CN108123797A - Network cryptographic device based on quantum key - Google Patents
Network cryptographic device based on quantum key Download PDFInfo
- Publication number
- CN108123797A CN108123797A CN201711156815.9A CN201711156815A CN108123797A CN 108123797 A CN108123797 A CN 108123797A CN 201711156815 A CN201711156815 A CN 201711156815A CN 108123797 A CN108123797 A CN 108123797A
- Authority
- CN
- China
- Prior art keywords
- key
- quantum
- virtual private
- private network
- distribution equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to the network cryptographic devices based on quantum key to include Virtual Private Network, and the Virtual Private Network includes the first Virtual Private Network, the second Virtual Private Network, is connected between adjacent virtual dedicated network by virtual private network tunnel;Further including to establish between quantum key distribution equipment Virtual Private Network and quantum key distribution equipment has key to read passage, and the key reads the key that passage is used for transmission the generation of quantum key distribution equipment;Quantum Virtual Private Network is used to send key request and after key is obtained from quantum key distribution equipment to quantum key distribution equipment, and key synchronization is carried out between quantum Virtual Private Network, to determine that the key obtained is identical key pair;If synchronous correct, it is encrypted, is decrypted with the cipher key pair communication data of acquisition;If synchronous incorrect, re-request key.Data are encrypted using quantum key, carry out the cipher mode of one-time pad, ensure that data are perfectly safe.
Description
Technical field
The invention belongs to Virtual Private Network (VPN) key code system of field of information security technology more particularly to a kind of bases
In the network cryptographic device of quantum key.
Background technology
Virtual Private Network (VPN) is used on network, and data are encrypted with the communication equipment of safe transmission.At present,
Traditional Virtual Private Network (VPN) key is to exchange (IKE) scheme using internet information, and used key is all to pass
Through being calculated after the enterprising row information exchange of network of system, traditional netkey exchange process is easy to be attacked by the external world
It hits, therefore there is very big risk in safety.In addition IKE systems are built upon on the basis of computational complexity, and this
Computational complexity is that no law theory confirmation is to be perfectly safe reliably, when by attack, there is the possibility being broken.
The content of the invention
In order to overcome the shortcomings of key used in existing Virtual Private Network (VPN) cipher key system in secure context,
It realizes and the safety of clear data is encrypted, protect data or the safe transmission of file, present invention offer is a kind of to be based on quantum key
Network cryptographic device, which can ensure key being perfectly safe in transmission process.
To realize above-mentioned technical purpose, technical solution of the invention is as follows:
Network cryptographic device based on quantum key, including Virtual Private Network, the Virtual Private Network includes first
Virtual Private Network, the second Virtual Private Network are connected by virtual private network tunnel between adjacent virtual dedicated network;Also
Including quantum key distribution equipment, the quantum key distribution equipment includes i.e. the first quantum key distribution equipment, the second quantum
Cipher key distribution system is connected by optical fiber between adjacent quantum key distribution equipment;The Virtual Private Network and the first quantum
Cipher key distribution system, the second quantum key distribution equipment are connected, and establish key and read passage;The addition in Virtual Private Network
Sub-key injection module, quantum key injection module are responsible for taking key from quantum key distribution equipment, for needing on network
The data of transmission are encrypted or decrypt, encrypt or decrypt used in key from the first quantum key distribution equipment, the second amount
Quantum key distribution equipment obtains;It is characterized in that:Being established between Virtual Private Network and quantum key distribution equipment has key reading
Passage is taken, the key reads the key that passage is used for transmission the generation of quantum key distribution equipment;Quantum Virtual Private Network is used
In sending key request and after key is obtained from quantum key distribution equipment to quantum key distribution equipment, quantum is virtually special
With key synchronization is carried out between network, to determine that the key obtained is identical key pair;It is close with acquisition if synchronous correct
Key is encrypted communication data, decrypts;If synchronous incorrect, re-request key.
In quantum Virtual Private Network, key acquisition is to be transferred to by quantum key distribution equipment (QKD) by a side
The opposing party, and the passage of quantum key distribution equipment (QKD) transmission key is optical fiber.Quantum Virtual Private Network is to quantum key
Discharge device (QKD) sends key request, after quantum key distribution equipment (QKD) obtains key, quantum Virtual Private Network
Both sides carry out key synchronization, and the key for determining to obtain is identical key pair, if synchronous correct, with the cipher key pair communication of acquisition
Data are encrypted, decrypt;If synchronous incorrect, re-request key.
Quantum key distribution equipment (QKD) is when receiving key request, and according to key management algorithm, distribution is suitable close
Key if there is available key, just sends key and gives Virtual Private Network VPN, during key obtains, Virtual Private Network
Network VPN and quantum key distribution equipment QKD needs to establish a session.Virtual Private Network VPN while new key is consulted,
Still continued to keep Virtual Private Network VPN work with old key, the negotiation of new key is the passage in old key foundation
Middle negotiation.VPN the key replacement cycle to when, it is necessary to more new key, VPN to QKD send out request key, correctly obtaining
After taking key, Virtual Private Network VPN tells obtained cipher key sequence number and Md5 check values to the opposing party's Virtual Private Network
VPN, the opposing party VPN read key according to the serial number received to quantum key distribution equipment QKD, read CN
It is whether consistent with what is received to compare the Md5 values of the key of reading after 201830272U keys of page 201,830,276 2/3 4, if one
It causes, VPN, which is responded, confirms that key obtains successfully (OK), represents that current key updating obtains successfully;If inconsistent, both ends are represented
The key difference that VPN is obtained is, it is necessary to re-request key.
After successfully getting key, data are encrypted using quantum key, and carry out the encryption side of one-time pad
Formula ensures being perfectly safe for data.
During cipher key delivery, according to quantum mechanics characteristic, quantum Virtual Private Network is in cipher key transmitting process
It can not be broken, even if by external attack, attack is also easy for being found.Therefore Quantum Teleportation technology successor is employed
What third party wants that it is all impossible to intercept and capture key.In quantum Virtual Private Network, substitute traditional key acquisition modes, it is close
Key acquisition is to be transferred to the opposing party by a side by quantum key distribution equipment (QKD), and quantum key distribution equipment (QKD) passes
The passage of defeated key is optical fiber.Quantum Virtual Private Network is to do one on the basis of original Virtual Private Network (VPN) to change
It is dynamic, in original Virtual Private Network (VPN) system, add in quantum key injection module, this quantum key injection module
It is responsible for taking key from quantum key distribution equipment (QKD), and carries out the cipher mode of one-time pad, ensures the abampere of data
Entirely.It can not be stolen by third party.
It the invention has the advantages that can be while Virtual Private Network be established using public network, it is ensured that data exist
Being perfectly safe in transmission process increases quantum key injection module only in traditional VPN, simple in structure.The present invention is suitable for
The various networks of the units such as government, enterprise, army, bank, security, insurance.
Description of the drawings
Fig. 1 is the fundamental diagram of the present invention.
Fig. 2 is the work sequence figure that quantum VPN obtains key in Fig. 1.
Fig. 3 be in Fig. 2, quantum key distribution equipment (QKD) use level sub-VPN using complete key management, update,
The work sequence figure used.
Specific embodiment
Below in conjunction with the accompanying drawings, the present invention is further described by embodiment.
Embodiment 1
Based on the network cryptographic device of quantum key, including Virtual Private Network, the Virtual Private Network includes the
One Virtual Private Network, the second Virtual Private Network are connected by virtual private network tunnel between adjacent virtual dedicated network;
Quantum key distribution equipment is further included, the quantum key distribution equipment includes i.e. the first quantum key distribution equipment, the second amount
Quantum key distribution equipment is connected by optical fiber between adjacent quantum key distribution equipment;The Virtual Private Network and the first amount
Quantum key distribution equipment, the second quantum key distribution equipment are connected, and establish key and read passage;It is added in Virtual Private Network
Quantum key injection module, quantum key injection module are responsible for taking key from quantum key distribution equipment, for needing in network
The data of upper transmission are encrypted or decrypt, encrypt or decrypt used in key from the first quantum key distribution equipment, second
Quantum key distribution equipment obtains;Being established between Virtual Private Network and quantum key distribution equipment has key to read passage, institute
It states key and reads the key that passage is used for transmission the generation of quantum key distribution equipment;Quantum Virtual Private Network is used for close to quantum
Key discharge device sends key request and after key is obtained from quantum key distribution equipment, between quantum Virtual Private Network
Key synchronization is carried out, to determine that the key obtained is identical key pair;If synchronous correct, with the cipher key pair communication number of acquisition
According to being encrypted, decrypt;If synchronous incorrect, re-request key.
Referring to Fig. 1, the network cryptographic device based on quantum key includes the first Virtual Private Network (VPN1), second virtually
Dedicated network (VPN2), the first Virtual Private Network (VPN1) and the second Virtual Private Network (VPN2) are virtual special by establishing
It is connected with network (VPN) tunnel;Further include the first quantum key distribution equipment (QKD1) and the second quantum key distribution equipment
(QKD2), it is connected by optical fiber therebetween, Virtual Private Network passes through network interface either USB interface or Console
Interface or other interface and the first quantum key distribution equipment (QKD1) of data transmission and the second quantum key can be used for divide
It sends out equipment (QKD2) to be connected, establishes key and read passage, in Virtual Private Network, add in quantum key injection module, quantum
Key injection module is responsible for taking key from quantum key distribution equipment (QKD), for the data in transmission over networks is needed to carry out
Encryption, key used in encryption is from the first quantum key distribution equipment (QKD1) and the second quantum key distribution equipment (QKD2)
It obtains.During cipher key delivery, according to quantum mechanics characteristic, key is safe and reliable, is that can not be stolen by third party
's.
In Fig. 1 and embodiment illustrated in fig. 2, Virtual Private Network (VPN) by network mouth either USB mouthfuls or
Console port etc. is any to be connected into the interface of row data communication with quantum key distribution (QKD) equipment, establish key reading
Passage, the key that then transmission quantity quantum key distribution (QKD) equipment generates on this passage.First Virtual Private Network
(VPN1) send key request to quantum key distribution equipment 1 (QKD1) and establish connection, from quantum key distribution equipment 1 (QKD1)
Key is obtained, while the second Virtual Private Network (VPN2) sends key request to quantum key distribution equipment 2 (QKD2) and establishes
Connection obtains key, the first Virtual Private Network (VPN1) and the second Virtual Private Network from quantum key distribution equipment 2 (QKD2)
Network (VPN2) carries out key synchronization, and the key for determining to obtain is identical key pair, if synchronous correct, Virtual Private Network
(VPN) it is encrypted, is decrypted with the cipher key pair communication data obtained.
As shown in figure 3, quantum key distribution equipment 1 (QKD1) when receiving key request, according to key management algorithm, is divided
With suitable key, if there is available key, key is just sent to the 3rd Virtual Private Network 1 (VPN1), is obtained in key
During.3rd Virtual Private Network 1 (VPN1) is still continued to keep the 3rd with old key while new key is consulted
Virtual Private Network 1 (VPN1) works, and the negotiation of new key is consulted in the passage of old key foundation.3rd is virtual special
With network 1 the key replacement cycle to when, it is necessary to more new key, the 3rd Virtual Private Network 1 (VPN1) is to quantum key
Discharge device 1 (QKD1) hair request key, after correctly key is obtained, the 3rd Virtual Private Network 1 (VPN1) is close by what is obtained
Key serial number and Md5 check values tell the 4th Virtual Private Network 2 (VPN2), and the 4th Virtual Private Network 2 (VPN2) basis receives
Serial number read key to quantum key distribution equipment 2 (QKD2), read the Md5 values of the key for comparing reading after key with
Whether what is received is consistent, if unanimously, the 4th Virtual Private Network 2 (VPN2), which is responded, confirms that key obtains successfully (OK), shows this
Secondary key update obtains successfully;Otherwise respond key and obtain failure.
Claims (1)
1. the network cryptographic device based on quantum key, including Virtual Private Network, it is empty that the Virtual Private Network includes first
Intend dedicated network, the second Virtual Private Network, be connected between adjacent virtual dedicated network by virtual private network tunnel;Also wrap
Quantum key distribution equipment is included, it is close that the quantum key distribution equipment includes i.e. the first quantum key distribution equipment, the second quantum
Key discharge device is connected by optical fiber between adjacent quantum key distribution equipment;The Virtual Private Network and the first quantum are close
Key discharge device, the second quantum key distribution equipment are connected, and establish key and read passage;Quantum is added in Virtual Private Network
Key injection module, quantum key injection module are responsible for taking key from quantum key distribution equipment, for needing to upload in network
Defeated data are encrypted or decrypt, encrypt or decrypt used in key from the first quantum key distribution equipment, the second quantum
Cipher key distribution system obtains;It is characterized in that:Being established between Virtual Private Network and quantum key distribution equipment has key reading
Passage, the key read the key that passage is used for transmission the generation of quantum key distribution equipment;Quantum Virtual Private Network is used for
Key request is sent to quantum key distribution equipment and after key is obtained from quantum key distribution equipment, quantum virtual private
Key synchronization is carried out between network, to determine that the key obtained is identical key pair;If synchronous correct, with the key of acquisition
Communication data is encrypted, is decrypted;If synchronous incorrect, re-request key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711156815.9A CN108123797A (en) | 2017-11-20 | 2017-11-20 | Network cryptographic device based on quantum key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711156815.9A CN108123797A (en) | 2017-11-20 | 2017-11-20 | Network cryptographic device based on quantum key |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108123797A true CN108123797A (en) | 2018-06-05 |
Family
ID=62228496
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711156815.9A Withdrawn CN108123797A (en) | 2017-11-20 | 2017-11-20 | Network cryptographic device based on quantum key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108123797A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110071943A (en) * | 2019-05-28 | 2019-07-30 | 中国电子科技集团公司第三十研究所 | The compound high safety IP secret communication method of the truly random variation of key |
CN112367124A (en) * | 2019-09-01 | 2021-02-12 | 成都量安区块链科技有限公司 | Quantum relay node virtualization method and device |
CN113347147A (en) * | 2021-04-15 | 2021-09-03 | 中安云科科技发展(山东)有限公司 | Two-point secret key safety synchronization method, system and equipment |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201830272U (en) * | 2010-09-17 | 2011-05-11 | 安徽问天量子科技股份有限公司 | Network encryption machine based on quantum keys |
-
2017
- 2017-11-20 CN CN201711156815.9A patent/CN108123797A/en not_active Withdrawn
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201830272U (en) * | 2010-09-17 | 2011-05-11 | 安徽问天量子科技股份有限公司 | Network encryption machine based on quantum keys |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110071943A (en) * | 2019-05-28 | 2019-07-30 | 中国电子科技集团公司第三十研究所 | The compound high safety IP secret communication method of the truly random variation of key |
CN110071943B (en) * | 2019-05-28 | 2021-07-27 | 中国电子科技集团公司第三十研究所 | Compound high-safety IP secret communication method with truly random change of secret key |
CN112367124A (en) * | 2019-09-01 | 2021-02-12 | 成都量安区块链科技有限公司 | Quantum relay node virtualization method and device |
CN112367124B (en) * | 2019-09-01 | 2022-07-15 | 成都量安区块链科技有限公司 | Quantum relay node virtualization method and device |
CN113347147A (en) * | 2021-04-15 | 2021-09-03 | 中安云科科技发展(山东)有限公司 | Two-point secret key safety synchronization method, system and equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN201830272U (en) | Network encryption machine based on quantum keys | |
CN107453869B (en) | A method of realizing the IPSecVPN of quantum safety | |
CN110535868A (en) | Data transmission method and system based on Hybrid Encryption algorithm | |
JP5845393B2 (en) | Cryptographic communication apparatus and cryptographic communication system | |
US20110170692A1 (en) | Method And System For Establishing Cryptographic Communications Between A Remote Device And A Medical Device | |
CN109194656A (en) | A kind of method of distribution wireless terminal secure accessing | |
CN104158653A (en) | Method of secure communication based on commercial cipher algorithm | |
CN103338215A (en) | Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm | |
CN109951513B (en) | Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card | |
CN108173644A (en) | Data transfer encryption method, device, storage medium, equipment and server | |
CN102780698A (en) | User terminal safety communication method in platform of Internet of Things | |
CN102111273B (en) | Pre-sharing-based secure data transmission method for electric load management system | |
CN110969431A (en) | Safe trusteeship method, equipment and system of block chain digital currency private key | |
CN110519300A (en) | Client key method for secure storing based on password bidirectional authentication | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN108123797A (en) | Network cryptographic device based on quantum key | |
CN107483388A (en) | A kind of safety communicating method and its terminal and high in the clouds | |
CN108632251A (en) | Authentic authentication method based on cloud computing data service and its Encryption Algorithm | |
CN105612728A (en) | Secured data channel authentication implying a shared secret | |
CN110224816A (en) | Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number | |
CN110519222A (en) | Outer net access identity authentication method and system based on disposable asymmetric key pair and key card | |
WO2020042023A1 (en) | Instant messaging data encryption method and apparatus | |
CN109995785A (en) | File security unlocking method in local area network based on quantum cryptography | |
CN109587149A (en) | A kind of safety communicating method and device of data | |
JP5102701B2 (en) | Secret key distribution method and secret key distribution system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180605 |
|
WW01 | Invention patent application withdrawn after publication |