3.1 with mobile terminal key and key distribution submodule 3.2 in gateway end carries out key injection to mobile device.From amount
Pass through one time key using 256 AES encryption modes when the gateway end of quantum key distribution carries out key injection to mobile device
Text is transmitted, and guarantees the reliability of cipher key delivery.
(7) the key storage stage: mobile device receives quantum key data after the data of quantum key distribution gateway
Decryption, and encryption storage is carried out to local file by mobile terminal cipher key storage block 4, quantum key data is stored in mobile terminal
In cipher key store 7.
(8) the key synchronization stage: key distribution submodule 3.2 completes key injection to quantum key distribution gateway on the gateway side
Afterwards, record key distribution information is synchronized to mobile network's to local data base, and by gateway end key synchronization submodule 5.1
Server end.Pass through classics between quantum key distribution gateway end and the server end of mobile network during key synchronization
Channel is communicated, and the data transmitted are the data of pointer type.
(9) server end stage of communication: the gateway end key synchronization submodule 5.1 and server of quantum key distribution gateway
After holding key synchronization submodule 5.2 to complete key synchronization, completing to the key distribution of mobile network can be by quantum cryptography text
Part transmission module realizes that the quantum cryptography file at mobile device and Mobile Server end transmits.Quantum cryptography document transmission module packet
It includes mobile terminal quantum cryptography file transmission submodule 6.1 and server end quantum cryptography file transmits submodule 6.2.
(10) it updates cipher key store information: communicating completion with the server end of mobile network in quantum cryptography document transmission module
Afterwards, it records the key information consumed each time and local is recorded in data information, while updating the number in mobile terminal cipher key store 7
It is believed that breath.
According to the operational process of above system, each functional module is described below:
Attack distance constraints module is divided into two submodules: mobile terminal attack distance constraint submodule 1.1 and gateway end are attacked
Distance restraint submodule 1.2 is hit, mobile terminal attack distance constrains submodule 1.1 and gateway end attack distance constrains submodule 1.2
It whether there is relaying in detection near-field communication region before mobile device carries out subscriber authentication by attack distance constraint agreement
Attack eavesdropping, to ensure the safety of quantum key distribution, if it is close to mobile device to detect that communication environment exception will stop
Key distribution.
User authentication module is divided into two submodules: gateway end authentication submodule 2.2 and mobile terminal identity are tested
Submodule 2.1 is demonstrate,proved, gateway end authentication submodule 2.2 is connected with gateway end attack distance constraint submodule 1.2, mobile terminal body
Part verifying submodule 2.1 is connected with mobile terminal attack distance constraint submodule 1.1;By biological identification technology (such as: fingerprint know
Not, iris recognition) determine that currently used mobile device carries out the legitimacy of the user identity of key injection, it is preferred to use fingerprint
It identifies to verify the legitimacy of mobile device user, enters key distribution module after subscriber authentication success.
Key distribution module is divided into two submodules: gateway end key distributes submodule 3.2 and mobile terminal key distribution
Module 3.1.For injecting quantum key to from gateway end to mobile device.Mobile terminal key distributes submodule 3.1 and mobile terminal
Authentication submodule 2.1 connect, gateway end key distribute submodule 3.2 respectively with gateway end pool of keys 8.1, gateway end identity
Submodule 2.2 is verified to connect.Gateway end is injected by the NFC chip that gateway end NFC key distributes induction zone 9.2 to mobile device
Quantum key, mobile device receive the key information that gateway end NFC chip passes over by mobile terminal NFC sensor 9.1.It is close
Key distribution module guarantees the safety of the key information when key is distributed using the characteristics of NFC short haul connection, and furthermore near field is logical
The characteristic of letter wireless transmission has taken into account the high portable characteristics of mobile device well.
Mobile terminal cipher key storage block 4 is connect, for mobile terminal cipher key store 7 with mobile terminal key distribution submodule 3.1
It is written and read access, the quantum key obtained from gateway end is subjected to kept secure.Mobile device from gateway end injection key at
Need to verify user identity after function, the cryptographic operation of key file is transparent, key information in order to prevent for users
Leakage user can not directly read the content in cipher key store, need to verify user in advance before progress key injection or using key
Identity.
Key synchronization module is divided into two submodules: gateway end key synchronization submodule 5.1 and server end key synchronization
Submodule 5.2.Gateway end key synchronization submodule 5.1 is connect with gateway end key distribution submodule 3.2, the distribution of gateway end key
Key distribution information is passed to gateway end key synchronization submodule 5.1 by submodule 3.2, key information is written to local
In SQLite database, and data information is synchronized in server-side database, server end key synchronization submodule 5.2 with
Gateway end key synchronization submodule 5.1 passes through classical channel and carries out the synchronization that key distributes information.Server end key synchronization
Module 5.2 is connect with server end pool of keys 8.2.
Quantum cryptography document transmission module is divided into two submodules: mobile terminal quantum cryptography file transmit submodule 6.1 with
Server end quantum cryptography file transmits submodule 6.2;Mobile terminal quantum cryptography file transmits submodule 6.1 and mobile terminal key
Memory module 4 connects and obtains quantum key, and mobile terminal quantum cryptography file transmits submodule 6.1 and server end quantum cryptography
File, which transmits submodule 6.2, realizes that slave mobile device end passes data to service by quantum encryption communication by classical channel
Device end;Server end quantum cryptography file transmission submodule 6.2 is connect with server end pool of keys 8.2.
Mobile terminal cipher key store 7 is the storage for storing quantum key for connecting with mobile terminal cipher key storage block 4
Medium, the memory carrier as quantum key in mobile terminal.
Pool of keys 8 is divided to for two submodules: gateway end pool of keys 8.1 and server end pool of keys 8.2, gateway end pool of keys
It is connected between 8.1 and server end pool of keys 8.2 by quantum channel, it can be based on quantum key distribution agreement (such as: BB84 association
View) realize quantum server end and gateway end quantum key distribution, in real time generation key meet mobile network quantum it is close
Key demand, server end pool of keys 8.2 and gateway end pool of keys 8.1 are used to store the quantum key being distributed to.
Near-field communication equipment is divided into two submodules: mobile terminal NFC sensor 9.1 interconnected and gateway end NFC are close
Key distributes induction zone 9.2.Mobile terminal NFC sensor 9.1 constrains submodule 1.1, mobile terminal body with mobile terminal attack distance respectively
Part verifying submodule 2.1, mobile terminal key distribution submodule 3.1 are connected.Mobile device uses Android4.0 in embodiment
Above operating system, system have the function of that Android Beam realizes mobile terminal NFC sensing by the api interface that system provides
Device 9.1 and mobile terminal attack distance constraint submodule 1.1, mobile terminal authentication submodule 2.1, mobile terminal key distribute submodule
3.1 modules of block are connected.In embodiment gateway end NFC key distribution induction zone 9.2 by USB turn serial ports respectively with net
End attack distance constraint submodule 1.2, gateway end authentication submodule 2.2, gateway end key distribution submodule 3.2 is closed to connect
It connects.Realize that modules distribute the calling of induction zone 9.2 to gateway end NFC key by the API library of open source in embodiment.It moves
Moved end NFC sensor 9.1 is located in mobile device, is the hardware configuration for supporting the mobile terminal itself of near field communication (NFC) function.Gateway
End NFC key distribution induction zone 9.2 turns serial ports by near field communications chip and near-field communication aerial and USB and forms, and is turned by USB
Serial ports is connected to gateway end, distributes the near field that induction zone 9.2 is capable of gateway support end and mobile device by gateway end NFC key
Communication.
Fingerprint module 10 is capacitive fingerprint sensing device, for obtaining user fingerprints information and passing to gateway end identity
Submodule 2.2 is verified, subscriber authentication is carried out.
The principle of the present invention is further described in conjunction with Fig. 1-Fig. 3:
Attack distance constraints module has the function of detecting near field communication environment with the presence or absence of relay attack, can pass through
Attack distance constrains agreement, and to determine, listener-in whether there is near field communication range.Protocol initializing stage gateway end and shifting
Dynamic collaborative share initialization information, initialization information mainly includes the following contents: shared key K, and security parameter is random function
F, the output length of pseudo-random function are 2L, and gateway end needs to be arranged response maximum time Δ tmax, it is logical that attack distance constrains agreement
It crosses to address inquires at a slow speed and addresses inquires to Qualify Phase quickly to determine in near-field communication region with the presence or absence of third party's eavesdropping.
Third party's data listener-in is not present when gateway end detection key injection environment in the function of user authentication module,
User authentication module will be called;The concrete methods of realizing of user authentication module is as follows:
Into after user authentication module, user authentication module is extracted twice respectively with the fingerprint inputted according to user
Fingerprint characteristic twice is merged into a new fingerprint characteristic after extracting fingerprint characteristic twice, in combined finger by fingerprint characteristic
The set of characteristic points that take the fingerprint in line feature P, set of characteristic points P's is expressed as follows:
This feature point set P and the set of characteristic points Q in the fingerprint base of gateway end registered users are mutually matched.Upper
In the set of characteristic points P stated,Indicate ith feature point three information, along X-axis, Y-axis it is big
Small and feature vector direction.If can be under corresponding changed factor by specific to the fingerprint characteristic point set P of input
Mapping mode be converted into set of characteristic points Q, then P and Q are considered as matching.
In above procedure:
It mainly include fingerprint image preprocessing stage, Finger print characteristic abstract stage and fingerprint minutiae matching stage.Referring to
Line pretreatment stage includes fingerprint filtering, the binaryzation of fingerprint image, the refinement of fingerprint image.Fingerprint filtering main purpose is
The destruction for removing fingerprint image is mainly filtered as caused by noise and fingerprint pressure by fingerprint in the destruction of fingerprint image
Wave removes both noises in image as far as possible.
It needs to carry out binary conversion treatment to fingerprint image after the completion of fingerprint filtering processing, it can be by one by binary conversion treatment
Secondary grayscale image is converted into the general gray scale two-valued function of black white image, is expressed as follows:
X is the gray value of grayscale image in above-mentioned formula, and T is specified threshold value.Adaptive two are used in fingerprint case
The method of value can obtain preferable fingerprint black white image after binarization.
The feature extraction for carrying out fingerprint is needed to pass through the minutia that takes the fingerprint after completing to the pretreatment stage of fingerprint
In terminating point, bifurcation, ramification point, isolated point, circling point and short grain are combined into the global feature of fingerprint image.In fingerprint spy
The sign extraction stage is by needing to extract neighborhood points S respectivelypWith intersection points Cp。
Wherein R (k) is the pixel P to be put in order in 8 neighborhoods as kkValue, R (9)=R (1).According to the S of said extractedp
And CpSize, be terminating point at pixel p if being both equal to 1;It is bifurcation at pixel p if satisfaction is equal to 3;Sp
=2, CpIt is streakline continuity point that=2 or 3, which meet pixel p,.
The fingerprint characteristic collection in data fingerprint characteristics of image and feature database extracted according to the Finger print characteristic abstract stage
It closes Q to be matched, indicates that two fingerprints are the same fingerprint if given threshold value is more than or equal to if matching result, if matching
As a result being less than given threshold value then indicates that the two is not same fingerprint.
As shown in Fig. 2 process, the concrete methods of realizing of key distribution module is as follows:
After system detection injects key Environmental security and subscriber authentication success, gateway end passes through key distribution module
Quantum key is injected to mobile device.Preferably, mobile device uses the mobile phone of Android4.0 or more, logical in mobile device end
The Android Beam function of crossing android system is realized to NFC communication function.Key distributes submodule 3.2NFC on the gateway side
The realization of communication is realized by the NFC chip that USB turns serial ports connection, can be connected simultaneously in the same gateway end equipment multiple
NFC chip is that more mobile devices carry out key injection simultaneously.
In key distribution module, it is close that key distribution submodule 3.2 in gateway end obtains quantum from gateway end pool of keys 8.1
Quantum key is simultaneously transmitted to the distribution reception of submodule 3.1 of mobile terminal key by near-field communication with 0,1 bit form by key.Close
Carry out the transmitting of key information in key distribution procedure using dynamic reading and writing mode card in cipher key delivery using NFCA chip.Mesh
The traffic rate of preceding NFC chip has following three kinds to be respectively as follows: 106kbit/s, 212kbit/s, and 424kbit/s rf frequency is
13.56MHz, the distance of near-field communication is within 10cm.The above characteristic based on near-field communication, it is preferred to use dynamic reading and writing card
Mode carries out key distribution, and the rate of data transmission is 424kbit/s, and the efficient communication range of 10cm effectively prevents quantum
Key information is stolen.
It is 8192bit in the size of key of each secondary key distribution transmission of key distribution module, key distribution is sub on the gateway side
It is by data information transfer to gateway end key synchronization submodule 5.1 after the completion of key is distributed in module 3.2, key information is synchronous
To server end.The quantum key that key distribution submodule 3.1 in mobile terminal will acquire passes to mobile terminal cipher key storage block 4,
Encryption storage is carried out to key file.
The concrete methods of realizing of mobile terminal cipher key storage block 4:
The quantum key information that mobile terminal cipher key storage block 4 will acquire is written to local, and is encrypted,
Encryption processing operation is transparent for users in mobile terminal cipher key storage block 4, and the other application in mobile device is being visited
Ask that cipher key storage file is authorized, and the authorization of mobile terminal cipher key store 7 is also required to carry out authentication, is tested by identity
Card is to determine whether quantum key visitor is legal, and user cannot be directly viewed the quantum key obtained from gateway end in systems
File or encrypted quantum key file, will not be leaked with the quantum key information guaranteed in mobile terminal cipher key store 7.
The information that key is distributed is written to gateway client database and is believed by classical by gateway end key synchronization submodule 5.1
Road is synchronized to server end key synchronization submodule 5.2, and server end key synchronization submodule 5.2 records key distribution information
Into server-side database.
It is used in key synchronization module in server end and the data of gateway end transmitting as following hexa-atomic group of I.
I=<UserID, MobileMac, StartIndex, EndIndex, Length, Time>(4)
UserID indicates that the ID of user, MobileMac indicate to use the physical network card address of mobile device in hexa-atomic group,
StartIndex distributes the initial position of key, and EndIndex distributes the final position of key, and Length distributes the length of key,
The time of Time distribution key.It is asynchronous simultaneously to the key between server end on the gateway side by above-mentioned hexa-atomic group of transmitting
It is not related to the transmission of quantum key, pointer information is only transmitted in classical channel, ensure that the amount for being distributed to mobile network
Sub-key is not leaked.
After key distribution module and key synchronization module are completed to the key distribution of mobile network and key synchronization, move
Effective quantum key secret communication can be carried out between dynamic equipment and server.In embodiment, pass through quantum cryptography file
On transmit verifying distribution method validity.Quantum cryptography file transmission submodule 6.1 in mobile terminal by data encryption and transmits clothes
Be engaged in device end quantum cryptography file transmit submodule 6.2, server end quantum cryptography file transmit submodule 6.2 by data deciphering simultaneously
It is stored in local.
In mobile terminal, quantum cryptography file transmission submodule 6.1 and server end quantum cryptography file transmit submodule 6.2
It carries out with before server end coded communication, i.e., before step 9, mobile terminal is with server by must assure that before quantum encryption communication
The consistency of quantum key distribution, whether the key being distributed to verify the same user in server end and mobile device end
It is identical, need to carry out key correctness verification before coded communication each time starts.The school Challenge is used in embodiment
The mode tested carries out key correctness verification, if check results are correct, server end allows mobile device to access;Otherwise refuse
The access of mobile device.The process of Challenge verification is as follows:
1. server end receives and sends one section of random string to mobile device after connection request.
2. mobile device uses 256 AES encryption algorithm for encryption string datas using quantum key, sent out after the completion of encryption
Send server end back to.
3. server end encrypts the random string of itself generation and the character string responded with mobile device matches.
4. the key verification success if successful match, otherwise key verification does not have access authority unsuccessfully.
In quantum cryptography document transmission module, enters file if Challenge is verified successfully and upload the stage, will move
Moved end file is uploaded by 256 AES encryption transmission, will be stored after file decryption after transmitting file on received server-side
Local and more new database in the user key consumption.
It is illustrated in figure 3 the integrated figure of mobile network's quantum key distribution system.Mobile network's quantum based on near-field communication
Cryptographic key distribution method is mainly used for realizing the quantum key distribution to mobile network.Mobile network's quantum key distribution system passes through
Key is injected into mobile device, and the net after mobile device is properly received gateway end key information from gateway end by near-field communication
Key information is synchronized to server end by Guan Duan.Pass through quantum QKD in the key distribution in Fig. 3 between gateway end and server end
Link is realized.By generating quantum key to be distributed in quantum QKD link on the gateway side pool of keys and server end pool of keys.
A server can be attached with multiple gateway ends in practical applications.Gateway end is set by near-field communication technology and movement
It is standby to be attached, quantum key is injected into mobile device, while key information is synchronized to by server by key synchronization module
End.It can be carried simultaneously in a gateway end equipment in multiple NFC antennas same time and inject quantum to multiple mobile devices
Key.After mobile device successfully injects quantum key, mobile device and server end can carry out quantum by classical channel
Coded communication.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention
It is interior.
Claims (9)
1. a kind of mobile network's quantum key distribution system based on near-field communication, which is characterized in that constrained including attack distance
Module, user authentication module, key distribution module, mobile terminal cipher key storage block (4), key synchronization module, quantum add
Close document transmission module, mobile terminal cipher key store (7), pool of keys (8), near-field communication equipment and fingerprint module (10);
The attack distance constraints module, for constraining agreement before mobile device carries out subscriber authentication by attack distance
It detects near-field communication region to eavesdrop with the presence or absence of relay attack, if it is close to mobile device to detect that communication environment exception will stop
Key distribution;
The user authentication module, for determining that currently used mobile device carries out key note by biological identification technology
The legitimacy of the user identity entered enters key distribution module after subscriber authentication success;
The key distribution module, for injecting quantum key from gateway end to mobile device;
The mobile terminal cipher key storage block (4) will be obtained for being written and read access to mobile terminal cipher key store (7) from gateway end
The quantum key taken carries out kept secure;
The key synchronization module, for key information to be written in local SQLite database, and data information is same
It walks in server-side database;
The quantum cryptography document transmission module, for obtaining the quantum key of mobile terminal cipher key storage block (4), and from movement
Equipment end passes data to server end by quantum encryption communication;
The mobile terminal cipher key store (7), the storage for storing the storage medium of quantum key, as quantum key in mobile terminal
Carrier;
The pool of keys (8), for storing the quantum key being distributed to;
The near-field communication equipment, the near-field communication for gateway end and mobile device;
The fingerprint module (10), for obtaining user fingerprints information and passing to gateway end authentication submodule (2.2), into
Row subscriber authentication;
The attack distance constraints module includes mobile terminal attack distance constraint submodule (1.1) and the constraint of gateway end attack distance
Submodule (1.2);
The user authentication module includes gateway end authentication submodule (2.2) and mobile terminal authentication submodule
(2.1), the gateway end authentication submodule (2.2) is connected with gateway end attack distance constraint submodule (1.2), the shifting
Moved end authentication submodule (2.1) is connected with mobile terminal attack distance constraint submodule (1.1);
The key distribution module includes gateway end key distribution submodule (3.2) and mobile terminal key distribution submodule (3.1);
Mobile terminal key distribution submodule (3.1) connect with mobile terminal authentication submodule (2.1), gateway end key distribution
Module (3.2) is connect with gateway end pool of keys (8.1), gateway end authentication submodule (2.2) respectively;
The mobile terminal cipher key storage block (4) connect with mobile terminal key distribution submodule (3.1);
The key synchronization module includes gateway end key synchronization submodule (5.1) and server end key synchronization submodule
(5.2), server end key synchronization submodule (5.2) and gateway end key synchronization submodule (5.1) pass through classical channel and carry out
The synchronization of key distribution information;Gateway end key synchronization submodule (5.1) is connect with gateway end key distribution submodule (3.2),
Server end key synchronization submodule (5.2) is connect with server end pool of keys (8.2);
The quantum cryptography document transmission module includes that mobile terminal quantum cryptography file transmission submodule (6.1) and server are look up and down
Son encryption file transmission submodule (6.2);Mobile terminal quantum cryptography file transmits submodule (6.1) and server end quantum cryptography
File, which transmits submodule (6.2), realizes that slave mobile device end passes data to clothes by quantum encryption communication by classical channel
Business device end;Mobile terminal quantum cryptography file transmission submodule (6.1) is connect with mobile terminal cipher key storage block (4), server end
Quantum cryptography file transmission submodule (6.2) is connect with server end pool of keys (8.2);
The mobile terminal cipher key store (7) connect with mobile terminal cipher key storage block (4);
The pool of keys (8) includes gateway end pool of keys (8.1) and server end pool of keys (8.2), gateway end pool of keys (8.1)
It is connected, can be taken based on quantum key distribution protocol realization quantum by quantum channel between server end pool of keys (8.2)
The quantum key distribution at business device end and gateway end;
The near-field communication equipment includes that mobile terminal NFC sensor (9.1) interconnected and the distribution of gateway end NFC key incude
Area (9.2);Mobile terminal NFC sensor (9.1) is tested with mobile terminal attack distance constraint submodule (1.1), mobile terminal identity respectively
Demonstrate,prove submodule (2.1), mobile terminal key distribution submodule (3.1) is connected;Gateway end induction zone is distributed by gateway end NFC key
(9.2) NFC chip injects quantum key to mobile device, and mobile device receives gateway by mobile terminal NFC sensor (9.1)
The key information that end NFC chip passes over;Gateway end NFC key distributes induction zone (9.2) by near field communications chip and near field
Communication antenna and USB turn serial ports composition, turn serial ports by USB and constrain submodule (1.2), net with gateway end attack distance respectively
Close end authentication submodule (2.2), gateway end key distribution submodule (3.2) connection;Each mould is realized by the API library of open source
Calling of the block to gateway end NFC key distribution induction zone (9.2);
The fingerprint module (10) connect with gateway end authentication submodule (2.2).
2. a kind of mobile network's quantum key distribution system based on near-field communication according to claim 1, feature exist
In the mobile terminal NFC sensor (9.1) is located at using Android4.0 or more operating system, supports near field communication (NFC) function
In mobile device, system has the function of that Android Beam realizes mobile terminal NFC sensor by the api interface that system provides
(9.1) distribute with mobile terminal attack distance constraint submodule (1.1), mobile terminal authentication submodule (2.1), mobile terminal key
Submodule (3.1) modules are connected.
3. a kind of distributor of mobile network's quantum key distribution system based on near-field communication as claimed in claim 1 or 2
Method, which is characterized in that follow the steps below:
Step 1, QKD link key generates: the gateway end of quantum key distribution and server end pass through the real-time production quantity of QKD agreement
Sub-key is simultaneously injected separately into gateway end pool of keys (8.1) and server end pool of keys (8.2);The gateway of quantum key distribution
End is connect with server end by quantum channel, and server end can connect multiple quantum key distribution gateways and carry out QKD link
Key generate;
Step 2, initial phase: whole system is to clothes when the gateway end of quantum key distribution is to mobile device progress key distribution
The gateway end pool of keys (8.1) of business device end pool of keys (8.2) and key distribution is initialized, and record current key distributes feelings
Condition initializes the parameter of gateway end pool of keys (8.1) and server end pool of keys (8.2), and verifying is currently and server end
Communication connection it is whether reliable, with ensure key distribution and synchronous reliability;
Step 3, mobile device distributes induction zone (9.2) close to gateway end NFC key: it is close that mobile device is placed into quantum by user
The gateway end NFC key that key distributes gateway distributes induction zone (9.2), and establishes connection;Movement is set during establishing connection
It is standby to call mobile terminal attack distance constraint submodule (1.1) detection current key distribution environment to ensure the peace of key distribution environment
Entirely;
Step 4, the subscriber authentication stage: when mobile device close to gateway end NFC key distribution induction zone (9.2) and detects
After key distribution environment safety, gateway end authentication submodule (2.2) verifies user identity by fingerprint recognition;In user's body
The mobile terminal authentication submodule (2.1) and gateway end authentication submodule (2.2) of part Qualify Phase mobile device end are logical
Letter prompts user's typing finger print information, while gateway end authentication submodule (2.2) is by calling fingerprint module (10) to obtain
Fingerprint identifier, and verifying is compared with the fingerprint characteristic in the fingerprint base of gateway end registered users in finger print information and is used
Family identity;
Step 5, the initialization key library stage: before the key information that mobile device receives the injection of quantum key distribution gateway,
Initialize the state and basic parameter of mobile terminal cipher key store (7);
Step 6, key injection stage: after subscriber authentication success, the gateway end of mobile device and key distribution is adjusted respectively
Key injection is carried out to mobile device with mobile terminal key distribution submodule (3.1) and gateway end key distribution submodule (3.2);
Step 7, the key storage stage: mobile device receives quantum key data solution after the data of quantum key distribution gateway
It is close, and encryption storage is carried out to local file by mobile terminal cipher key storage block (4), quantum key data is stored in mobile terminal
In cipher key store (7);
Step 8, the key synchronization stage: key note is completed in key distribution submodule (3.2) to quantum key distribution gateway on the gateway side
After entering, record key distribution information is synchronized to mobile network to local data base, and by gateway end key synchronization submodule (5.1)
The server end of network;
Step 9, server end stage of communication: the gateway end key synchronization submodule (5.1) of quantum key distribution gateway and service
After device end key synchronization submodule (5.2) completes key synchronization, the key distribution of mobile network is completed to add by quantum
Close document transmission module realizes that the quantum cryptography file at mobile device and Mobile Server end transmits;
Step 10, it updates cipher key store information: communicating completion with the server end of mobile network in quantum cryptography document transmission module
Afterwards, it records the key information consumed each time and local is recorded in data information, while updating in mobile terminal cipher key store (7)
Data information.
4. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3
Method, which is characterized in that in the step 1QKD link key generating process, when key production quantity is less than mobile network couple in system
When the demand of quantum key, increase distribution gateway end pool of keys (8.1) and server end key using key multiplication method
Size of key in pond (8.2), to meet the needs of mobile network is to quantum key.
5. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3
Method, which is characterized in that in the step 3, it is close to can connect multiple gateway end NFC for same quantum key distribution gateway in systems
Key distributes induction zone (9.2) and injects key simultaneously for more mobile devices.
6. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3
Method, which is characterized in that in the step 6, carry out using when key injection from the gateway end of quantum key distribution to mobile device
256 AES encryption modes are transmitted by one time key text, guarantee the reliability of cipher key delivery.
7. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3
Method, which is characterized in that in the step 8, the clothes at quantum key distribution gateway end and mobile network during key synchronization
It is communicated between business device end by classical channel, and the data of transmitting are the data of pointer type.
8. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3
Method, which is characterized in that in the step 3, mobile terminal attack distance constrain submodule (1.1) detection current key distribution environment with
The safety for ensuring key distribution environment is that agreement is constrained by attack distance to determine near field communication range whether is listener-in
In the presence of protocol initializing stage gateway end and mobile device share initialization information, and initialization information includes: shared key K, peace
Population parameter is random function F, and the output length of pseudo-random function is 2L, and gateway end needs to be arranged response maximum time △ tmax, attack
Distance restraint agreement is hit by addressing inquires to quick inquiry Qualify Phase at a slow speed to determine in near-field communication region with the presence or absence of third party
Eavesdropping.
9. a kind of distributor of mobile network's quantum key distribution system based on near-field communication according to claim 3
Method, which is characterized in that before the server end stage of communication for carrying out the step 9, need the side using Challenge verification
Formula carries out the verification of key correctness;
In the step 9, gateway end key synchronization submodule (5.1) and server end key synchronization submodule (5.2) transmitting
Data are following hexa-atomic group of I
I=<UserID, MobileMac, StattIndex, EndIndex, Length, Time>
UserID indicates that the ID of user, MobileMac indicate to use the physical network card address of mobile device in hexa-atomic group,
StartIndex distributes the initial position of key, and EndIndex distributes the final position of key, and Length distributes the length of key,
The time of Time distribution key is not related to the key between server end is asynchronous on the gateway side by hexa-atomic group of transmitting
And the transmission to quantum key, pointer information is only transmitted in classical channel, ensure that the quantum for being distributed to mobile network is close
Key is not leaked.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611047743.XA CN106330440B (en) | 2016-11-23 | 2016-11-23 | A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611047743.XA CN106330440B (en) | 2016-11-23 | 2016-11-23 | A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106330440A CN106330440A (en) | 2017-01-11 |
CN106330440B true CN106330440B (en) | 2019-05-14 |
Family
ID=57817462
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611047743.XA Expired - Fee Related CN106330440B (en) | 2016-11-23 | 2016-11-23 | A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106330440B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107257283B (en) * | 2017-04-26 | 2019-11-08 | 中南大学 | Fingerprint verification method based on quantum figure state |
CN107888376B (en) * | 2017-10-23 | 2020-08-11 | 浙江神州量子网络科技有限公司 | NFC authentication system based on quantum communication network |
CN108494550B (en) * | 2018-03-12 | 2021-08-06 | 长春大学 | Mobile terminal safety unlocking method based on quantum key |
CN109714166A (en) * | 2019-03-07 | 2019-05-03 | 山东鲁能软件技术有限公司 | A kind of mobile distribution method, system, terminal and storage medium based on quantum key |
CN110149204B (en) * | 2019-05-09 | 2021-01-05 | 北京邮电大学 | Key resource distribution method and system for QKD network |
CN110519222B (en) * | 2019-07-12 | 2021-10-22 | 如般量子科技有限公司 | External network access identity authentication method and system based on disposable asymmetric key pair and key fob |
CN110557246B (en) * | 2019-07-16 | 2023-05-05 | 如般量子科技有限公司 | Quantum-resistant computing access control method and system based on disposable asymmetric key pair and movable identity recognition device |
US11200333B2 (en) * | 2019-08-13 | 2021-12-14 | International Business Machines Corporation | File exposure to an intended recipient |
CN110650009B (en) * | 2019-09-23 | 2023-04-07 | 中国联合网络通信集团有限公司 | Mobile network and communication method |
CN110572265B (en) * | 2019-10-24 | 2022-04-05 | 国网山东省电力公司信息通信公司 | Terminal security access gateway method, device and system based on quantum communication |
CN110868412A (en) * | 2019-11-11 | 2020-03-06 | 龙冠敏 | Block chain financial information processing system and method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101292455A (en) * | 2005-09-30 | 2008-10-22 | 威瑞森全球商务有限责任公司 | Quantum key distribution system |
CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
CN205510073U (en) * | 2016-04-15 | 2016-08-24 | 长春大学 | Remove data security store and forward device based on quantum encryption technology |
-
2016
- 2016-11-23 CN CN201611047743.XA patent/CN106330440B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101292455A (en) * | 2005-09-30 | 2008-10-22 | 威瑞森全球商务有限责任公司 | Quantum key distribution system |
CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
CN205510073U (en) * | 2016-04-15 | 2016-08-24 | 长春大学 | Remove data security store and forward device based on quantum encryption technology |
Non-Patent Citations (2)
Title |
---|
传输距离对实际量子密钥分发系统的影响;吴佳楠等;《吉 林 大 学 学 报 ( 理 学 版 )》;20140930(第5期);全文 |
基于 BB84 协议的光纤量子密钥分发实验;盖永杰等;《大 学 物 理》;20131031(第10期);全文 |
Also Published As
Publication number | Publication date |
---|---|
CN106330440A (en) | 2017-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106330440B (en) | A kind of mobile network's quantum key distribution system and its distribution method based on near-field communication | |
US10681025B2 (en) | Systems and methods for securely managing biometric data | |
US10015154B2 (en) | Un-password: risk aware end-to-end multi-factor authentication via dynamic pairing | |
CN103001773B (en) | Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC) | |
CN108833114A (en) | A kind of decentralization identity authorization system and method based on block chain | |
CN107978047A (en) | Use the methods, devices and systems of password unlocking | |
US11463435B2 (en) | Identity authentication method and system based on wearable device | |
WO2016061118A1 (en) | Securing host card emulation credentials | |
CN110290134B (en) | Identity authentication method, identity authentication device, storage medium and processor | |
EP2500872A1 (en) | Secured method for controlling the opening of locking devices by means of a communication object such as a mobile phone | |
CN101300808A (en) | Method and arrangement for secure autentication | |
JP2003535559A (en) | Email biometric encryption method | |
CN101420301A (en) | Human face recognizing identity authentication system | |
CN105205944A (en) | Self-service deposit and withdrawal system based on intelligent terminal | |
Mars et al. | Operator and manufacturer independent D2D private link for future 5G networks | |
CN107612949A (en) | A kind of intelligent wireless terminal access authentication method and system based on radio-frequency fingerprint | |
CN102892102A (en) | Method, system and device for binding mobile terminal and smart card in mobile network | |
CN107911211A (en) | Quick Response Code Verification System based on quantum communication network | |
CN107888376B (en) | NFC authentication system based on quantum communication network | |
CN207251631U (en) | A kind of follow-on SIM card and mobile terminal and identification system | |
CN203104483U (en) | Fingerprint authentication platform and NFC application terminal | |
CN107609878A (en) | A kind of safety certifying method and system of shared automobile | |
Huang et al. | RFID systems integrated OTP security authentication design | |
CN105743859B (en) | A kind of method, apparatus and system of light application certification | |
CN103854177A (en) | Safe E-bank implementation method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190514 Termination date: 20201123 |
|
CF01 | Termination of patent right due to non-payment of annual fee |