CN107094076B - Secret communication method based on quantum true random number and communication system - Google Patents

Secret communication method based on quantum true random number and communication system Download PDF

Info

Publication number
CN107094076B
CN107094076B CN201710244179.9A CN201710244179A CN107094076B CN 107094076 B CN107094076 B CN 107094076B CN 201710244179 A CN201710244179 A CN 201710244179A CN 107094076 B CN107094076 B CN 107094076B
Authority
CN
China
Prior art keywords
key
quantum
identification
terminal device
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710244179.9A
Other languages
Chinese (zh)
Other versions
CN107094076A (en
Inventor
倪文强
薛梦驰
赵良圆
郭光灿
韩正甫
刘选斌
杨光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengtong Optic Electric Co Ltd
Jiangsu Hengtong Wentian Quantum Information Research Institute Co Ltd
Original Assignee
Jiangsu Hengtong Optic Electric Co Ltd
Jiangsu Hengtong Wentian Quantum Information Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Hengtong Optic Electric Co Ltd, Jiangsu Hengtong Wentian Quantum Information Research Institute Co Ltd filed Critical Jiangsu Hengtong Optic Electric Co Ltd
Priority to CN201710244179.9A priority Critical patent/CN107094076B/en
Publication of CN107094076A publication Critical patent/CN107094076A/en
Application granted granted Critical
Publication of CN107094076B publication Critical patent/CN107094076B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of secret communication methods based on quantum true random number, it is characterised in that:Business demand key used in secret communication is by being arranged quantum real random number generator generation on the terminal device.The invention also discloses a kind of secret signallings based on quantum true random number, including multiple terminal devices, it is characterised in that:The quantum real random number generator for generating business demand key is provided at least one terminal device.The present invention is generated by the quantum real random number generator that terminal device carries and obtains business demand key, and available key amount is not less than 3Mbps, improves more than 200 times, it is sufficient to support the traffic demands of the terminal device of bigger scale amounts.Demand key ciphertext is transmitted while being simultaneously emitted by communication service request, delay is reduced, ensures the real-time of communication service.

Description

Secret communication method based on quantum true random number and communication system
Technical field
The invention belongs to mobile communication encryption technology fields, and in particular to a kind of secret communication based on quantum true random number Method and communication system.
Background technology
With the rapid development and extensive use of the wireless communication technique of terminal device, business tine covers wide, industry Business demand is also being continuously improved, and still, is transmitted into row information with plaintext always to wireless communication system, in addition wireless signal is certainly By spatial, arbitrary people can initiate eavesdropping and attack, be not necessarily to complex device.Therefore the safety of wireless communication system itself Problem is difficult to ensure always.
In order to improve the safety of wireless transmission, most-often used is exactly cryptographic technique.Password is generated to bright using algorithm Text encryption, such as DES, AES Encryption Algorithm, these technologies improve the safety of information, however its password is all algorithm generation , it then follows algorithm rule, therefore its password is all pseudo random number, in particular with the development of quantum computer, these password skills Art can all be broken through easily.Technique on Quantum Communication would solve these problems, the key that Technique on Quantum Communication uses Completely random is the true random number of real meaning without rule, different from existing Encryption Algorithm, and Technique on Quantum Communication is from reason It is proved to be to be perfectly safe by upper, information can not be interpreted in transmission process, because it makes in Technique on Quantum Communication By quantum (being usually photon), coding obtains key, and quantum is not indivisible, reproducible, in physics during generation The use that can not be stolen in angle, and the key completely random that Technique on Quantum Communication generates are learned, it is irregular to follow, it is really to anticipate The upper true random number of justice.Simultaneously with the use of the data ciphering method of " one-time pad ", thus it is ensured that the nothing of wireless information transfer Condition safety.
104243143 B of Chinese patent Authorization Notice No. CN, disclose a kind of movement based on quantum key distribution network Secret communication method, it includes the quantum key distribution network being made of concentrator station, and each concentrator station can be at least one terminal Apparatus bound takes the method that ciphertext relays that encrypted information is transmitted to the terminal device of distal end concentrator station binding, but should The business cipher key source of method be quantum key distribution network, quantum key distribution network at present in the transmission of 50km apart from it most It is 13kbps or so to obtain secret-key rate eventually, and size of key can not support the business demand of enough terminal devices, while quantum is close It is the distribution that business cipher key is just carried out after communication service request is sent out that key, which distributes network, it is difficult to ensure the real-time of communication.Its Terminal device needs login network access to be bound, and binding validatation information immobilizes in the case where terminal device does not change region, Its safety is difficult to ensure.
Invention content
In order to solve the above technical problems, the present invention provides a kind of secret communication method based on quantum true random number, it can To provide the traffic demands for the terminal device for being enough to support bigger scale amounts, and delay can be reduced, ensure communication service Real-time.
In order to achieve the above objectives, technical scheme is as follows:A kind of secret communication side based on quantum true random number Method, it is characterised in that:Business demand key used in secret communication is by being arranged quantum true random number hair on the terminal device Raw device generates.
In the preferred embodiment of the present invention, further comprise that the secret communication method specifically includes following steps:
(1) multiple terminal devices are bound by unique identification key respectively with quantum key server-side;
(2) business demand key is generated by the quantum real random number generator positioned at first terminal equipment, first terminal is set Business demand key is encrypted and is sent to quantum key server-side described in the standby identification key pair by binding;
(3) the quantum key server-side receives the encrypted business demand key that first terminal equipment is sent, and passes through It is decrypted to obtain the business demand key with the identification key of first terminal apparatus bound, then reuse Business demand key described in identification key pair with second terminal apparatus bound is sent to second terminal after being encrypted Equipment;
(4) second terminal equipment receives the encrypted business demand key that quantum key server-side is sent, and utilizes binding Identification key is decrypted to obtain the business demand key;
(5) first terminal equipment and second terminal equipment carry out secret communication by the business demand key.
In the preferred embodiment of the present invention, further comprise
In step (2), first terminal equipment is encrypted concurrently by business demand key described in identification key pair While sending to quantum key server-side, it is encrypted using the business demand key pair business information and is sent to described Two terminal devices.
In the preferred embodiment of the present invention, it is multiple to further comprise that the quantum key server-side has, it is multiple described Quantum key server-side passes sequentially through unique identification key and is bound, and each quantum key server-side is to decryption The business demand key out is sent to next quantum key clothes after being encrypted using independent identification key Business end, the encrypted business demand key that next quantum key server-side is received using identical identification key pair Be decrypted, until the last one quantum key server-side, by the last one quantum key server-side to business demand key into Row encrypting and transmitting gives the second terminal equipment.
In the preferred embodiment of the present invention, further comprise that the identification key is occurred by quantum true random number Device generates, and the quantum real random number generator for generating identification key is set to first terminal equipment, second terminal is set On standby or quantum key server.
In the preferred embodiment of the present invention, further comprise
In step (3), quantum key server-side is verified by its identification key with first terminal apparatus bound Whether first terminal equipment is legal, and the encrypted business demand for starting to receive the transmission of first terminal equipment if legal is close Key;If not conforming to rule refusal service request.
The present invention a preferred embodiment in, further comprise the terminal device the same time only with a quantum Cipher key service end is bound, and the identification key of binding can update.
In the preferred embodiment of the present invention, further comprises binding between terminal device and quantum key server-side and use Identification key answer the request of the terminal device to update, newer method is:
The terminal device initiates the replacement of identification key to the quantum key server-side for establishing binding relationship therewith asks It asks, new identification key K is extracted in the identification key that quantum real random number generator generatesC|P
The terminal device uses old identification key KCPTo new identification key KC|PIt is encrypted, obtains Ciphertext KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
After quantum key server-side checking request end is legal, pass through old identification key KCPTo the ciphertext received KCP·KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PTo replace old identity Identify key KCP
In the preferred embodiment of the present invention, further comprises binding between terminal device and quantum key server-side and use Identification key update because of the requirement of the quantum key server-side, update method is:
The quantum key server-side sends out update identification key to the terminal device for establishing binding relationship therewith It is required that terminal device extracts new identification key K in the identification key that quantum real random number generator generatesC|P
The terminal device uses old identification key KCPTo new identification key KC|PIt is encrypted, obtains Ciphertext KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
After quantum key server-side checking request end is legal, pass through old identification key KCPTo the ciphertext received KCP·KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PTo replace old identity Identify key KCP
In the preferred embodiment of the present invention, further comprise the identity of binding between the quantum key server-side Identification key can answer the request of quantum key server-side to update, and update method is,
It is close to the quantum key server-side initiation update identification bound therewith to initiate newer quantum key server-side The request of key, and use old identification key KP2P3To new identification key KP2|P3Acquisition ciphertext is encrypted KP2P3·KP2|P3, and send ciphertext KP2P3·KP2|P3To the quantum key server-side bound therewith;
The quantum key server-side bound therewith passes through old identification key KP2P3To the ciphertext K receivedP2P3· KP2|P3It is decrypted, obtains new identification key KP2|P3, and with new identification key KP2|P3To replace old identity Identify key KP2P3
In the preferred embodiment of the present invention, further comprise the body of binding between each quantum key server-side Part identification key can also be by being arranged the quantum-key distribution terminal distribution in the quantum key server-side, quantum key point It is updated with being transmitted by quantum channel after identification key described in terminal distribution.
In the preferred embodiment of the present invention, further comprise
In step (3), after quantum key server-side receives the service request that the first terminal equipment is sent, by with Whether the identification key authentication first terminal equipment of first terminal apparatus bound is legal, if legal, executes the operation of decryption; If illegal, refusal executes decryption oprerations, and judges whether the first terminal equipment is local invasion, if so, alarm and/or Start security protection.
In the preferred embodiment of the present invention, further comprise when terminal device geographical location changes, terminal device It is unbinding with old quantum key server-side, and new quantum key server-side is bound, it specifically includes:
Terminal device extracts new identification key in the identification key that quantum real random number generator generates KDPD2, and pass through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains ciphertext KDPD1· KDPD2
Terminal device sends out bind request to new quantum key server-side, and the ciphertext is carried in the request KDPD1·KDPD2
After new quantum key server-side judges that terminal device is legal, is communicated, informed with old quantum key server-side The bind request that old quantum key server-side terminal device is sent out;
After old quantum key server-side receives the notification of new quantum key server-side, by with new quantum key service Hold the identification key K of bindingPD1PD2To old identification key KDPD1It is encrypted, obtains ciphertext KPD1PD2·KDPD1, and By ciphertext KPD1PD2·KDPD1It is sent to new quantum key server-side;
New quantum key server-side passes through the identification key K that is bound with old quantum key server-sidePD1PD2To ciphertext KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Recycle old identification key KDPD1It is right Ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key server-side obtains new Identification key KDPD2Afterwards binding relationship is established with terminal device;
After terminal device establishes binding relationship with new quantum key server-side, old quantum key server-side releases and end equipment Binding relationship.
In order to achieve the above objectives, another technical solution of the invention is as follows:A kind of terminal based on quantum true random number is set Standby secret signalling, including multiple terminal devices, it is characterised in that:It is provided at least one terminal device for producing The quantum real random number generator of raw business demand key.
In the preferred embodiment of the present invention, further comprise that the system also includes quantum key server-side, terminals Equipment is bound with quantum key server-side by unique identification key, and the terminal device includes at least first eventually End equipment and second terminal equipment, wherein:
The first terminal equipment, which is provided with the quantum real random number generator, and the first terminal equipment is used for The business demand key that quantum real random number generator described in identification key pair by binding generates is encrypted simultaneously It is sent to quantum key server-side;
The quantum key server-side, the encrypted business demand key for receiving the transmission of first terminal equipment lead to It crosses and is decrypted to obtain institute with the business demand key after the identification key pair encryption of the first terminal apparatus bound Business demand key is stated, business demand key described in the identification key pair with second terminal apparatus bound is then reused Second terminal equipment is sent to after being encrypted;
The second terminal equipment, the encrypted business demand key for receiving the transmission of quantum key server-side, profit It is decrypted to obtain the business demand key with the business demand key after the identification key pair encryption of binding;
The first terminal equipment and second terminal equipment carry out secret communication by the business demand key.
In the preferred embodiment of the present invention, further comprise that the first terminal equipment is additionally operable to after sending encryption Business demand key to quantum key server-side while, be encrypted simultaneously by the business demand key pair business information It is sent to the second terminal equipment;
The second terminal equipment is additionally operable to receive the encrypted business information that first terminal equipment is sent, utilizes solution The business information after the business demand key pair encryption after close, which is decrypted, obtains the business information.
In the preferred embodiment of the present invention, it is multiple to further comprise that the quantum key server-side has, it is multiple described Quantum key server-side passes sequentially through unique identification key and is bound, each quantum key server-side for pair It is close that the business demand key decrypted is sent to next quantum after being encrypted using independent identification key Key server-side, the encrypted business demand that next quantum key server-side is received using identical identification key pair Key is decrypted, until the last one quantum key server-side, close to business demand by the last one quantum key server-side Key is encrypted and is sent to the second terminal equipment.
In the preferred embodiment of the present invention, further comprise that first terminal equipment, second terminal equipment or quantum are close The quantum real random number generator for generating identification key is provided in key server-side.
In the preferred embodiment of the present invention, further comprise being provided with for generating in the quantum key server-side The quantum-key distribution terminal of identification key.
In the preferred embodiment of the present invention, further comprise that the quantum key server-side is additionally operable to through itself and the Whether the identification key of one terminal device binding is legal to verify first terminal equipment, starts reception first if legal The encrypted business demand key that terminal device is sent;If not conforming to rule refusal service request.
The present invention a preferred embodiment in, further comprise the terminal device the same time only with a quantum Cipher key service end is bound, and the identification key of binding answers the request of the terminal device that can update or because described The initiative of quantum key server-side is updated.
In the preferred embodiment of the present invention, further comprise that the terminal device is additionally operable to close to foundation binding therewith The quantum key server-side of system initiates identification key replacement request, in the identification that quantum real random number generator generates The new identification key K of extraction in keyC|P
The terminal device is also used for old identification key KCPTo new identification key KC|PAdded It is close, obtain ciphertext KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
Quantum key server-side be additionally operable to checking request end it is legal after, pass through old identification key KCPTo what is received Ciphertext KCP·KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PIt is old to replace Identification key KCP
The identification key bound between the terminal device and quantum key server-side only allows to be sent out by terminal device Go out request and is updated.
In the preferred embodiment of the present invention, further comprise
The quantum key server-side is additionally operable to initiate body to another quantum key server-side for establishing binding relationship therewith Part identification key replacement request, and use old identification key KP2P3To new identification key KP2|P3It is encrypted and obtains Obtain ciphertext KP2P3·KP2|P3, and send ciphertext KP2P3·KP2|P3To the quantum key server-side bound therewith;
The quantum key server-side bound therewith passes through old identification key KP2P3To the ciphertext K receivedP2P3· KP2|P3It is decrypted, obtains new identification key KP2|P3, and with new identification key KP2|P3To replace old identity Identify key KP2P3
In the preferred embodiment of the present invention, further comprise
When terminal device geographical location changes, terminal device is by way of local wired connection or the side of wireless connection Formula and old quantum key server-side are unbinding, and by way of local wired connection or the mode of wireless connection bind it is new Quantum key server-side,
Terminal device is wirelessly unbinding with old quantum key server-side, is established with new quantum key server-side The method of binding relationship is:
Terminal device sends out bind request to new quantum key server-side, in the identity that quantum real random number generator generates Identify the identification key K that extraction is new in keyDPD2
Terminal device passes through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains close Literary KDPD1·KDPD2, and by ciphertext KDPD1·KDPD2It is sent collectively to new quantum key server-side with bind request;
After new quantum key server-side judges that terminal device is legal, is communicated, informed old with old quantum key server-side The bind request that quantum key server-side terminal device is sent out;
After old quantum key server-side receives the notification of new quantum key server-side, old quantum key server-side passes through With the identification key K of new quantum key server-side bindingPD1PD2To old identification key KDPD1It is encrypted, obtains Ciphertext KPD1PD2·KDPD1, and by ciphertext KPD1PD2·KDPD1It is sent to new quantum key server-side;
New quantum key server-side passes through the identification key K that is bound with old quantum key server-sidePD1PD2To ciphertext KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Recycle old identification key KDPD1It is right Ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key server-side obtains new After identification key KDPD2 binding relationship is established with terminal device;
After terminal device establishes binding relationship with new quantum key server-side, old quantum key server-side releases and end equipment Binding relationship.
The beneficial effects of the invention are as follows:
One, key midsequent secret communication method compared to the prior art, key midsequent of the invention secrecy are logical Letter method can reduce the lag delay that business demand key reaches called end, improve service quality:
In the prior art, communication service request is sent out by caller first, then distributes business by quantum key distribution network Key, then to business information, (business information herein is cleartext information, such as short message, voice by the business cipher key of distribution acquisition Deng) be encrypted, encrypted business information is sent to called end by original link, that is, the transmission of business cipher key is stagnant The time sent out afterwards in communication service request;
In the technology of the present invention, business demand key is generated by the quantum real random number generator that terminal device carries, ( It is exactly business cipher key in the prior art), calling terminal communication service request starts the transmission of business demand key while sending out, Thus come reduce business demand key reach called end delay, improve service quality.
Secondly, key midsequent secret communication compared to the prior art, key midsequent secret communication side of the invention Method disclosure satisfy that the more business demand of more multi-terminal equipment:
In the prior art, the acquisition of business cipher key is measured from the distribution of quantum key distribution network due to photon attenuation It is 13Kbps or so, business cipher key that sub-key, which distributes network and finally obtains the rate of business cipher key after the transmission distance of 50Km, Amount can not support enough terminal device business demands.
In the technology of the present invention, the quantum real random number generator that is carried by terminal device generate business demand key ( It is exactly business cipher key in the prior art), the size of key of available service demand key is not less than 3Mbps, improves more than 200 Times, it is sufficient to the more business demand of support more multi-terminal equipment.
Thirdly, key midsequent secret communication compared to the prior art, key midsequent of the invention maintain secrecy colleague side Method can greatly improve safe class:
In the prior art, terminal device login network access is bound, and does not change area in terminal device after binding validatation information Its quantum ID number immobilizes in the case of domain, and communications security is difficult to ensure.
In the technology of the present invention, the identity shared after binding relationship is established between terminal device and quantum key server-side and is known The identification communicated between other key (quantum ID number namely in the prior art) and each quantum key server-side is close Key can should be asked and be updated at any time, will not be used same identification key for a long time, greatly be improved safe class.
The business scope of application of quantum secure network four, is extended, and implements to be easy, improvement cost is low, construction period It is short:
In the technology of the present invention, what is transmitted in calling terminal equipment-quantum key service network-called terminal equipment is to add Business demand key after close, is not encrypted business information, and encrypted business information adds still through specific business Original data link is transmitted, and called terminal equipment, business information are reached by different paths from business demand key Encryption and decryption only carried out at terminal device primary, this communication mode can be preferably mutually compatible with existing communication business, nothing The data flow transmission route of original mobile communication business need to be made a change, only by itself and newly-increased quantum key service network Be connected can, extend the business use scope of quantum secure network, have improvement cost it is low, the spy of short construction period Point.
Description of the drawings
Technical solution in technology in order to illustrate the embodiments of the present invention more clearly, in being described below to embodiment technology Required attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some realities of the present invention Example is applied, it for those of ordinary skill in the art, without creative efforts, can also be according to these attached drawings Obtain other attached drawings.
Fig. 1 is that key midsequent moves secret communication schematic diagram in the prior art;
Fig. 2 is that key midsequent moves secret communication schematic diagram in the technology of the present invention;
Fig. 3 is the transmission schematic diagram of ciphertext in the technology of the present invention;
Fig. 4 is overall flow figure of the present invention;
Fig. 5 is to update quantum authentication between terminal device of the present invention and the quantum key server-side for establishing binding relationship The schematic diagram of code;
Fig. 6 is the schematic diagram for updating quantum identity code in the technology of the present invention between quantum key server-side;
Fig. 7 is the schematic diagram of terminal device switching binding quantum key server-side in the technology of the present invention;
Fig. 8 is the structure diagram of terminal device in the technology of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts Embodiment shall fall within the protection scope of the present invention.
Embodiment one
The present embodiment provides a kind of secret communication methods based on quantum true random number, realize the secrecy between terminal device It communicates, the business demand key used in this secret communication method is by being arranged quantum true random number generation on the terminal device Device generates.
Include based on the main hardware equipment involved by the progress secret communication of quantum true random number in the present embodiment:
1. terminal device
Terminal device can be smart mobile phone, tablet computer, laptop, PDA (individual digital assistant) etc. mobile The other-ends equipment such as terminal or set-top box, PC, it is the initiator and recipient of communication service.
Configured with quantum real random number generator, storage device, the hardware for supporting network access capacity inside terminal device Module has and carries out the ability of information exchange with quantum key server-side, has the processor of computing capability.
2. quantum key server-side
One or more quantum key server-sides form quantum key service networks, and quantum key server-side can be with One or more terminal devices establish binding relationship, and share identification key with the terminal device for establishing binding relationship.
Quantum key server-side is configured with quantum real random number generator, is produced by included quantum real random number generator Identification key used in being communicated with other quantum key server-sides in quantum key service network is given birth to, binding is identical Business transferring demand key between two quantum key server-sides of identification key.
As shown in figure 8, the concrete composition structure inside terminal device is as follows:
Have inside terminal device quantum real random number generator, cipher key storage block, initiate business information memory module, Encrypting module, identity code memory module, communication module, deciphering module and demand cipher key storage block,
After communication request is sent out, the business information of this communication is stored in above-mentioned initiation business information memory module;
Quantum real random number generator inside terminal device, which is generated, to be deposited with the isometric key of business information, key after generating Storage is in above-mentioned cipher key storage block;
Out of cipher key storage block extract key as identification key storage in identity code memory module;
When terminal device establishes binding relationship with quantum key server-side, identity is extracted out of identity code memory module Key is identified, as the quantum authentication code shared between the quantum key server-side for establishing binding relationship;
When communication service is initiated, key is extracted out of cipher key storage block as business demand key;
Acquisition demand key is encrypted using the identification key pair business demand key of binding in above-mentioned encrypting module Ciphertext, at the same time using business demand key pair, acquisition business information is encrypted in this business information communicated to encrypting module Ciphertext;
Above-mentioned communication module sends the demand key ciphertext and business information ciphertext of caller, while it is close to receive called demand Key ciphertext and business information ciphertext;
Above-mentioned deciphering module is decrypted acquisition business using the identification key pair demand key ciphertext of binding and needs Key is sought, acquisition business information at the same time is decrypted using the business demand key pair business information ciphertext after decryption;
The business demand key storage that deciphering module decryption obtains is in the demand cipher key storage block.
There are three types of the keys arrived involved in technical solution of the present invention:
1., between quantum key server-side binding identification key, can be by the quantum of quantum key server-side Real random number generator generates, and can also be generated by the quantum-key distribution terminal of quantum key server-side, by QKD systems after generation System transmits.
2., bound between quantum key server-side and terminal device after the identification key shared, it is by terminal device Included quantum real random number generator generates, and key is stored in after generating in cipher key storage block, when establishing binding relationship from Identification key is extracted in cipher key storage block, establishing the quantum key server-side of binding relationship, to back up this identification close Key is shared and is used;
3., every time communication when the business demand key that needs, the quantum real random number generator that it is carried by terminal device It generates, key is stored in after generating in cipher key storage block, is extracted key out of cipher key storage block when communication service is initiated and is made For the business demand key of this communication, " one-time pad ", after use, or no use has finished still this communication Through terminating, current business demand key will be all dropped.
In technical solution of the present invention, there are a variety of connecting channels between each hardware device:
1., between each quantum key server-side, exist simultaneously the classical channel and quantum channel of quantum network, classics letter Road exists in the form of wired or wireless, and quantum channel can be the quantum channel etc. in fiber channel, free space.
Quantum channel is used to transmit shared identification key, warp based on BB84 agreements between each quantum key server-side Allusion quotation channel is used for transmission encrypted business demand key.
2., between terminal device and quantum key server-side, when establishing binding relationship, between the two by reliable wired Connection type connects, and establishes binding relationship, and the identification key of quantum key server-side back-up terminals equipment is shared identity and known Other key;After establishing binding relationship, wired connection is disconnected, terminal device, which becomes, moves freely state, passes through between the two at this time Classic network is transmitted, main to be transmitted using classical radio network technique, such as Wi-Fi technology or 3G, 4G technology etc..
3., encrypted business information two station terminal equipment rooms still use the business legacy data link transmission, What its data flow was still walked is the original data link of telecom operators, and only business information therein has been encrypted.
The key midsequent movement secret communication of the technology of the present invention and the key midsequent of the prior art move secret communication Difference, by taking calling terminal equipment sends information to called terminal equipment as an example, in the prior art, as shown in Figure 1, by calling terminal head Communication service request is first sent out, then distributes business cipher key by quantum key distribution network, then the business cipher key obtained by distribution Business information (business information herein is the cleartext information of short message) is encrypted, encrypted business information passes through original Link is sent to called end, that is, business cipher key time for being sent out in communication service request of transfer lag;
In the technology of the present invention, as shown in Fig. 2, generating key by the quantum real random number generator that terminal device carries, obtain Business demand key (business cipher key namely in the prior art) is obtained, calling terminal communication service request starts industry while sending out The transmission of business demand key, that is, business demand key transmission and sending out for communication service request be carried out at the same time.
Below for using the process that technical solution of the present invention completes a secret communication between two station terminal equipment, come The specific embodiment that the present invention will be described in detail, ciphertext transmittance process is as shown in figure 3, its overall flow figure is as shown in Figure 4.
Before communication service is initiated, the quantum key server-side of terminal device and region establishes binding relationship, this hair In bright technical solution, " binding relationship " between terminal device and quantum key server-side is:
1., the terminal device of login network access possess unique binding identification in entire quantum key service network Key;
2., the identification key uniquely held of terminal device should ask update;
3., a station terminal equipment cannot bind in section at the same time with multiple quantum key server-sides;
4., a quantum key server-side allows to bind zero, one or more terminal device in section at the same time;
5., the terminal device with binding relationship and between quantum key server-side share unique identification key.
When communication service is initiated
(1) first step, calling terminal equipment initiate communication service request:
Calling terminal equipment extracts the business demand key of this communication, after obtaining business demand key, on the one hand passes through Acquisition demand key ciphertext is encrypted in the identification key pair business demand key of binding, and demand key ciphertext is sent out It is sent to quantum key server-side P1;On the other hand the business information that this is communicated using the business demand key pair obtained is (herein For the cleartext information of communication) it is encrypted, business information ciphertext is obtained, the business information ciphertext of acquisition is original by the business Data link is transferred to called terminal equipment, and the demand key ciphertext of acquisition is transferred to called terminal by quantum key server-side Equipment;Demand key ciphertext is obtained herein and obtains business information ciphertext and is carried out at the same time, herein demand key ciphertext and business letter The first time that breath ciphertext is both sent out in communication service request is simultaneously emitted by.
(2) second step, quantum key server-side transmit demand key ciphertext (i.e. encrypted business demand key):
Quantum key server-side is set by the identification key of itself and calling terminal apparatus bound to verify calling terminal It is standby whether legal, the demand key ciphertext of calling terminal equipment transmission is received if legal, by being tied up with calling terminal equipment Surely the demand key ciphertext that identification key pair receives is decrypted to obtain business demand key, then reuses and quilt It is sent to called terminal equipment after making the identification key pair business demand key of terminal device binding be encrypted.
On the other hand, if quantum key server-side verification calling terminal equipment is illegal, refuse service request, and sentence Whether the calling terminal equipment of breaking is local invasion, is invaded if it is place, then alarm and/or startup security protection;If sentenced Disconnected invasion of being not in the right place, then it is secondary to enter identification key authentication.
(3) third step, called terminal equipment receive request:
Called terminal equipment receives the demand key ciphertext that quantum key server-side is sent, and (i.e. encrypted business demand is close Key) and calling terminal equipment send business information ciphertext (i.e. encrypted business information), using with quantum key server-side The identification secret key decryption demand key ciphertext of binding obtains the business demand key of this communication, then using decryption The business demand key pair business information ciphertext of acquisition is decrypted, and obtains the business information of this communication;Calling terminal as a result, Equipment and called terminal equipment complete a secret communication.
This time in communication process, the business information ciphertext of this communication is participated in, the original data of such communication service are passed through Link carries out secret communication, and the demand key ciphertext (i.e. encrypted business demand key) for participating in this communication is close by quantum Key server-side is transmitted, the demand key ciphertext of this communication service and communication request synchronize send out, while communication request is sent out The transmission of carry out demand key ciphertext.
The present invention another technical solution in, quantum key server-side have it is multiple, multiple quantum key server-sides are successively It is bound by unique identification key, each quantum key server-side uses the business demand key decrypted Independent identification key is sent to next quantum key server-side after being encrypted, next quantum key server-side makes It is decrypted with the encrypted business demand key that identical identification key pair receives;Until being transmitted to the last one Quantum key server-side is encrypted business demand key by the last one quantum key server-side and is sent to called terminal Equipment.
As shown in figure 3, details are as follows for the detailed process of multiple quantum key server-side business transferring demand keys:
Calling terminal device A passes through the identification key K shared with first quantum key server-side P1AP1To this The business demand key K of communicationXAcquisition demand key ciphertext K is encryptedAP1·KXIt is sent to first quantum key server-side P1;
S1:First quantum key server-side P1 receives the demand key ciphertext K that calling terminal device A is sentAP1·KX, Then the identification key K by being shared with calling terminal device AAP1To demand key ciphertext KAP1·KXAcquisition is decrypted Business demand key KX
S2:First quantum key server-side P1 is known by the quantum identity shared with second quantum key server-side P2 Other key KP1P2The business demand key K that decryption is obtainedXAcquisition demand key ciphertext K is encryptedP1P2·KXIt is sent to second A quantum key server-side P2;
S3:Decryption, encryption method in second quantum key server-side P2 repetition above step S1, S2 communicate this Demand key ciphertext level-one level-one transmit, until being transmitted to the last one quantum key server-side Pn.
In the technology of the present invention, the identity shared after binding relationship is established between terminal device and quantum key server-side and is known The identity code key communicated between other code key and each quantum key server-side can update at any time, not when president Between use same each identity code key, safe class can greatly be improved, newer method is as follows:
(1), as shown in figure 5, the identity code key that terminal device is uniquely held should ask the newer method to be:
1., terminal device C initiates the replacement of identification key to the quantum key server-side P for establishing binding relationship therewith asks It asks or quantum key server-side P initiates to replace wanting for identification key to the terminal device C for establishing binding relationship therewith It asks;
2., extract new identification key K in the identification key that the truly random generator of quantum generatesC|P
3., terminal device C use old identification key KCPTo new identification key KC|PIt is encrypted, obtains Ciphertext KCP·KC|P, and transmit ciphertext KCP·KC|PTo quantum key server-side P;
4., quantum key server-side P checking requests end it is legal after, pass through old identification key KCPTo ciphertext KCP· KC|PIt is decrypted, obtains new identification key KC|P, with new identification key KC|PIt is close come the identification of replacing old Key KCP
(2), as shown in fig. 6, the identification key between each quantum key server-side can update, and there are two types of more for tool New method, the first update method are the classical channel updates based on quantum network, and second of update method is to be based on quantum net The quantum channel of network updates, and specific update method is:
(1) the first update method:
1., quantum key server-side P2 sends out to the quantum key server-side P3 that binds therewith and replaces identification key Request, and use old identification key KP2P3To new identification key KP2|P3It is encrypted, obtains ciphertext KP2P3· KP2|P3, and transmit ciphertext KP2P3·KP2|P3To quantum key server-side P3;
2., quantum key server-side P3 pass through old identification key KP2P3To ciphertext KP2P3·KP2|P3It is decrypted, Obtain new identification key KP2|P3, with new identification key KP2|P3To replace old identification key KP2P3
Herein, each quantum key server-side can replace the request sender of identification key as request, also Request recipient can be used as.
(2) second of update method:
By the quantum-key distribution terminal distribution identification key being arranged in quantum key server-side, identification is close BB84 agreements are based on by quantum channel after key distribution and transmit update.
When terminal device geographical location changes, terminal device preferably uses reliable wired connection mode first and old quantum Then the unbinding relationship in cipher key service end is tied up using reliable wired connection mode and new quantum key server-side foundation again Determine relationship, terminal device disconnects wired connection after establishing binding relationship with new quantum key server-side, restores can move freely State.
As the further scheme of the present invention, when terminal device geographical location changes, terminal device can also use nothing The mode of line connection switches the quantum key server-side bound therewith, as shown in fig. 7, its concrete methods of realizing is:
This is illustrated for sentencing terminal device D, old quantum key server-side PD1, new quantum key server-side PD2:
Terminal device D and old quantum key server-side PD1 shares quantum authentication code KDPD1
Quantum authentication code K is shared between old quantum key server-side PD1 and new quantum key server-side PD2PD1PD2
S1:Terminal device D sends out bind request to new quantum key server-side PD2, is produced in quantum real random number generator The new identification key K of extraction in raw identification keyDPD2
Terminal device passes through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains close Literary KDPD1·KDPD2, and by ciphertext KDPD1·KDPD2It is sent collectively to new quantum key server-side with bind request;
S2:After new quantum key server-side PD2 judges that terminal device is legal, led to old quantum key server-side PD1 Letter, informs the bind request that old quantum key server-side PD1 terminal devices are sent out;
S3:After old quantum key server-side PD1 receives the notification of new quantum key server-side PD2, old quantum key Server-side PD1 passes through the identification key K that is bound with new quantum key server-side PD2PD1PD2To old identification key KDPD1It is encrypted, obtains ciphertext KPD1PD2·KDPD1, and by ciphertext KPD1PD2·KDPD1It is sent to new quantum key server-side PD2;
S4:New quantum key server-side PD2 passes through the identification key bound with old quantum key server-side PD1 KPD1PD2To ciphertext KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Old identity is recycled to know Other key KDPD1To ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key clothes Business end PD2 obtains new identification key KDPD2Afterwards binding relationship is established with terminal device D;
After terminal device D and new quantum key server-side PD2 establishes binding relationship, old quantum key server-side PD1 is released With the binding relationship of end equipment D, old quantum authentication code KDPD1It is dropped and does not use.
The request for the quantum key server-side that binding relationship is established in terminal device switching herein therewith only allows to be set by terminal Preparation goes out request and is replaced.
Embodiment two
The present embodiment provides a kind of secret signalling based on quantum true random number, this secret signalling includes quantum Cipher key service end and multiple terminal devices.
Wherein, terminal device can be smart mobile phone, tablet computer, set-top box, laptop, PAD or other-end Equipment, it is the initiator and recipient of communication service, and storage device is configured with inside terminal device, supports network access capacity Hardware module, have with quantum key server-side carry out information exchange ability, have computing capability processor and use In the quantum real random number generator for generating identification key.Configured with for generating industry on wherein at least one terminal device The quantum real random number generator of business demand key.
Certainly, can be configured on terminal device a quantum real random number generator come and meanwhile generate identification key with Business demand key can also configure two quantum real random number generators, be respectively intended to generate identification key and business Demand key.
One or more quantum key server-sides form quantum key service network, and quantum key server-side is configured with and is used for Generate the quantum real random number generator and/or quantum-key distribution terminal of identification key, a quantum key server-side Binding relationship can be established with one or more terminal devices, and it is close with the terminal device for establishing binding relationship to share identification Key.
In technical solution of the present invention, the terminal device of secret signalling includes at least first terminal equipment and second terminal Equipment, wherein:
Above-mentioned first terminal equipment is equipped with quantum real random number generator, and first terminal equipment is for passing through binding The business demand key that identification key pair quantum real random number generator generates is encrypted and is sent to quantum key clothes Business end passes through above-mentioned business while first terminal equipment sends encrypted business demand key to quantum key server-side Demand key pair business information is encrypted and is sent to second terminal equipment;
The encrypted business demand key that above-mentioned quantum key server-side is used to receive the transmission of first terminal equipment passes through It is decrypted to obtain above-mentioned business with the business demand key after the identification key pair encryption of first terminal apparatus bound Then demand key reuses and is added with the above-mentioned business demand key of the identification key pair of second terminal apparatus bound Second terminal equipment is sent to after close;
Above-mentioned second terminal equipment is used to receive the encrypted business demand key and use of quantum key server-side transmission In the encrypted business confidence for receiving the transmission of first terminal equipment, pass through the identity with above-mentioned quantum key server-side binding Business demand key after identification key pair encryption is decrypted to obtain above-mentioned business demand key, utilizes the industry after decryption Business information after business demand key pair encryption, which is decrypted, obtains the business information.
Above-mentioned first terminal equipment and second terminal equipment carry out secret communication by above-mentioned business demand key.
In the technical solution of the present embodiment, as shown in figure 8, the preferred internal structure of terminal device is as follows:
Have inside terminal device quantum real random number generator, cipher key storage block, initiate business information memory module, Encrypting module, identity code memory module, communication module, deciphering module and demand cipher key storage block,
After communication request is sent out, the business information of this communication is stored in above-mentioned initiation business information memory module;
Quantum real random number generator inside terminal device, which is generated, to be deposited with the isometric key of business information, key after generating Storage is in above-mentioned cipher key storage block;
Out of cipher key storage block extract key as identification key storage in identity code memory module;
When terminal device establishes binding relationship with quantum key server-side, identity is extracted out of identity code memory module Key is identified, as the quantum authentication code shared between the quantum key server-side for establishing binding relationship;
When communication service is initiated, key is extracted out of cipher key storage block as business demand key;
Acquisition demand key is encrypted using the identification key pair business demand key of binding in above-mentioned encrypting module Ciphertext, at the same time using business demand key pair, acquisition business information is encrypted in this business information communicated to encrypting module Ciphertext;
Above-mentioned communication module sends the demand key ciphertext and business information ciphertext of caller, while it is close to receive called demand Key ciphertext and business information ciphertext;
Above-mentioned deciphering module is decrypted acquisition business using the identification key pair demand key ciphertext of binding and needs Key is sought, acquisition business information at the same time is decrypted using the business demand key pair business information ciphertext after decryption;
The business demand key storage that deciphering module decryption obtains is in the demand cipher key storage block.
In another technical solution of the present embodiment, quantum key server-side have it is multiple, multiple quantum key server-sides according to Secondary to be bound by unique identification key, each quantum key server-side makes the business demand key decrypted Next quantum key server-side, next quantum key server-side are sent to after being encrypted with independent identification key It is decrypted using the encrypted business demand key that identical identification key pair receives;Until being transmitted to last A quantum key server-side is encrypted business demand key by the last one quantum key server-side and is sent to called whole End equipment.
As shown in figure 3, multiple quantum key server-sides transmit encrypted business demand key, business transferring demand is close Details are as follows for the detailed process of key:
First terminal device A passes through the identification key K shared with first quantum key server-side P1AP1To this The business demand key K of communicationXAcquisition demand key ciphertext K is encryptedAP1·KXIt is sent to first quantum key server-side P1;
S1:First quantum key server-side P1 receives the demand key ciphertext K that first terminal device A is sentAP1·KX, Then the identification key K by being shared with first terminal device AAP1To demand key ciphertext KAP1·KXAcquisition is decrypted Business demand key KX
S2:First quantum key server-side P1 is known by the quantum identity shared with second quantum key server-side P2 Other key KP1P2The business demand key K that decryption is obtainedXAcquisition demand key ciphertext K is encryptedP1P2·KXIt is sent to second A quantum key server-side P2;
S3:Decryption, encryption method in second quantum key server-side P2 repetition above step S1, S2 communicate this Demand key ciphertext level-one level-one transmit, until being transmitted to the last one quantum key server-side Pn.
In another technical solution of the present embodiment, established between terminal device and quantum key server-side after binding relationship altogether The identity code key communicated between the identity code key enjoyed and each quantum key server-side can at any time more Newly, same each identity code key will not be used for a long time, can greatly improve safe class, newer method is such as Under:
(1), as shown in figure 5, the identity code key that terminal device is uniquely held should ask the newer method to be:
1., terminal device C initiates the replacement of identification key to the quantum key server-side P for establishing binding relationship therewith asks It asks or quantum key server-side P initiates to replace wanting for identification key to the terminal device C for establishing binding relationship therewith It asks;
2., that terminal device C extracts new identification in the identification key that the truly random generator of quantum generates is close Key KC|P
3., terminal device C use old identification key KCPTo new identification key KC|PIt is encrypted, obtains Ciphertext KCP·KC|P, and transmit ciphertext KCP·KC|PTo quantum key server-side P;
4., quantum key server-side P checking requests end it is legal after, pass through old identification key KCPTo ciphertext KCP· KC|PIt is decrypted, obtains new identification key KC|P, with new identification key KC|PIt is close come the identification of replacing old Key KCP
(2), as shown in fig. 6, the identification key between each quantum key server-side should ask update, and have Two kinds of update methods, the first update method are the classical channel updates based on quantum network, and second of update method is to be based on The quantum channel of quantum network updates, and specific update method is:
(1) the first update method:
1., quantum key server-side P2 sends out to the quantum key server-side P3 that binds therewith and replaces identification key Request, and use old identification key KP2P3To new identification key KP2|P3It is encrypted, obtains ciphertext KP2P3· KP2|P3, and transmit ciphertext KP2P3·KP2|P3To quantum key server-side P3;
2., quantum key server-side P3 pass through old identification key KP2P3To ciphertext KP2P3·KP2|P3It is decrypted, Obtain new identification key KP2|P3, with new identification key KP2|P3To replace old identification key KP2P3
Herein, each quantum key server-side can replace the request sender of identification key as request, also Request recipient can be used as.
(2) second of update method:
By the quantum-key distribution terminal distribution identification key being arranged in quantum key server-side, identification is close BB84 agreements are based on by quantum channel after key distribution and transmit update.
When terminal device geographical location changes, terminal device preferably uses reliable wired connection mode first and old quantum Then the unbinding relationship in cipher key service end is tied up using reliable wired connection mode and new quantum key server-side foundation again Determine relationship, terminal device disconnects wired connection after establishing binding relationship with new quantum key server-side, restores can move freely State.
In another technical solution of the present embodiment, when terminal device geographical location changes, terminal device can also use The mode of wireless connection switches the quantum key server-side bound therewith, as shown in fig. 7, its concrete methods of realizing is:
This is illustrated for sentencing terminal device D, old quantum key server-side PD1, new quantum key server-side PD2:
Terminal device D and old quantum key server-side PD1 shares quantum authentication code KDPD1
Quantum authentication code K is shared between old quantum key server-side PD1 and new quantum key server-side PD2PD1PD2
S1:Terminal device D sends out bind request to new quantum key server-side PD2, is produced in quantum real random number generator The new identification key K of extraction in raw identification keyDPD2
Terminal device passes through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains close Literary KDPD1·KDPD2, and by ciphertext KDPD1·KDPD2It is sent collectively to new quantum key server-side with bind request;
S2:After new quantum key server-side PD2 judges that terminal device is legal, led to old quantum key server-side PD1 Letter, informs the bind request that old quantum key server-side PD1 terminal devices are sent out;
S3:After old quantum key server-side PD1 receives the notification of new quantum key server-side PD2, old quantum key Server-side PD1 passes through the identification key K that is bound with new quantum key server-side PD2PD1PD2To old identification key KDPD1It is encrypted, obtains ciphertext KPD1PD2·KDPD1, and by ciphertext KPD1PD2·KDPD1It is sent to new quantum key server-side PD2;
S4:New quantum key server-side PD2 passes through the identification key bound with old quantum key server-side PD1 KPD1PD2To ciphertext KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Old identity is recycled to know Other key KDPD1To ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key clothes Business end PD2 obtains new identification key KDPD2Afterwards binding relationship is established with terminal device D;
After terminal device D and new quantum key server-side PD2 establishes binding relationship, old quantum key server-side PD1 is released With the binding relationship of end equipment D, old quantum authentication code KDPD1It is dropped and does not use.Terminal device switching herein is therewith Establishing the request of the quantum key server-side of binding relationship only allows to be sent out request by terminal device and replaced.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention. Various modifications to these embodiments will be apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest range caused.

Claims (23)

1. a kind of secret communication method based on quantum true random number, it is characterised in that:Business demand used in secret communication Key is by being arranged quantum real random number generator generation on the terminal device;The secret communication method specifically includes following step Suddenly,
(1) by generating business demand key positioned at the quantum real random number generator of first terminal equipment, first terminal equipment is logical Business demand key described in the identification key pair of binding is crossed to be encrypted and be sent to quantum key server-side;
(2) the quantum key server-side receives the encrypted business demand key that first terminal equipment is sent, by with the The identification key of one terminal device binding is decrypted to obtain the business demand key, then reuses and the Business demand key described in the identification key pair of two terminal device bindings is sent to second terminal equipment after being encrypted;
(3) second terminal equipment receives the encrypted business demand key that quantum key server-side is sent, and utilizes binding Identification key is decrypted to obtain the business demand key;
First terminal equipment and second terminal equipment carry out secret communication, calling terminal communication service by the business demand key Request starts the transmission of business demand key while sending out.
2. the secret communication method according to claim 1 based on quantum true random number, it is characterised in that:By multiple terminals Equipment is bound by unique identification key respectively with quantum key server-side.
3. the secret communication method according to claim 2 based on quantum true random number, it is characterised in that:
In step (2), first terminal equipment is encrypted and is sent to by business demand key described in identification key pair While quantum key server-side, it is encrypted using the business demand key pair business information and is sent to described second eventually End equipment.
4. the secret communication method according to claim 2 based on quantum true random number, it is characterised in that:The quantum is close Key server-side has multiple, and multiple quantum key server-sides pass sequentially through unique identification key and bound, each The business demand key decrypted is encrypted using independent identification key for the quantum key server-side After be sent to next quantum key server-side, next quantum key server-side uses identical identification key pair to receive To encrypted business demand key be decrypted, it is close by the last one quantum until the last one quantum key server-side Key server-side is encrypted business demand key and is sent to the second terminal equipment.
5. according to secret communication method of the claim 1-4 any one of them based on quantum true random number, it is characterised in that:Institute It states identification key to be generated by quantum real random number generator, the quantum true random number for generating identification key occurs Device is set in first terminal equipment, second terminal equipment or quantum key server-side.
6. the secret communication method according to claim 2 or 4 based on quantum true random number, it is characterised in that:
In step (3), quantum key server-side verifies first by its identification key with first terminal apparatus bound Whether terminal device is legal, starts to receive the encrypted business demand key that first terminal equipment is sent if legal;Such as Fruit does not conform to rule refusal service request.
7. the secret communication method according to claim 2 based on quantum true random number, it is characterised in that:The terminal is set It is standby only to be bound with a quantum key server-side in the same time, and the identification key of binding can update.
8. the secret communication method according to claim 7 based on quantum true random number, it is characterised in that:Terminal device with The identification key of binding between quantum key server-side answers the request of the terminal device to update, newer method For:
The terminal device initiates identification key replacement request to the quantum key server-side for establishing binding relationship therewith, The new identification key K of extraction in the identification key that quantum real random number generator generatesC|P
The terminal device uses old identification key KCPTo new identification key KC|PIt is encrypted, obtains ciphertext KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
After quantum key server-side checking request end is legal, pass through old identification key KCPTo the ciphertext K receivedCP· KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PTo replace old identification Key KCP
9. the secret communication method according to claim 7 based on quantum true random number, it is characterised in that:Terminal device with The identification key of binding between quantum key server-side is because the requirement of the quantum key server-side updates, update side Method is:
The quantum key server-side sends out the requirement of update identification key to the terminal device for establishing binding relationship therewith, Terminal device extracts new identification key K in the identification key that quantum real random number generator generatesC|P
The terminal device uses old identification key KCPTo new identification key KC|PIt is encrypted, obtains ciphertext KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
After quantum key server-side checking request end is legal, pass through old identification key KCPTo the ciphertext K receivedCP· KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PTo replace old identification Key KCP
10. the secret communication method according to claim 5 based on quantum true random number, it is characterised in that:The quantum The identification key of binding between cipher key service end answers the request of quantum key server-side that can update, update method For,
It initiates newer quantum key server-side and initiates update identification key to the quantum key server-side bound therewith Request, and use old identification key KP2P3To new identification key KP2|P3It is encrypted and obtains ciphertext KP2P3· KP2|P3, and send ciphertext KP2P3·KP2|P3To the quantum key server-side bound therewith;
The quantum key server-side bound therewith passes through old identification key KP2P3To the ciphertext K receivedP2P3·KP2|P3Into Row decryption, obtains new identification key KP2|P3, and with new identification key KP2|P3It is close come the identification of replacing old Key KP2P3
11. according to secret communication method of the claim 1-4 any one of them based on quantum true random number, it is characterised in that: The identification key of binding can also be by being arranged in the quantum key server-side between each quantum key server-side On quantum-key distribution terminal distribution, passed by quantum channel after identification key described in quantum-key distribution terminal distribution Pass update.
12. the secret communication method according to claim 7 based on quantum true random number, it is characterised in that:Step (3) In, after quantum key server-side receives the service request that the first terminal equipment is sent, by being tied up with first terminal equipment Whether fixed identification key authentication first terminal equipment is legal, if legal, executes the operation of decryption;If illegal, refusal Decryption oprerations are executed, and judge whether the first terminal equipment is local invasion, if so, alarm and/or startup security protection.
13. the secret communication method according to claim 2 based on quantum true random number, it is characterised in that:When terminal is set When standby geographical location variation, terminal device and old quantum key server-side are unbinding, and bind new quantum key server-side, It specifically includes:
Terminal device extracts new identification key K in the identification key that quantum real random number generator generatesDPD2, And pass through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains ciphertext KDPD1·KDPD2
Terminal device sends out bind request to new quantum key server-side, and the ciphertext K is carried in the requestDPD1· KDPD2
After new quantum key server-side judges that terminal device is legal, is communicated with old quantum key server-side, inform old amount The bind request that sub-key server-side terminal device is sent out;
After old quantum key server-side receives the notification of new quantum key server-side, by being tied up with new quantum key server-side Fixed identification key KPD1PD2To old identification key KDPD1It is encrypted, obtains ciphertext KPD1PD2·KDPD1, and will be close Literary KPD1PD2·KDPD1It is sent to new quantum key server-side;
New quantum key server-side passes through the identification key K that is bound with old quantum key server-sidePD1PD2To ciphertext KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Recycle old identification key KDPD1It is right Ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key server-side obtains new Identification key KDPD2Afterwards binding relationship is established with terminal device;
After terminal device establishes binding relationship with new quantum key server-side, old quantum key server-side releasing is tied up with end equipment Determine relationship.
14. a kind of terminal device secret signalling based on quantum true random number, including multiple terminal devices, feature exist In:The quantum real random number generator for generating business demand key is provided at least one terminal device;
The system also includes quantum key server-side, terminal device is close by unique identification with quantum key server-side Key is bound, and the terminal device includes at least first terminal equipment and second terminal equipment, wherein:
The first terminal equipment which is provided with the quantum real random number generator, and the first terminal equipment is for passing through The business demand key that quantum real random number generator described in the identification key pair of binding generates is encrypted and sends To quantum key server-side;
The quantum key server-side, for receive first terminal equipment transmission encrypted business demand key, by with Business demand key after the identification key pair encryption of the first terminal apparatus bound is decrypted to obtain the industry Then business demand key reuses business demand key described in the identification key pair with second terminal apparatus bound and carries out Second terminal equipment is sent to after encryption;
The second terminal equipment, the encrypted business demand key for receiving the transmission of quantum key server-side, using tying up Surely the business demand key after identification key pair encryption is decrypted to obtain the business demand key;
The first terminal equipment and second terminal equipment carry out secret communication by the business demand key;Calling terminal communicates Start the transmission of business demand key while service request is sent out.
15. the terminal device secret signalling according to claim 14 based on quantum true random number, it is characterised in that:
The first terminal equipment is additionally operable to while sending encrypted business demand key to quantum key server-side, lead to The business demand key pair business information is crossed to be encrypted and be sent to the second terminal equipment;
The second terminal equipment is additionally operable to receive the encrypted business information that first terminal equipment is sent, after decryption The business demand key pair encryption after business information be decrypted and obtain the business information.
16. the terminal device secret signalling according to claim 14 based on quantum true random number, it is characterised in that: The quantum key server-side has multiple, and multiple quantum key server-sides pass sequentially through unique identification key and carry out Binding, each quantum key server-side are used to use independent identification to the business demand key decrypted Key is sent to next quantum key server-side after being encrypted, next quantum key server-side is known using identical identity The encrypted business demand key that other key pair receives is decrypted, until the last one quantum key server-side, by most The latter quantum key server-side is encrypted business demand key and is sent to the second terminal equipment.
17. according to terminal device secret signalling of the claim 14-16 any one of them based on quantum true random number, It is characterized in that:It is provided in first terminal equipment, second terminal equipment or quantum key server-side close for generating identification The quantum real random number generator of key.
18. the terminal device secret signalling according to claim 16 based on quantum true random number, it is characterised in that: The quantum-key distribution terminal for generating identification key is provided in the quantum key server-side.
19. the terminal device secret signalling based on quantum true random number according to claim 14 or 16, feature It is:The quantum key server-side is additionally operable to the identification key by it with first terminal apparatus bound to verify first Whether terminal device is legal, starts to receive the encrypted business demand key that first terminal equipment is sent if legal;Such as Fruit does not conform to rule refusal service request.
20. the terminal device secret signalling according to claim 14 based on quantum true random number, it is characterised in that: The terminal device is only bound with quantum key server-side in the same time, and the identification key of binding answer it is described The request of terminal device can update or because the initiative of the quantum key server-side is updated.
21. the terminal device secret signalling according to claim 20 based on quantum true random number, it is characterised in that: The terminal device is additionally operable to initiate identification key replacement request to the quantum key server-side for establishing binding relationship therewith, New identification key K is extracted in the identification key that quantum real random number generator generatesC|P
The terminal device is also used for old identification key KCPTo new identification key KC|PIt is encrypted, obtains Obtain ciphertext KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
Quantum key server-side be additionally operable to checking request end it is legal after, pass through old identification key KCPTo the ciphertext received KCP·KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PTo replace old identity Identify key KCP
The identification key bound between the terminal device and quantum key server-side only allows to be sent out by terminal device to ask It asks and is updated.
22. the terminal device secret signalling according to claim 17 based on quantum true random number, it is characterised in that: The quantum key server-side is additionally operable to close to another quantum key server-side initiation identification for establishing binding relationship therewith Key replacement request, and use old identification key KP2P3To new identification key KP2|P3Acquisition ciphertext is encrypted KP2P3·KP2|P3, and send ciphertext KP2P3·KP2|P3To the quantum key server-side bound therewith;
The quantum key server-side bound therewith passes through old identification key KP2P3To the ciphertext K receivedP2P3·KP2|P3Into Row decryption, obtains new identification key KP2|P3, and with new identification key KP2|P3It is close come the identification of replacing old Key KP2P3
23. the terminal device secret signalling according to claim 14 based on quantum true random number, it is characterised in that: When terminal device geographical location changes, terminal device is by way of local wired connection or the mode of wireless connection and old amount Sub-key server-side is unbinding, and by way of local wired connection or the mode of wireless connection binds new quantum key Server-side,
Terminal device is wirelessly unbinding with old quantum key server-side, establishes and binds with new quantum key server-side The method of relationship is:
Terminal device sends out bind request to new quantum key server-side, in the identification that quantum real random number generator generates The new identification key K of extraction in keyDPD2
Terminal device passes through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains ciphertext KDPD1·KDPD2, and by ciphertext KDPD1·KDPD2It is sent collectively to new quantum key server-side with bind request;
After new quantum key server-side judges that terminal device is legal, is communicated with old quantum key server-side, inform old quantum The bind request that cipher key service end terminal device is sent out;
After old quantum key server-side receives the notification of new quantum key server-side, old quantum key server-side by with it is new The identification key K of quantum key server-side bindingPD1PD2To old identification key KDPD1It is encrypted, obtains ciphertext KPD1PD2·KDPD1, and by ciphertext KPD1PD2·KDPD1It is sent to new quantum key server-side;
New quantum key server-side passes through the identification key K that is bound with old quantum key server-sidePD1PD2To ciphertext KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Recycle old identification key KDPD1It is right Ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key server-side obtains new After identification key KDPD2 binding relationship is established with terminal device;
After terminal device establishes binding relationship with new quantum key server-side, old quantum key server-side releasing is tied up with end equipment Determine relationship.
CN201710244179.9A 2017-04-14 2017-04-14 Secret communication method based on quantum true random number and communication system Active CN107094076B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710244179.9A CN107094076B (en) 2017-04-14 2017-04-14 Secret communication method based on quantum true random number and communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710244179.9A CN107094076B (en) 2017-04-14 2017-04-14 Secret communication method based on quantum true random number and communication system

Publications (2)

Publication Number Publication Date
CN107094076A CN107094076A (en) 2017-08-25
CN107094076B true CN107094076B (en) 2018-09-25

Family

ID=59637938

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710244179.9A Active CN107094076B (en) 2017-04-14 2017-04-14 Secret communication method based on quantum true random number and communication system

Country Status (1)

Country Link
CN (1) CN107094076B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109842442B (en) * 2017-11-26 2020-07-28 成都零光量子科技有限公司 Quantum key service method taking airport as regional center
CN109525390B (en) * 2018-11-20 2021-08-24 江苏亨通问天量子信息研究院有限公司 Quantum key wireless distribution method and system for terminal equipment secret communication
CN109698746B (en) * 2019-01-21 2021-03-23 北京邮电大学 Method and system for generating sub-keys of binding equipment based on master key negotiation
CN110190952A (en) * 2019-05-09 2019-08-30 浙江神州量子通信技术有限公司 It is a kind of based on quantum random number to the encrypted transmission method of Internet of Things safety
CN110247765B (en) * 2019-06-25 2021-12-28 湖北凯乐量子通信光电科技有限公司 Quantum secret data chain communication system
CN110289953A (en) * 2019-06-25 2019-09-27 湖北凯乐量子通信光电科技有限公司 A kind of quantum secret communication system
CN110490051A (en) * 2019-07-03 2019-11-22 武汉虹识技术有限公司 Iris authentication system and method
CN112929168A (en) * 2021-02-05 2021-06-08 安徽华典大数据科技有限公司 Quantum-based key distribution method
CN114124370A (en) * 2021-10-14 2022-03-01 阿里云计算有限公司 Key generation method and device
CN116546500B (en) * 2023-06-30 2023-09-22 中国电信股份有限公司 Terminal capability identification method, system, electronic equipment and medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103441839A (en) * 2013-08-15 2013-12-11 国家电网公司 Method and system for using quantum cryptography in safe IP communication
CN103763099A (en) * 2014-02-13 2014-04-30 国家电网公司 Electric power security communication network based on quantum key distribution technology
CN104243143A (en) * 2013-06-08 2014-12-24 安徽量子通信技术有限公司 Mobile secret communication method based on quantum key distribution network
CN105471576A (en) * 2015-12-28 2016-04-06 科大国盾量子技术股份有限公司 Quantum key relaying method, quantum terminal nodes and quantum key relaying system
CN106209739A (en) * 2015-05-05 2016-12-07 科大国盾量子技术股份有限公司 Cloud storage method and system
CN106357649A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 User identity authentication system and method
CN106411525A (en) * 2016-09-23 2017-02-15 浙江神州量子网络科技有限公司 Message authentication method and system
CN106470104A (en) * 2015-08-20 2017-03-01 阿里巴巴集团控股有限公司 For generating method, device, terminal unit and the system of shared key

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4200909B2 (en) * 2004-01-29 2008-12-24 日本電気株式会社 Random number generation and sharing system, encrypted communication device, and random number generation and sharing method used therefor
JP4912772B2 (en) * 2005-09-22 2012-04-11 富士通株式会社 Encryption method, encryption / decryption method, encryption device, encryption / decryption device, transmission / reception system, and communication system
CN101803272B (en) * 2007-06-26 2013-08-14 豌豆制造技术有限公司 Authentication system and method
WO2012025987A1 (en) * 2010-08-24 2012-03-01 三菱電機株式会社 Communication terminal, communication system, communication method and communication program
EP2940923B1 (en) * 2014-04-28 2018-09-05 Université de Genève Method and device for optics based quantum random number generator

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243143A (en) * 2013-06-08 2014-12-24 安徽量子通信技术有限公司 Mobile secret communication method based on quantum key distribution network
CN103441839A (en) * 2013-08-15 2013-12-11 国家电网公司 Method and system for using quantum cryptography in safe IP communication
CN103763099A (en) * 2014-02-13 2014-04-30 国家电网公司 Electric power security communication network based on quantum key distribution technology
CN106209739A (en) * 2015-05-05 2016-12-07 科大国盾量子技术股份有限公司 Cloud storage method and system
CN106470104A (en) * 2015-08-20 2017-03-01 阿里巴巴集团控股有限公司 For generating method, device, terminal unit and the system of shared key
CN105471576A (en) * 2015-12-28 2016-04-06 科大国盾量子技术股份有限公司 Quantum key relaying method, quantum terminal nodes and quantum key relaying system
CN106357649A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 User identity authentication system and method
CN106411525A (en) * 2016-09-23 2017-02-15 浙江神州量子网络科技有限公司 Message authentication method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《Quantum Random Number Generation on a Mobile Phone,移动电话上的量子随机数生成器》;Anthony Martin,H.Zbinden等;《Phys.Rev.X 4,031056(2014)》;20140502;全文 *
《设备无关量子通信综述》;黄靖正等;《QUANTUM COMMUNICATIONS》;20130228;全文 *

Also Published As

Publication number Publication date
CN107094076A (en) 2017-08-25

Similar Documents

Publication Publication Date Title
CN107094076B (en) Secret communication method based on quantum true random number and communication system
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN103491531B (en) Power system WiMAX wireless communication networks uses the method that quantum key improves power information transmission security
CN100591003C (en) Enabling stateless server-based pre-shared secrets
CN108650028B (en) Multiple identity authentication system and method based on quantum communication network and true random number
CN108510270B (en) Mobile transfer method with safe quantum
CN108964897B (en) Identity authentication system and method based on group communication
CN106452739A (en) Quantum network service station and quantum communication network
CN101651539A (en) updating and distributing encryption keys
CN101340443A (en) Session key negotiating method, system and server in communication network
CN106411525A (en) Message authentication method and system
CN101741555A (en) Method and system for identity authentication and key agreement
CN108964896B (en) Kerberos identity authentication system and method based on group key pool
CN110224821A (en) A kind of communication encrypting method of unmanned mobile platform
CN108847928B (en) Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card
WO2012024906A1 (en) Mobile communication system and voice call encryption method thereof
CN108600152B (en) Improved Kerberos identity authentication system and method based on quantum communication network
CN108377188A (en) A kind of quantum cryptography system for extraordinary emergent self-organized network communication
CN108880799B (en) Multi-time identity authentication system and method based on group key pool
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
JP6544519B2 (en) Mobile control system
CN108964888A (en) A kind of modified AKA identity authorization system and method based on pool of symmetric keys and relayed communications
CN206042014U (en) Quantum network service station and quantum communication network
CN101741548A (en) Method and system for establishing safe connection between switching equipment
CN108270553A (en) Credible repeater, the key encryption method of quantum communication network, device, system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant