CN107094076B - Secret communication method based on quantum true random number and communication system - Google Patents
Secret communication method based on quantum true random number and communication system Download PDFInfo
- Publication number
- CN107094076B CN107094076B CN201710244179.9A CN201710244179A CN107094076B CN 107094076 B CN107094076 B CN 107094076B CN 201710244179 A CN201710244179 A CN 201710244179A CN 107094076 B CN107094076 B CN 107094076B
- Authority
- CN
- China
- Prior art keywords
- key
- quantum
- identification
- terminal device
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of secret communication methods based on quantum true random number, it is characterised in that:Business demand key used in secret communication is by being arranged quantum real random number generator generation on the terminal device.The invention also discloses a kind of secret signallings based on quantum true random number, including multiple terminal devices, it is characterised in that:The quantum real random number generator for generating business demand key is provided at least one terminal device.The present invention is generated by the quantum real random number generator that terminal device carries and obtains business demand key, and available key amount is not less than 3Mbps, improves more than 200 times, it is sufficient to support the traffic demands of the terminal device of bigger scale amounts.Demand key ciphertext is transmitted while being simultaneously emitted by communication service request, delay is reduced, ensures the real-time of communication service.
Description
Technical field
The invention belongs to mobile communication encryption technology fields, and in particular to a kind of secret communication based on quantum true random number
Method and communication system.
Background technology
With the rapid development and extensive use of the wireless communication technique of terminal device, business tine covers wide, industry
Business demand is also being continuously improved, and still, is transmitted into row information with plaintext always to wireless communication system, in addition wireless signal is certainly
By spatial, arbitrary people can initiate eavesdropping and attack, be not necessarily to complex device.Therefore the safety of wireless communication system itself
Problem is difficult to ensure always.
In order to improve the safety of wireless transmission, most-often used is exactly cryptographic technique.Password is generated to bright using algorithm
Text encryption, such as DES, AES Encryption Algorithm, these technologies improve the safety of information, however its password is all algorithm generation
, it then follows algorithm rule, therefore its password is all pseudo random number, in particular with the development of quantum computer, these password skills
Art can all be broken through easily.Technique on Quantum Communication would solve these problems, the key that Technique on Quantum Communication uses
Completely random is the true random number of real meaning without rule, different from existing Encryption Algorithm, and Technique on Quantum Communication is from reason
It is proved to be to be perfectly safe by upper, information can not be interpreted in transmission process, because it makes in Technique on Quantum Communication
By quantum (being usually photon), coding obtains key, and quantum is not indivisible, reproducible, in physics during generation
The use that can not be stolen in angle, and the key completely random that Technique on Quantum Communication generates are learned, it is irregular to follow, it is really to anticipate
The upper true random number of justice.Simultaneously with the use of the data ciphering method of " one-time pad ", thus it is ensured that the nothing of wireless information transfer
Condition safety.
104243143 B of Chinese patent Authorization Notice No. CN, disclose a kind of movement based on quantum key distribution network
Secret communication method, it includes the quantum key distribution network being made of concentrator station, and each concentrator station can be at least one terminal
Apparatus bound takes the method that ciphertext relays that encrypted information is transmitted to the terminal device of distal end concentrator station binding, but should
The business cipher key source of method be quantum key distribution network, quantum key distribution network at present in the transmission of 50km apart from it most
It is 13kbps or so to obtain secret-key rate eventually, and size of key can not support the business demand of enough terminal devices, while quantum is close
It is the distribution that business cipher key is just carried out after communication service request is sent out that key, which distributes network, it is difficult to ensure the real-time of communication.Its
Terminal device needs login network access to be bound, and binding validatation information immobilizes in the case where terminal device does not change region,
Its safety is difficult to ensure.
Invention content
In order to solve the above technical problems, the present invention provides a kind of secret communication method based on quantum true random number, it can
To provide the traffic demands for the terminal device for being enough to support bigger scale amounts, and delay can be reduced, ensure communication service
Real-time.
In order to achieve the above objectives, technical scheme is as follows:A kind of secret communication side based on quantum true random number
Method, it is characterised in that:Business demand key used in secret communication is by being arranged quantum true random number hair on the terminal device
Raw device generates.
In the preferred embodiment of the present invention, further comprise that the secret communication method specifically includes following steps:
(1) multiple terminal devices are bound by unique identification key respectively with quantum key server-side;
(2) business demand key is generated by the quantum real random number generator positioned at first terminal equipment, first terminal is set
Business demand key is encrypted and is sent to quantum key server-side described in the standby identification key pair by binding;
(3) the quantum key server-side receives the encrypted business demand key that first terminal equipment is sent, and passes through
It is decrypted to obtain the business demand key with the identification key of first terminal apparatus bound, then reuse
Business demand key described in identification key pair with second terminal apparatus bound is sent to second terminal after being encrypted
Equipment;
(4) second terminal equipment receives the encrypted business demand key that quantum key server-side is sent, and utilizes binding
Identification key is decrypted to obtain the business demand key;
(5) first terminal equipment and second terminal equipment carry out secret communication by the business demand key.
In the preferred embodiment of the present invention, further comprise
In step (2), first terminal equipment is encrypted concurrently by business demand key described in identification key pair
While sending to quantum key server-side, it is encrypted using the business demand key pair business information and is sent to described
Two terminal devices.
In the preferred embodiment of the present invention, it is multiple to further comprise that the quantum key server-side has, it is multiple described
Quantum key server-side passes sequentially through unique identification key and is bound, and each quantum key server-side is to decryption
The business demand key out is sent to next quantum key clothes after being encrypted using independent identification key
Business end, the encrypted business demand key that next quantum key server-side is received using identical identification key pair
Be decrypted, until the last one quantum key server-side, by the last one quantum key server-side to business demand key into
Row encrypting and transmitting gives the second terminal equipment.
In the preferred embodiment of the present invention, further comprise that the identification key is occurred by quantum true random number
Device generates, and the quantum real random number generator for generating identification key is set to first terminal equipment, second terminal is set
On standby or quantum key server.
In the preferred embodiment of the present invention, further comprise
In step (3), quantum key server-side is verified by its identification key with first terminal apparatus bound
Whether first terminal equipment is legal, and the encrypted business demand for starting to receive the transmission of first terminal equipment if legal is close
Key;If not conforming to rule refusal service request.
The present invention a preferred embodiment in, further comprise the terminal device the same time only with a quantum
Cipher key service end is bound, and the identification key of binding can update.
In the preferred embodiment of the present invention, further comprises binding between terminal device and quantum key server-side and use
Identification key answer the request of the terminal device to update, newer method is:
The terminal device initiates the replacement of identification key to the quantum key server-side for establishing binding relationship therewith asks
It asks, new identification key K is extracted in the identification key that quantum real random number generator generatesC|P;
The terminal device uses old identification key KCPTo new identification key KC|PIt is encrypted, obtains
Ciphertext KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
After quantum key server-side checking request end is legal, pass through old identification key KCPTo the ciphertext received
KCP·KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PTo replace old identity
Identify key KCP。
In the preferred embodiment of the present invention, further comprises binding between terminal device and quantum key server-side and use
Identification key update because of the requirement of the quantum key server-side, update method is:
The quantum key server-side sends out update identification key to the terminal device for establishing binding relationship therewith
It is required that terminal device extracts new identification key K in the identification key that quantum real random number generator generatesC|P;
The terminal device uses old identification key KCPTo new identification key KC|PIt is encrypted, obtains
Ciphertext KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
After quantum key server-side checking request end is legal, pass through old identification key KCPTo the ciphertext received
KCP·KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PTo replace old identity
Identify key KCP。
In the preferred embodiment of the present invention, further comprise the identity of binding between the quantum key server-side
Identification key can answer the request of quantum key server-side to update, and update method is,
It is close to the quantum key server-side initiation update identification bound therewith to initiate newer quantum key server-side
The request of key, and use old identification key KP2P3To new identification key KP2|P3Acquisition ciphertext is encrypted
KP2P3·KP2|P3, and send ciphertext KP2P3·KP2|P3To the quantum key server-side bound therewith;
The quantum key server-side bound therewith passes through old identification key KP2P3To the ciphertext K receivedP2P3·
KP2|P3It is decrypted, obtains new identification key KP2|P3, and with new identification key KP2|P3To replace old identity
Identify key KP2P3。
In the preferred embodiment of the present invention, further comprise the body of binding between each quantum key server-side
Part identification key can also be by being arranged the quantum-key distribution terminal distribution in the quantum key server-side, quantum key point
It is updated with being transmitted by quantum channel after identification key described in terminal distribution.
In the preferred embodiment of the present invention, further comprise
In step (3), after quantum key server-side receives the service request that the first terminal equipment is sent, by with
Whether the identification key authentication first terminal equipment of first terminal apparatus bound is legal, if legal, executes the operation of decryption;
If illegal, refusal executes decryption oprerations, and judges whether the first terminal equipment is local invasion, if so, alarm and/or
Start security protection.
In the preferred embodiment of the present invention, further comprise when terminal device geographical location changes, terminal device
It is unbinding with old quantum key server-side, and new quantum key server-side is bound, it specifically includes:
Terminal device extracts new identification key in the identification key that quantum real random number generator generates
KDPD2, and pass through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains ciphertext KDPD1·
KDPD2;
Terminal device sends out bind request to new quantum key server-side, and the ciphertext is carried in the request
KDPD1·KDPD2;
After new quantum key server-side judges that terminal device is legal, is communicated, informed with old quantum key server-side
The bind request that old quantum key server-side terminal device is sent out;
After old quantum key server-side receives the notification of new quantum key server-side, by with new quantum key service
Hold the identification key K of bindingPD1PD2To old identification key KDPD1It is encrypted, obtains ciphertext KPD1PD2·KDPD1, and
By ciphertext KPD1PD2·KDPD1It is sent to new quantum key server-side;
New quantum key server-side passes through the identification key K that is bound with old quantum key server-sidePD1PD2To ciphertext
KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Recycle old identification key KDPD1It is right
Ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key server-side obtains new
Identification key KDPD2Afterwards binding relationship is established with terminal device;
After terminal device establishes binding relationship with new quantum key server-side, old quantum key server-side releases and end equipment
Binding relationship.
In order to achieve the above objectives, another technical solution of the invention is as follows:A kind of terminal based on quantum true random number is set
Standby secret signalling, including multiple terminal devices, it is characterised in that:It is provided at least one terminal device for producing
The quantum real random number generator of raw business demand key.
In the preferred embodiment of the present invention, further comprise that the system also includes quantum key server-side, terminals
Equipment is bound with quantum key server-side by unique identification key, and the terminal device includes at least first eventually
End equipment and second terminal equipment, wherein:
The first terminal equipment, which is provided with the quantum real random number generator, and the first terminal equipment is used for
The business demand key that quantum real random number generator described in identification key pair by binding generates is encrypted simultaneously
It is sent to quantum key server-side;
The quantum key server-side, the encrypted business demand key for receiving the transmission of first terminal equipment lead to
It crosses and is decrypted to obtain institute with the business demand key after the identification key pair encryption of the first terminal apparatus bound
Business demand key is stated, business demand key described in the identification key pair with second terminal apparatus bound is then reused
Second terminal equipment is sent to after being encrypted;
The second terminal equipment, the encrypted business demand key for receiving the transmission of quantum key server-side, profit
It is decrypted to obtain the business demand key with the business demand key after the identification key pair encryption of binding;
The first terminal equipment and second terminal equipment carry out secret communication by the business demand key.
In the preferred embodiment of the present invention, further comprise that the first terminal equipment is additionally operable to after sending encryption
Business demand key to quantum key server-side while, be encrypted simultaneously by the business demand key pair business information
It is sent to the second terminal equipment;
The second terminal equipment is additionally operable to receive the encrypted business information that first terminal equipment is sent, utilizes solution
The business information after the business demand key pair encryption after close, which is decrypted, obtains the business information.
In the preferred embodiment of the present invention, it is multiple to further comprise that the quantum key server-side has, it is multiple described
Quantum key server-side passes sequentially through unique identification key and is bound, each quantum key server-side for pair
It is close that the business demand key decrypted is sent to next quantum after being encrypted using independent identification key
Key server-side, the encrypted business demand that next quantum key server-side is received using identical identification key pair
Key is decrypted, until the last one quantum key server-side, close to business demand by the last one quantum key server-side
Key is encrypted and is sent to the second terminal equipment.
In the preferred embodiment of the present invention, further comprise that first terminal equipment, second terminal equipment or quantum are close
The quantum real random number generator for generating identification key is provided in key server-side.
In the preferred embodiment of the present invention, further comprise being provided with for generating in the quantum key server-side
The quantum-key distribution terminal of identification key.
In the preferred embodiment of the present invention, further comprise that the quantum key server-side is additionally operable to through itself and the
Whether the identification key of one terminal device binding is legal to verify first terminal equipment, starts reception first if legal
The encrypted business demand key that terminal device is sent;If not conforming to rule refusal service request.
The present invention a preferred embodiment in, further comprise the terminal device the same time only with a quantum
Cipher key service end is bound, and the identification key of binding answers the request of the terminal device that can update or because described
The initiative of quantum key server-side is updated.
In the preferred embodiment of the present invention, further comprise that the terminal device is additionally operable to close to foundation binding therewith
The quantum key server-side of system initiates identification key replacement request, in the identification that quantum real random number generator generates
The new identification key K of extraction in keyC|P;
The terminal device is also used for old identification key KCPTo new identification key KC|PAdded
It is close, obtain ciphertext KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
Quantum key server-side be additionally operable to checking request end it is legal after, pass through old identification key KCPTo what is received
Ciphertext KCP·KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PIt is old to replace
Identification key KCP;
The identification key bound between the terminal device and quantum key server-side only allows to be sent out by terminal device
Go out request and is updated.
In the preferred embodiment of the present invention, further comprise
The quantum key server-side is additionally operable to initiate body to another quantum key server-side for establishing binding relationship therewith
Part identification key replacement request, and use old identification key KP2P3To new identification key KP2|P3It is encrypted and obtains
Obtain ciphertext KP2P3·KP2|P3, and send ciphertext KP2P3·KP2|P3To the quantum key server-side bound therewith;
The quantum key server-side bound therewith passes through old identification key KP2P3To the ciphertext K receivedP2P3·
KP2|P3It is decrypted, obtains new identification key KP2|P3, and with new identification key KP2|P3To replace old identity
Identify key KP2P3。
In the preferred embodiment of the present invention, further comprise
When terminal device geographical location changes, terminal device is by way of local wired connection or the side of wireless connection
Formula and old quantum key server-side are unbinding, and by way of local wired connection or the mode of wireless connection bind it is new
Quantum key server-side,
Terminal device is wirelessly unbinding with old quantum key server-side, is established with new quantum key server-side
The method of binding relationship is:
Terminal device sends out bind request to new quantum key server-side, in the identity that quantum real random number generator generates
Identify the identification key K that extraction is new in keyDPD2;
Terminal device passes through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains close
Literary KDPD1·KDPD2, and by ciphertext KDPD1·KDPD2It is sent collectively to new quantum key server-side with bind request;
After new quantum key server-side judges that terminal device is legal, is communicated, informed old with old quantum key server-side
The bind request that quantum key server-side terminal device is sent out;
After old quantum key server-side receives the notification of new quantum key server-side, old quantum key server-side passes through
With the identification key K of new quantum key server-side bindingPD1PD2To old identification key KDPD1It is encrypted, obtains
Ciphertext KPD1PD2·KDPD1, and by ciphertext KPD1PD2·KDPD1It is sent to new quantum key server-side;
New quantum key server-side passes through the identification key K that is bound with old quantum key server-sidePD1PD2To ciphertext
KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Recycle old identification key KDPD1It is right
Ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key server-side obtains new
After identification key KDPD2 binding relationship is established with terminal device;
After terminal device establishes binding relationship with new quantum key server-side, old quantum key server-side releases and end equipment
Binding relationship.
The beneficial effects of the invention are as follows:
One, key midsequent secret communication method compared to the prior art, key midsequent of the invention secrecy are logical
Letter method can reduce the lag delay that business demand key reaches called end, improve service quality:
In the prior art, communication service request is sent out by caller first, then distributes business by quantum key distribution network
Key, then to business information, (business information herein is cleartext information, such as short message, voice by the business cipher key of distribution acquisition
Deng) be encrypted, encrypted business information is sent to called end by original link, that is, the transmission of business cipher key is stagnant
The time sent out afterwards in communication service request;
In the technology of the present invention, business demand key is generated by the quantum real random number generator that terminal device carries, (
It is exactly business cipher key in the prior art), calling terminal communication service request starts the transmission of business demand key while sending out,
Thus come reduce business demand key reach called end delay, improve service quality.
Secondly, key midsequent secret communication compared to the prior art, key midsequent secret communication side of the invention
Method disclosure satisfy that the more business demand of more multi-terminal equipment:
In the prior art, the acquisition of business cipher key is measured from the distribution of quantum key distribution network due to photon attenuation
It is 13Kbps or so, business cipher key that sub-key, which distributes network and finally obtains the rate of business cipher key after the transmission distance of 50Km,
Amount can not support enough terminal device business demands.
In the technology of the present invention, the quantum real random number generator that is carried by terminal device generate business demand key (
It is exactly business cipher key in the prior art), the size of key of available service demand key is not less than 3Mbps, improves more than 200
Times, it is sufficient to the more business demand of support more multi-terminal equipment.
Thirdly, key midsequent secret communication compared to the prior art, key midsequent of the invention maintain secrecy colleague side
Method can greatly improve safe class:
In the prior art, terminal device login network access is bound, and does not change area in terminal device after binding validatation information
Its quantum ID number immobilizes in the case of domain, and communications security is difficult to ensure.
In the technology of the present invention, the identity shared after binding relationship is established between terminal device and quantum key server-side and is known
The identification communicated between other key (quantum ID number namely in the prior art) and each quantum key server-side is close
Key can should be asked and be updated at any time, will not be used same identification key for a long time, greatly be improved safe class.
The business scope of application of quantum secure network four, is extended, and implements to be easy, improvement cost is low, construction period
It is short:
In the technology of the present invention, what is transmitted in calling terminal equipment-quantum key service network-called terminal equipment is to add
Business demand key after close, is not encrypted business information, and encrypted business information adds still through specific business
Original data link is transmitted, and called terminal equipment, business information are reached by different paths from business demand key
Encryption and decryption only carried out at terminal device primary, this communication mode can be preferably mutually compatible with existing communication business, nothing
The data flow transmission route of original mobile communication business need to be made a change, only by itself and newly-increased quantum key service network
Be connected can, extend the business use scope of quantum secure network, have improvement cost it is low, the spy of short construction period
Point.
Description of the drawings
Technical solution in technology in order to illustrate the embodiments of the present invention more clearly, in being described below to embodiment technology
Required attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some realities of the present invention
Example is applied, it for those of ordinary skill in the art, without creative efforts, can also be according to these attached drawings
Obtain other attached drawings.
Fig. 1 is that key midsequent moves secret communication schematic diagram in the prior art;
Fig. 2 is that key midsequent moves secret communication schematic diagram in the technology of the present invention;
Fig. 3 is the transmission schematic diagram of ciphertext in the technology of the present invention;
Fig. 4 is overall flow figure of the present invention;
Fig. 5 is to update quantum authentication between terminal device of the present invention and the quantum key server-side for establishing binding relationship
The schematic diagram of code;
Fig. 6 is the schematic diagram for updating quantum identity code in the technology of the present invention between quantum key server-side;
Fig. 7 is the schematic diagram of terminal device switching binding quantum key server-side in the technology of the present invention;
Fig. 8 is the structure diagram of terminal device in the technology of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts
Embodiment shall fall within the protection scope of the present invention.
Embodiment one
The present embodiment provides a kind of secret communication methods based on quantum true random number, realize the secrecy between terminal device
It communicates, the business demand key used in this secret communication method is by being arranged quantum true random number generation on the terminal device
Device generates.
Include based on the main hardware equipment involved by the progress secret communication of quantum true random number in the present embodiment:
1. terminal device
Terminal device can be smart mobile phone, tablet computer, laptop, PDA (individual digital assistant) etc. mobile
The other-ends equipment such as terminal or set-top box, PC, it is the initiator and recipient of communication service.
Configured with quantum real random number generator, storage device, the hardware for supporting network access capacity inside terminal device
Module has and carries out the ability of information exchange with quantum key server-side, has the processor of computing capability.
2. quantum key server-side
One or more quantum key server-sides form quantum key service networks, and quantum key server-side can be with
One or more terminal devices establish binding relationship, and share identification key with the terminal device for establishing binding relationship.
Quantum key server-side is configured with quantum real random number generator, is produced by included quantum real random number generator
Identification key used in being communicated with other quantum key server-sides in quantum key service network is given birth to, binding is identical
Business transferring demand key between two quantum key server-sides of identification key.
As shown in figure 8, the concrete composition structure inside terminal device is as follows:
Have inside terminal device quantum real random number generator, cipher key storage block, initiate business information memory module,
Encrypting module, identity code memory module, communication module, deciphering module and demand cipher key storage block,
After communication request is sent out, the business information of this communication is stored in above-mentioned initiation business information memory module;
Quantum real random number generator inside terminal device, which is generated, to be deposited with the isometric key of business information, key after generating
Storage is in above-mentioned cipher key storage block;
Out of cipher key storage block extract key as identification key storage in identity code memory module;
When terminal device establishes binding relationship with quantum key server-side, identity is extracted out of identity code memory module
Key is identified, as the quantum authentication code shared between the quantum key server-side for establishing binding relationship;
When communication service is initiated, key is extracted out of cipher key storage block as business demand key;
Acquisition demand key is encrypted using the identification key pair business demand key of binding in above-mentioned encrypting module
Ciphertext, at the same time using business demand key pair, acquisition business information is encrypted in this business information communicated to encrypting module
Ciphertext;
Above-mentioned communication module sends the demand key ciphertext and business information ciphertext of caller, while it is close to receive called demand
Key ciphertext and business information ciphertext;
Above-mentioned deciphering module is decrypted acquisition business using the identification key pair demand key ciphertext of binding and needs
Key is sought, acquisition business information at the same time is decrypted using the business demand key pair business information ciphertext after decryption;
The business demand key storage that deciphering module decryption obtains is in the demand cipher key storage block.
There are three types of the keys arrived involved in technical solution of the present invention:
1., between quantum key server-side binding identification key, can be by the quantum of quantum key server-side
Real random number generator generates, and can also be generated by the quantum-key distribution terminal of quantum key server-side, by QKD systems after generation
System transmits.
2., bound between quantum key server-side and terminal device after the identification key shared, it is by terminal device
Included quantum real random number generator generates, and key is stored in after generating in cipher key storage block, when establishing binding relationship from
Identification key is extracted in cipher key storage block, establishing the quantum key server-side of binding relationship, to back up this identification close
Key is shared and is used;
3., every time communication when the business demand key that needs, the quantum real random number generator that it is carried by terminal device
It generates, key is stored in after generating in cipher key storage block, is extracted key out of cipher key storage block when communication service is initiated and is made
For the business demand key of this communication, " one-time pad ", after use, or no use has finished still this communication
Through terminating, current business demand key will be all dropped.
In technical solution of the present invention, there are a variety of connecting channels between each hardware device:
1., between each quantum key server-side, exist simultaneously the classical channel and quantum channel of quantum network, classics letter
Road exists in the form of wired or wireless, and quantum channel can be the quantum channel etc. in fiber channel, free space.
Quantum channel is used to transmit shared identification key, warp based on BB84 agreements between each quantum key server-side
Allusion quotation channel is used for transmission encrypted business demand key.
2., between terminal device and quantum key server-side, when establishing binding relationship, between the two by reliable wired
Connection type connects, and establishes binding relationship, and the identification key of quantum key server-side back-up terminals equipment is shared identity and known
Other key;After establishing binding relationship, wired connection is disconnected, terminal device, which becomes, moves freely state, passes through between the two at this time
Classic network is transmitted, main to be transmitted using classical radio network technique, such as Wi-Fi technology or 3G, 4G technology etc..
3., encrypted business information two station terminal equipment rooms still use the business legacy data link transmission,
What its data flow was still walked is the original data link of telecom operators, and only business information therein has been encrypted.
The key midsequent movement secret communication of the technology of the present invention and the key midsequent of the prior art move secret communication
Difference, by taking calling terminal equipment sends information to called terminal equipment as an example, in the prior art, as shown in Figure 1, by calling terminal head
Communication service request is first sent out, then distributes business cipher key by quantum key distribution network, then the business cipher key obtained by distribution
Business information (business information herein is the cleartext information of short message) is encrypted, encrypted business information passes through original
Link is sent to called end, that is, business cipher key time for being sent out in communication service request of transfer lag;
In the technology of the present invention, as shown in Fig. 2, generating key by the quantum real random number generator that terminal device carries, obtain
Business demand key (business cipher key namely in the prior art) is obtained, calling terminal communication service request starts industry while sending out
The transmission of business demand key, that is, business demand key transmission and sending out for communication service request be carried out at the same time.
Below for using the process that technical solution of the present invention completes a secret communication between two station terminal equipment, come
The specific embodiment that the present invention will be described in detail, ciphertext transmittance process is as shown in figure 3, its overall flow figure is as shown in Figure 4.
Before communication service is initiated, the quantum key server-side of terminal device and region establishes binding relationship, this hair
In bright technical solution, " binding relationship " between terminal device and quantum key server-side is:
1., the terminal device of login network access possess unique binding identification in entire quantum key service network
Key;
2., the identification key uniquely held of terminal device should ask update;
3., a station terminal equipment cannot bind in section at the same time with multiple quantum key server-sides;
4., a quantum key server-side allows to bind zero, one or more terminal device in section at the same time;
5., the terminal device with binding relationship and between quantum key server-side share unique identification key.
When communication service is initiated
(1) first step, calling terminal equipment initiate communication service request:
Calling terminal equipment extracts the business demand key of this communication, after obtaining business demand key, on the one hand passes through
Acquisition demand key ciphertext is encrypted in the identification key pair business demand key of binding, and demand key ciphertext is sent out
It is sent to quantum key server-side P1;On the other hand the business information that this is communicated using the business demand key pair obtained is (herein
For the cleartext information of communication) it is encrypted, business information ciphertext is obtained, the business information ciphertext of acquisition is original by the business
Data link is transferred to called terminal equipment, and the demand key ciphertext of acquisition is transferred to called terminal by quantum key server-side
Equipment;Demand key ciphertext is obtained herein and obtains business information ciphertext and is carried out at the same time, herein demand key ciphertext and business letter
The first time that breath ciphertext is both sent out in communication service request is simultaneously emitted by.
(2) second step, quantum key server-side transmit demand key ciphertext (i.e. encrypted business demand key):
Quantum key server-side is set by the identification key of itself and calling terminal apparatus bound to verify calling terminal
It is standby whether legal, the demand key ciphertext of calling terminal equipment transmission is received if legal, by being tied up with calling terminal equipment
Surely the demand key ciphertext that identification key pair receives is decrypted to obtain business demand key, then reuses and quilt
It is sent to called terminal equipment after making the identification key pair business demand key of terminal device binding be encrypted.
On the other hand, if quantum key server-side verification calling terminal equipment is illegal, refuse service request, and sentence
Whether the calling terminal equipment of breaking is local invasion, is invaded if it is place, then alarm and/or startup security protection;If sentenced
Disconnected invasion of being not in the right place, then it is secondary to enter identification key authentication.
(3) third step, called terminal equipment receive request:
Called terminal equipment receives the demand key ciphertext that quantum key server-side is sent, and (i.e. encrypted business demand is close
Key) and calling terminal equipment send business information ciphertext (i.e. encrypted business information), using with quantum key server-side
The identification secret key decryption demand key ciphertext of binding obtains the business demand key of this communication, then using decryption
The business demand key pair business information ciphertext of acquisition is decrypted, and obtains the business information of this communication;Calling terminal as a result,
Equipment and called terminal equipment complete a secret communication.
This time in communication process, the business information ciphertext of this communication is participated in, the original data of such communication service are passed through
Link carries out secret communication, and the demand key ciphertext (i.e. encrypted business demand key) for participating in this communication is close by quantum
Key server-side is transmitted, the demand key ciphertext of this communication service and communication request synchronize send out, while communication request is sent out
The transmission of carry out demand key ciphertext.
The present invention another technical solution in, quantum key server-side have it is multiple, multiple quantum key server-sides are successively
It is bound by unique identification key, each quantum key server-side uses the business demand key decrypted
Independent identification key is sent to next quantum key server-side after being encrypted, next quantum key server-side makes
It is decrypted with the encrypted business demand key that identical identification key pair receives;Until being transmitted to the last one
Quantum key server-side is encrypted business demand key by the last one quantum key server-side and is sent to called terminal
Equipment.
As shown in figure 3, details are as follows for the detailed process of multiple quantum key server-side business transferring demand keys:
Calling terminal device A passes through the identification key K shared with first quantum key server-side P1AP1To this
The business demand key K of communicationXAcquisition demand key ciphertext K is encryptedAP1·KXIt is sent to first quantum key server-side
P1;
S1:First quantum key server-side P1 receives the demand key ciphertext K that calling terminal device A is sentAP1·KX,
Then the identification key K by being shared with calling terminal device AAP1To demand key ciphertext KAP1·KXAcquisition is decrypted
Business demand key KX;
S2:First quantum key server-side P1 is known by the quantum identity shared with second quantum key server-side P2
Other key KP1P2The business demand key K that decryption is obtainedXAcquisition demand key ciphertext K is encryptedP1P2·KXIt is sent to second
A quantum key server-side P2;
S3:Decryption, encryption method in second quantum key server-side P2 repetition above step S1, S2 communicate this
Demand key ciphertext level-one level-one transmit, until being transmitted to the last one quantum key server-side Pn.
In the technology of the present invention, the identity shared after binding relationship is established between terminal device and quantum key server-side and is known
The identity code key communicated between other code key and each quantum key server-side can update at any time, not when president
Between use same each identity code key, safe class can greatly be improved, newer method is as follows:
(1), as shown in figure 5, the identity code key that terminal device is uniquely held should ask the newer method to be:
1., terminal device C initiates the replacement of identification key to the quantum key server-side P for establishing binding relationship therewith asks
It asks or quantum key server-side P initiates to replace wanting for identification key to the terminal device C for establishing binding relationship therewith
It asks;
2., extract new identification key K in the identification key that the truly random generator of quantum generatesC|P;
3., terminal device C use old identification key KCPTo new identification key KC|PIt is encrypted, obtains
Ciphertext KCP·KC|P, and transmit ciphertext KCP·KC|PTo quantum key server-side P;
4., quantum key server-side P checking requests end it is legal after, pass through old identification key KCPTo ciphertext KCP·
KC|PIt is decrypted, obtains new identification key KC|P, with new identification key KC|PIt is close come the identification of replacing old
Key KCP。
(2), as shown in fig. 6, the identification key between each quantum key server-side can update, and there are two types of more for tool
New method, the first update method are the classical channel updates based on quantum network, and second of update method is to be based on quantum net
The quantum channel of network updates, and specific update method is:
(1) the first update method:
1., quantum key server-side P2 sends out to the quantum key server-side P3 that binds therewith and replaces identification key
Request, and use old identification key KP2P3To new identification key KP2|P3It is encrypted, obtains ciphertext KP2P3·
KP2|P3, and transmit ciphertext KP2P3·KP2|P3To quantum key server-side P3;
2., quantum key server-side P3 pass through old identification key KP2P3To ciphertext KP2P3·KP2|P3It is decrypted,
Obtain new identification key KP2|P3, with new identification key KP2|P3To replace old identification key KP2P3。
Herein, each quantum key server-side can replace the request sender of identification key as request, also
Request recipient can be used as.
(2) second of update method:
By the quantum-key distribution terminal distribution identification key being arranged in quantum key server-side, identification is close
BB84 agreements are based on by quantum channel after key distribution and transmit update.
When terminal device geographical location changes, terminal device preferably uses reliable wired connection mode first and old quantum
Then the unbinding relationship in cipher key service end is tied up using reliable wired connection mode and new quantum key server-side foundation again
Determine relationship, terminal device disconnects wired connection after establishing binding relationship with new quantum key server-side, restores can move freely
State.
As the further scheme of the present invention, when terminal device geographical location changes, terminal device can also use nothing
The mode of line connection switches the quantum key server-side bound therewith, as shown in fig. 7, its concrete methods of realizing is:
This is illustrated for sentencing terminal device D, old quantum key server-side PD1, new quantum key server-side PD2:
Terminal device D and old quantum key server-side PD1 shares quantum authentication code KDPD1;
Quantum authentication code K is shared between old quantum key server-side PD1 and new quantum key server-side PD2PD1PD2。
S1:Terminal device D sends out bind request to new quantum key server-side PD2, is produced in quantum real random number generator
The new identification key K of extraction in raw identification keyDPD2;
Terminal device passes through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains close
Literary KDPD1·KDPD2, and by ciphertext KDPD1·KDPD2It is sent collectively to new quantum key server-side with bind request;
S2:After new quantum key server-side PD2 judges that terminal device is legal, led to old quantum key server-side PD1
Letter, informs the bind request that old quantum key server-side PD1 terminal devices are sent out;
S3:After old quantum key server-side PD1 receives the notification of new quantum key server-side PD2, old quantum key
Server-side PD1 passes through the identification key K that is bound with new quantum key server-side PD2PD1PD2To old identification key
KDPD1It is encrypted, obtains ciphertext KPD1PD2·KDPD1, and by ciphertext KPD1PD2·KDPD1It is sent to new quantum key server-side PD2;
S4:New quantum key server-side PD2 passes through the identification key bound with old quantum key server-side PD1
KPD1PD2To ciphertext KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Old identity is recycled to know
Other key KDPD1To ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key clothes
Business end PD2 obtains new identification key KDPD2Afterwards binding relationship is established with terminal device D;
After terminal device D and new quantum key server-side PD2 establishes binding relationship, old quantum key server-side PD1 is released
With the binding relationship of end equipment D, old quantum authentication code KDPD1It is dropped and does not use.
The request for the quantum key server-side that binding relationship is established in terminal device switching herein therewith only allows to be set by terminal
Preparation goes out request and is replaced.
Embodiment two
The present embodiment provides a kind of secret signalling based on quantum true random number, this secret signalling includes quantum
Cipher key service end and multiple terminal devices.
Wherein, terminal device can be smart mobile phone, tablet computer, set-top box, laptop, PAD or other-end
Equipment, it is the initiator and recipient of communication service, and storage device is configured with inside terminal device, supports network access capacity
Hardware module, have with quantum key server-side carry out information exchange ability, have computing capability processor and use
In the quantum real random number generator for generating identification key.Configured with for generating industry on wherein at least one terminal device
The quantum real random number generator of business demand key.
Certainly, can be configured on terminal device a quantum real random number generator come and meanwhile generate identification key with
Business demand key can also configure two quantum real random number generators, be respectively intended to generate identification key and business
Demand key.
One or more quantum key server-sides form quantum key service network, and quantum key server-side is configured with and is used for
Generate the quantum real random number generator and/or quantum-key distribution terminal of identification key, a quantum key server-side
Binding relationship can be established with one or more terminal devices, and it is close with the terminal device for establishing binding relationship to share identification
Key.
In technical solution of the present invention, the terminal device of secret signalling includes at least first terminal equipment and second terminal
Equipment, wherein:
Above-mentioned first terminal equipment is equipped with quantum real random number generator, and first terminal equipment is for passing through binding
The business demand key that identification key pair quantum real random number generator generates is encrypted and is sent to quantum key clothes
Business end passes through above-mentioned business while first terminal equipment sends encrypted business demand key to quantum key server-side
Demand key pair business information is encrypted and is sent to second terminal equipment;
The encrypted business demand key that above-mentioned quantum key server-side is used to receive the transmission of first terminal equipment passes through
It is decrypted to obtain above-mentioned business with the business demand key after the identification key pair encryption of first terminal apparatus bound
Then demand key reuses and is added with the above-mentioned business demand key of the identification key pair of second terminal apparatus bound
Second terminal equipment is sent to after close;
Above-mentioned second terminal equipment is used to receive the encrypted business demand key and use of quantum key server-side transmission
In the encrypted business confidence for receiving the transmission of first terminal equipment, pass through the identity with above-mentioned quantum key server-side binding
Business demand key after identification key pair encryption is decrypted to obtain above-mentioned business demand key, utilizes the industry after decryption
Business information after business demand key pair encryption, which is decrypted, obtains the business information.
Above-mentioned first terminal equipment and second terminal equipment carry out secret communication by above-mentioned business demand key.
In the technical solution of the present embodiment, as shown in figure 8, the preferred internal structure of terminal device is as follows:
Have inside terminal device quantum real random number generator, cipher key storage block, initiate business information memory module,
Encrypting module, identity code memory module, communication module, deciphering module and demand cipher key storage block,
After communication request is sent out, the business information of this communication is stored in above-mentioned initiation business information memory module;
Quantum real random number generator inside terminal device, which is generated, to be deposited with the isometric key of business information, key after generating
Storage is in above-mentioned cipher key storage block;
Out of cipher key storage block extract key as identification key storage in identity code memory module;
When terminal device establishes binding relationship with quantum key server-side, identity is extracted out of identity code memory module
Key is identified, as the quantum authentication code shared between the quantum key server-side for establishing binding relationship;
When communication service is initiated, key is extracted out of cipher key storage block as business demand key;
Acquisition demand key is encrypted using the identification key pair business demand key of binding in above-mentioned encrypting module
Ciphertext, at the same time using business demand key pair, acquisition business information is encrypted in this business information communicated to encrypting module
Ciphertext;
Above-mentioned communication module sends the demand key ciphertext and business information ciphertext of caller, while it is close to receive called demand
Key ciphertext and business information ciphertext;
Above-mentioned deciphering module is decrypted acquisition business using the identification key pair demand key ciphertext of binding and needs
Key is sought, acquisition business information at the same time is decrypted using the business demand key pair business information ciphertext after decryption;
The business demand key storage that deciphering module decryption obtains is in the demand cipher key storage block.
In another technical solution of the present embodiment, quantum key server-side have it is multiple, multiple quantum key server-sides according to
Secondary to be bound by unique identification key, each quantum key server-side makes the business demand key decrypted
Next quantum key server-side, next quantum key server-side are sent to after being encrypted with independent identification key
It is decrypted using the encrypted business demand key that identical identification key pair receives;Until being transmitted to last
A quantum key server-side is encrypted business demand key by the last one quantum key server-side and is sent to called whole
End equipment.
As shown in figure 3, multiple quantum key server-sides transmit encrypted business demand key, business transferring demand is close
Details are as follows for the detailed process of key:
First terminal device A passes through the identification key K shared with first quantum key server-side P1AP1To this
The business demand key K of communicationXAcquisition demand key ciphertext K is encryptedAP1·KXIt is sent to first quantum key server-side
P1;
S1:First quantum key server-side P1 receives the demand key ciphertext K that first terminal device A is sentAP1·KX,
Then the identification key K by being shared with first terminal device AAP1To demand key ciphertext KAP1·KXAcquisition is decrypted
Business demand key KX;
S2:First quantum key server-side P1 is known by the quantum identity shared with second quantum key server-side P2
Other key KP1P2The business demand key K that decryption is obtainedXAcquisition demand key ciphertext K is encryptedP1P2·KXIt is sent to second
A quantum key server-side P2;
S3:Decryption, encryption method in second quantum key server-side P2 repetition above step S1, S2 communicate this
Demand key ciphertext level-one level-one transmit, until being transmitted to the last one quantum key server-side Pn.
In another technical solution of the present embodiment, established between terminal device and quantum key server-side after binding relationship altogether
The identity code key communicated between the identity code key enjoyed and each quantum key server-side can at any time more
Newly, same each identity code key will not be used for a long time, can greatly improve safe class, newer method is such as
Under:
(1), as shown in figure 5, the identity code key that terminal device is uniquely held should ask the newer method to be:
1., terminal device C initiates the replacement of identification key to the quantum key server-side P for establishing binding relationship therewith asks
It asks or quantum key server-side P initiates to replace wanting for identification key to the terminal device C for establishing binding relationship therewith
It asks;
2., that terminal device C extracts new identification in the identification key that the truly random generator of quantum generates is close
Key KC|P;
3., terminal device C use old identification key KCPTo new identification key KC|PIt is encrypted, obtains
Ciphertext KCP·KC|P, and transmit ciphertext KCP·KC|PTo quantum key server-side P;
4., quantum key server-side P checking requests end it is legal after, pass through old identification key KCPTo ciphertext KCP·
KC|PIt is decrypted, obtains new identification key KC|P, with new identification key KC|PIt is close come the identification of replacing old
Key KCP。
(2), as shown in fig. 6, the identification key between each quantum key server-side should ask update, and have
Two kinds of update methods, the first update method are the classical channel updates based on quantum network, and second of update method is to be based on
The quantum channel of quantum network updates, and specific update method is:
(1) the first update method:
1., quantum key server-side P2 sends out to the quantum key server-side P3 that binds therewith and replaces identification key
Request, and use old identification key KP2P3To new identification key KP2|P3It is encrypted, obtains ciphertext KP2P3·
KP2|P3, and transmit ciphertext KP2P3·KP2|P3To quantum key server-side P3;
2., quantum key server-side P3 pass through old identification key KP2P3To ciphertext KP2P3·KP2|P3It is decrypted,
Obtain new identification key KP2|P3, with new identification key KP2|P3To replace old identification key KP2P3。
Herein, each quantum key server-side can replace the request sender of identification key as request, also
Request recipient can be used as.
(2) second of update method:
By the quantum-key distribution terminal distribution identification key being arranged in quantum key server-side, identification is close
BB84 agreements are based on by quantum channel after key distribution and transmit update.
When terminal device geographical location changes, terminal device preferably uses reliable wired connection mode first and old quantum
Then the unbinding relationship in cipher key service end is tied up using reliable wired connection mode and new quantum key server-side foundation again
Determine relationship, terminal device disconnects wired connection after establishing binding relationship with new quantum key server-side, restores can move freely
State.
In another technical solution of the present embodiment, when terminal device geographical location changes, terminal device can also use
The mode of wireless connection switches the quantum key server-side bound therewith, as shown in fig. 7, its concrete methods of realizing is:
This is illustrated for sentencing terminal device D, old quantum key server-side PD1, new quantum key server-side PD2:
Terminal device D and old quantum key server-side PD1 shares quantum authentication code KDPD1;
Quantum authentication code K is shared between old quantum key server-side PD1 and new quantum key server-side PD2PD1PD2。
S1:Terminal device D sends out bind request to new quantum key server-side PD2, is produced in quantum real random number generator
The new identification key K of extraction in raw identification keyDPD2;
Terminal device passes through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains close
Literary KDPD1·KDPD2, and by ciphertext KDPD1·KDPD2It is sent collectively to new quantum key server-side with bind request;
S2:After new quantum key server-side PD2 judges that terminal device is legal, led to old quantum key server-side PD1
Letter, informs the bind request that old quantum key server-side PD1 terminal devices are sent out;
S3:After old quantum key server-side PD1 receives the notification of new quantum key server-side PD2, old quantum key
Server-side PD1 passes through the identification key K that is bound with new quantum key server-side PD2PD1PD2To old identification key
KDPD1It is encrypted, obtains ciphertext KPD1PD2·KDPD1, and by ciphertext KPD1PD2·KDPD1It is sent to new quantum key server-side PD2;
S4:New quantum key server-side PD2 passes through the identification key bound with old quantum key server-side PD1
KPD1PD2To ciphertext KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Old identity is recycled to know
Other key KDPD1To ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key clothes
Business end PD2 obtains new identification key KDPD2Afterwards binding relationship is established with terminal device D;
After terminal device D and new quantum key server-side PD2 establishes binding relationship, old quantum key server-side PD1 is released
With the binding relationship of end equipment D, old quantum authentication code KDPD1It is dropped and does not use.Terminal device switching herein is therewith
Establishing the request of the quantum key server-side of binding relationship only allows to be sent out request by terminal device and replaced.
The foregoing description of the disclosed embodiments enables those skilled in the art to implement or use the present invention.
Various modifications to these embodiments will be apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, of the invention
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest range caused.
Claims (23)
1. a kind of secret communication method based on quantum true random number, it is characterised in that:Business demand used in secret communication
Key is by being arranged quantum real random number generator generation on the terminal device;The secret communication method specifically includes following step
Suddenly,
(1) by generating business demand key positioned at the quantum real random number generator of first terminal equipment, first terminal equipment is logical
Business demand key described in the identification key pair of binding is crossed to be encrypted and be sent to quantum key server-side;
(2) the quantum key server-side receives the encrypted business demand key that first terminal equipment is sent, by with the
The identification key of one terminal device binding is decrypted to obtain the business demand key, then reuses and the
Business demand key described in the identification key pair of two terminal device bindings is sent to second terminal equipment after being encrypted;
(3) second terminal equipment receives the encrypted business demand key that quantum key server-side is sent, and utilizes binding
Identification key is decrypted to obtain the business demand key;
First terminal equipment and second terminal equipment carry out secret communication, calling terminal communication service by the business demand key
Request starts the transmission of business demand key while sending out.
2. the secret communication method according to claim 1 based on quantum true random number, it is characterised in that:By multiple terminals
Equipment is bound by unique identification key respectively with quantum key server-side.
3. the secret communication method according to claim 2 based on quantum true random number, it is characterised in that:
In step (2), first terminal equipment is encrypted and is sent to by business demand key described in identification key pair
While quantum key server-side, it is encrypted using the business demand key pair business information and is sent to described second eventually
End equipment.
4. the secret communication method according to claim 2 based on quantum true random number, it is characterised in that:The quantum is close
Key server-side has multiple, and multiple quantum key server-sides pass sequentially through unique identification key and bound, each
The business demand key decrypted is encrypted using independent identification key for the quantum key server-side
After be sent to next quantum key server-side, next quantum key server-side uses identical identification key pair to receive
To encrypted business demand key be decrypted, it is close by the last one quantum until the last one quantum key server-side
Key server-side is encrypted business demand key and is sent to the second terminal equipment.
5. according to secret communication method of the claim 1-4 any one of them based on quantum true random number, it is characterised in that:Institute
It states identification key to be generated by quantum real random number generator, the quantum true random number for generating identification key occurs
Device is set in first terminal equipment, second terminal equipment or quantum key server-side.
6. the secret communication method according to claim 2 or 4 based on quantum true random number, it is characterised in that:
In step (3), quantum key server-side verifies first by its identification key with first terminal apparatus bound
Whether terminal device is legal, starts to receive the encrypted business demand key that first terminal equipment is sent if legal;Such as
Fruit does not conform to rule refusal service request.
7. the secret communication method according to claim 2 based on quantum true random number, it is characterised in that:The terminal is set
It is standby only to be bound with a quantum key server-side in the same time, and the identification key of binding can update.
8. the secret communication method according to claim 7 based on quantum true random number, it is characterised in that:Terminal device with
The identification key of binding between quantum key server-side answers the request of the terminal device to update, newer method
For:
The terminal device initiates identification key replacement request to the quantum key server-side for establishing binding relationship therewith,
The new identification key K of extraction in the identification key that quantum real random number generator generatesC|P;
The terminal device uses old identification key KCPTo new identification key KC|PIt is encrypted, obtains ciphertext
KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
After quantum key server-side checking request end is legal, pass through old identification key KCPTo the ciphertext K receivedCP·
KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PTo replace old identification
Key KCP。
9. the secret communication method according to claim 7 based on quantum true random number, it is characterised in that:Terminal device with
The identification key of binding between quantum key server-side is because the requirement of the quantum key server-side updates, update side
Method is:
The quantum key server-side sends out the requirement of update identification key to the terminal device for establishing binding relationship therewith,
Terminal device extracts new identification key K in the identification key that quantum real random number generator generatesC|P;
The terminal device uses old identification key KCPTo new identification key KC|PIt is encrypted, obtains ciphertext
KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
After quantum key server-side checking request end is legal, pass through old identification key KCPTo the ciphertext K receivedCP·
KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PTo replace old identification
Key KCP。
10. the secret communication method according to claim 5 based on quantum true random number, it is characterised in that:The quantum
The identification key of binding between cipher key service end answers the request of quantum key server-side that can update, update method
For,
It initiates newer quantum key server-side and initiates update identification key to the quantum key server-side bound therewith
Request, and use old identification key KP2P3To new identification key KP2|P3It is encrypted and obtains ciphertext KP2P3·
KP2|P3, and send ciphertext KP2P3·KP2|P3To the quantum key server-side bound therewith;
The quantum key server-side bound therewith passes through old identification key KP2P3To the ciphertext K receivedP2P3·KP2|P3Into
Row decryption, obtains new identification key KP2|P3, and with new identification key KP2|P3It is close come the identification of replacing old
Key KP2P3。
11. according to secret communication method of the claim 1-4 any one of them based on quantum true random number, it is characterised in that:
The identification key of binding can also be by being arranged in the quantum key server-side between each quantum key server-side
On quantum-key distribution terminal distribution, passed by quantum channel after identification key described in quantum-key distribution terminal distribution
Pass update.
12. the secret communication method according to claim 7 based on quantum true random number, it is characterised in that:Step (3)
In, after quantum key server-side receives the service request that the first terminal equipment is sent, by being tied up with first terminal equipment
Whether fixed identification key authentication first terminal equipment is legal, if legal, executes the operation of decryption;If illegal, refusal
Decryption oprerations are executed, and judge whether the first terminal equipment is local invasion, if so, alarm and/or startup security protection.
13. the secret communication method according to claim 2 based on quantum true random number, it is characterised in that:When terminal is set
When standby geographical location variation, terminal device and old quantum key server-side are unbinding, and bind new quantum key server-side,
It specifically includes:
Terminal device extracts new identification key K in the identification key that quantum real random number generator generatesDPD2,
And pass through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains ciphertext KDPD1·KDPD2;
Terminal device sends out bind request to new quantum key server-side, and the ciphertext K is carried in the requestDPD1·
KDPD2;
After new quantum key server-side judges that terminal device is legal, is communicated with old quantum key server-side, inform old amount
The bind request that sub-key server-side terminal device is sent out;
After old quantum key server-side receives the notification of new quantum key server-side, by being tied up with new quantum key server-side
Fixed identification key KPD1PD2To old identification key KDPD1It is encrypted, obtains ciphertext KPD1PD2·KDPD1, and will be close
Literary KPD1PD2·KDPD1It is sent to new quantum key server-side;
New quantum key server-side passes through the identification key K that is bound with old quantum key server-sidePD1PD2To ciphertext
KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Recycle old identification key KDPD1It is right
Ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key server-side obtains new
Identification key KDPD2Afterwards binding relationship is established with terminal device;
After terminal device establishes binding relationship with new quantum key server-side, old quantum key server-side releasing is tied up with end equipment
Determine relationship.
14. a kind of terminal device secret signalling based on quantum true random number, including multiple terminal devices, feature exist
In:The quantum real random number generator for generating business demand key is provided at least one terminal device;
The system also includes quantum key server-side, terminal device is close by unique identification with quantum key server-side
Key is bound, and the terminal device includes at least first terminal equipment and second terminal equipment, wherein:
The first terminal equipment which is provided with the quantum real random number generator, and the first terminal equipment is for passing through
The business demand key that quantum real random number generator described in the identification key pair of binding generates is encrypted and sends
To quantum key server-side;
The quantum key server-side, for receive first terminal equipment transmission encrypted business demand key, by with
Business demand key after the identification key pair encryption of the first terminal apparatus bound is decrypted to obtain the industry
Then business demand key reuses business demand key described in the identification key pair with second terminal apparatus bound and carries out
Second terminal equipment is sent to after encryption;
The second terminal equipment, the encrypted business demand key for receiving the transmission of quantum key server-side, using tying up
Surely the business demand key after identification key pair encryption is decrypted to obtain the business demand key;
The first terminal equipment and second terminal equipment carry out secret communication by the business demand key;Calling terminal communicates
Start the transmission of business demand key while service request is sent out.
15. the terminal device secret signalling according to claim 14 based on quantum true random number, it is characterised in that:
The first terminal equipment is additionally operable to while sending encrypted business demand key to quantum key server-side, lead to
The business demand key pair business information is crossed to be encrypted and be sent to the second terminal equipment;
The second terminal equipment is additionally operable to receive the encrypted business information that first terminal equipment is sent, after decryption
The business demand key pair encryption after business information be decrypted and obtain the business information.
16. the terminal device secret signalling according to claim 14 based on quantum true random number, it is characterised in that:
The quantum key server-side has multiple, and multiple quantum key server-sides pass sequentially through unique identification key and carry out
Binding, each quantum key server-side are used to use independent identification to the business demand key decrypted
Key is sent to next quantum key server-side after being encrypted, next quantum key server-side is known using identical identity
The encrypted business demand key that other key pair receives is decrypted, until the last one quantum key server-side, by most
The latter quantum key server-side is encrypted business demand key and is sent to the second terminal equipment.
17. according to terminal device secret signalling of the claim 14-16 any one of them based on quantum true random number,
It is characterized in that:It is provided in first terminal equipment, second terminal equipment or quantum key server-side close for generating identification
The quantum real random number generator of key.
18. the terminal device secret signalling according to claim 16 based on quantum true random number, it is characterised in that:
The quantum-key distribution terminal for generating identification key is provided in the quantum key server-side.
19. the terminal device secret signalling based on quantum true random number according to claim 14 or 16, feature
It is:The quantum key server-side is additionally operable to the identification key by it with first terminal apparatus bound to verify first
Whether terminal device is legal, starts to receive the encrypted business demand key that first terminal equipment is sent if legal;Such as
Fruit does not conform to rule refusal service request.
20. the terminal device secret signalling according to claim 14 based on quantum true random number, it is characterised in that:
The terminal device is only bound with quantum key server-side in the same time, and the identification key of binding answer it is described
The request of terminal device can update or because the initiative of the quantum key server-side is updated.
21. the terminal device secret signalling according to claim 20 based on quantum true random number, it is characterised in that:
The terminal device is additionally operable to initiate identification key replacement request to the quantum key server-side for establishing binding relationship therewith,
New identification key K is extracted in the identification key that quantum real random number generator generatesC|P;
The terminal device is also used for old identification key KCPTo new identification key KC|PIt is encrypted, obtains
Obtain ciphertext KCP·KC|P, and send ciphertext KCP·KC|PTo quantum key server-side;
Quantum key server-side be additionally operable to checking request end it is legal after, pass through old identification key KCPTo the ciphertext received
KCP·KC|PIt is decrypted, obtains new identification key KC|P, and with new identification key KC|PTo replace old identity
Identify key KCP;
The identification key bound between the terminal device and quantum key server-side only allows to be sent out by terminal device to ask
It asks and is updated.
22. the terminal device secret signalling according to claim 17 based on quantum true random number, it is characterised in that:
The quantum key server-side is additionally operable to close to another quantum key server-side initiation identification for establishing binding relationship therewith
Key replacement request, and use old identification key KP2P3To new identification key KP2|P3Acquisition ciphertext is encrypted
KP2P3·KP2|P3, and send ciphertext KP2P3·KP2|P3To the quantum key server-side bound therewith;
The quantum key server-side bound therewith passes through old identification key KP2P3To the ciphertext K receivedP2P3·KP2|P3Into
Row decryption, obtains new identification key KP2|P3, and with new identification key KP2|P3It is close come the identification of replacing old
Key KP2P3。
23. the terminal device secret signalling according to claim 14 based on quantum true random number, it is characterised in that:
When terminal device geographical location changes, terminal device is by way of local wired connection or the mode of wireless connection and old amount
Sub-key server-side is unbinding, and by way of local wired connection or the mode of wireless connection binds new quantum key
Server-side,
Terminal device is wirelessly unbinding with old quantum key server-side, establishes and binds with new quantum key server-side
The method of relationship is:
Terminal device sends out bind request to new quantum key server-side, in the identification that quantum real random number generator generates
The new identification key K of extraction in keyDPD2;
Terminal device passes through old identification key KDPD1To new identification key KDPD2It is encrypted, obtains ciphertext
KDPD1·KDPD2, and by ciphertext KDPD1·KDPD2It is sent collectively to new quantum key server-side with bind request;
After new quantum key server-side judges that terminal device is legal, is communicated with old quantum key server-side, inform old quantum
The bind request that cipher key service end terminal device is sent out;
After old quantum key server-side receives the notification of new quantum key server-side, old quantum key server-side by with it is new
The identification key K of quantum key server-side bindingPD1PD2To old identification key KDPD1It is encrypted, obtains ciphertext
KPD1PD2·KDPD1, and by ciphertext KPD1PD2·KDPD1It is sent to new quantum key server-side;
New quantum key server-side passes through the identification key K that is bound with old quantum key server-sidePD1PD2To ciphertext
KPD1PD2·KDPD1It carries out decryption for the first time and obtains old identification key KDPD1;Recycle old identification key KDPD1It is right
Ciphertext KDPD1·KDPD2It carries out second of decryption and obtains new identification key KDPD2, new quantum key server-side obtains new
After identification key KDPD2 binding relationship is established with terminal device;
After terminal device establishes binding relationship with new quantum key server-side, old quantum key server-side releasing is tied up with end equipment
Determine relationship.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710244179.9A CN107094076B (en) | 2017-04-14 | 2017-04-14 | Secret communication method based on quantum true random number and communication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710244179.9A CN107094076B (en) | 2017-04-14 | 2017-04-14 | Secret communication method based on quantum true random number and communication system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107094076A CN107094076A (en) | 2017-08-25 |
CN107094076B true CN107094076B (en) | 2018-09-25 |
Family
ID=59637938
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710244179.9A Active CN107094076B (en) | 2017-04-14 | 2017-04-14 | Secret communication method based on quantum true random number and communication system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107094076B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109842442B (en) * | 2017-11-26 | 2020-07-28 | 成都零光量子科技有限公司 | Quantum key service method taking airport as regional center |
CN109525390B (en) * | 2018-11-20 | 2021-08-24 | 江苏亨通问天量子信息研究院有限公司 | Quantum key wireless distribution method and system for terminal equipment secret communication |
CN109698746B (en) * | 2019-01-21 | 2021-03-23 | 北京邮电大学 | Method and system for generating sub-keys of binding equipment based on master key negotiation |
CN110190952A (en) * | 2019-05-09 | 2019-08-30 | 浙江神州量子通信技术有限公司 | It is a kind of based on quantum random number to the encrypted transmission method of Internet of Things safety |
CN110247765B (en) * | 2019-06-25 | 2021-12-28 | 湖北凯乐量子通信光电科技有限公司 | Quantum secret data chain communication system |
CN110289953A (en) * | 2019-06-25 | 2019-09-27 | 湖北凯乐量子通信光电科技有限公司 | A kind of quantum secret communication system |
CN110490051A (en) * | 2019-07-03 | 2019-11-22 | 武汉虹识技术有限公司 | Iris authentication system and method |
CN112929168A (en) * | 2021-02-05 | 2021-06-08 | 安徽华典大数据科技有限公司 | Quantum-based key distribution method |
CN114124370A (en) * | 2021-10-14 | 2022-03-01 | 阿里云计算有限公司 | Key generation method and device |
CN116546500B (en) * | 2023-06-30 | 2023-09-22 | 中国电信股份有限公司 | Terminal capability identification method, system, electronic equipment and medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103441839A (en) * | 2013-08-15 | 2013-12-11 | 国家电网公司 | Method and system for using quantum cryptography in safe IP communication |
CN103763099A (en) * | 2014-02-13 | 2014-04-30 | 国家电网公司 | Electric power security communication network based on quantum key distribution technology |
CN104243143A (en) * | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | Mobile secret communication method based on quantum key distribution network |
CN105471576A (en) * | 2015-12-28 | 2016-04-06 | 科大国盾量子技术股份有限公司 | Quantum key relaying method, quantum terminal nodes and quantum key relaying system |
CN106209739A (en) * | 2015-05-05 | 2016-12-07 | 科大国盾量子技术股份有限公司 | Cloud storage method and system |
CN106357649A (en) * | 2016-09-23 | 2017-01-25 | 浙江神州量子网络科技有限公司 | User identity authentication system and method |
CN106411525A (en) * | 2016-09-23 | 2017-02-15 | 浙江神州量子网络科技有限公司 | Message authentication method and system |
CN106470104A (en) * | 2015-08-20 | 2017-03-01 | 阿里巴巴集团控股有限公司 | For generating method, device, terminal unit and the system of shared key |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4200909B2 (en) * | 2004-01-29 | 2008-12-24 | 日本電気株式会社 | Random number generation and sharing system, encrypted communication device, and random number generation and sharing method used therefor |
JP4912772B2 (en) * | 2005-09-22 | 2012-04-11 | 富士通株式会社 | Encryption method, encryption / decryption method, encryption device, encryption / decryption device, transmission / reception system, and communication system |
CN101803272B (en) * | 2007-06-26 | 2013-08-14 | 豌豆制造技术有限公司 | Authentication system and method |
WO2012025987A1 (en) * | 2010-08-24 | 2012-03-01 | 三菱電機株式会社 | Communication terminal, communication system, communication method and communication program |
EP2940923B1 (en) * | 2014-04-28 | 2018-09-05 | Université de Genève | Method and device for optics based quantum random number generator |
-
2017
- 2017-04-14 CN CN201710244179.9A patent/CN107094076B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104243143A (en) * | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | Mobile secret communication method based on quantum key distribution network |
CN103441839A (en) * | 2013-08-15 | 2013-12-11 | 国家电网公司 | Method and system for using quantum cryptography in safe IP communication |
CN103763099A (en) * | 2014-02-13 | 2014-04-30 | 国家电网公司 | Electric power security communication network based on quantum key distribution technology |
CN106209739A (en) * | 2015-05-05 | 2016-12-07 | 科大国盾量子技术股份有限公司 | Cloud storage method and system |
CN106470104A (en) * | 2015-08-20 | 2017-03-01 | 阿里巴巴集团控股有限公司 | For generating method, device, terminal unit and the system of shared key |
CN105471576A (en) * | 2015-12-28 | 2016-04-06 | 科大国盾量子技术股份有限公司 | Quantum key relaying method, quantum terminal nodes and quantum key relaying system |
CN106357649A (en) * | 2016-09-23 | 2017-01-25 | 浙江神州量子网络科技有限公司 | User identity authentication system and method |
CN106411525A (en) * | 2016-09-23 | 2017-02-15 | 浙江神州量子网络科技有限公司 | Message authentication method and system |
Non-Patent Citations (2)
Title |
---|
《Quantum Random Number Generation on a Mobile Phone,移动电话上的量子随机数生成器》;Anthony Martin,H.Zbinden等;《Phys.Rev.X 4,031056(2014)》;20140502;全文 * |
《设备无关量子通信综述》;黄靖正等;《QUANTUM COMMUNICATIONS》;20130228;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN107094076A (en) | 2017-08-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107094076B (en) | Secret communication method based on quantum true random number and communication system | |
CN108683501B (en) | Multiple identity authentication system and method with timestamp as random number based on quantum communication network | |
CN103491531B (en) | Power system WiMAX wireless communication networks uses the method that quantum key improves power information transmission security | |
CN100591003C (en) | Enabling stateless server-based pre-shared secrets | |
CN108650028B (en) | Multiple identity authentication system and method based on quantum communication network and true random number | |
CN108510270B (en) | Mobile transfer method with safe quantum | |
CN108964897B (en) | Identity authentication system and method based on group communication | |
CN106452739A (en) | Quantum network service station and quantum communication network | |
CN101651539A (en) | updating and distributing encryption keys | |
CN101340443A (en) | Session key negotiating method, system and server in communication network | |
CN106411525A (en) | Message authentication method and system | |
CN101741555A (en) | Method and system for identity authentication and key agreement | |
CN108964896B (en) | Kerberos identity authentication system and method based on group key pool | |
CN110224821A (en) | A kind of communication encrypting method of unmanned mobile platform | |
CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
WO2012024906A1 (en) | Mobile communication system and voice call encryption method thereof | |
CN108600152B (en) | Improved Kerberos identity authentication system and method based on quantum communication network | |
CN108377188A (en) | A kind of quantum cryptography system for extraordinary emergent self-organized network communication | |
CN108880799B (en) | Multi-time identity authentication system and method based on group key pool | |
CN108964895B (en) | User-to-User identity authentication system and method based on group key pool and improved Kerberos | |
JP6544519B2 (en) | Mobile control system | |
CN108964888A (en) | A kind of modified AKA identity authorization system and method based on pool of symmetric keys and relayed communications | |
CN206042014U (en) | Quantum network service station and quantum communication network | |
CN101741548A (en) | Method and system for establishing safe connection between switching equipment | |
CN108270553A (en) | Credible repeater, the key encryption method of quantum communication network, device, system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |