CN108123797A - Network cryptographic device based on quantum key - Google Patents

Network cryptographic device based on quantum key Download PDF

Info

Publication number
CN108123797A
CN108123797A CN201711156815.9A CN201711156815A CN108123797A CN 108123797 A CN108123797 A CN 108123797A CN 201711156815 A CN201711156815 A CN 201711156815A CN 108123797 A CN108123797 A CN 108123797A
Authority
CN
China
Prior art keywords
key
quantum
virtual private
private network
distribution equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201711156815.9A
Other languages
Chinese (zh)
Inventor
苗春华
李大伟
陈巍
吴平
银振强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Asky Quantum Technology Co Ltd
Original Assignee
Anhui Asky Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Asky Quantum Technology Co Ltd filed Critical Anhui Asky Quantum Technology Co Ltd
Priority to CN201711156815.9A priority Critical patent/CN108123797A/en
Publication of CN108123797A publication Critical patent/CN108123797A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to the network cryptographic devices based on quantum key to include Virtual Private Network, and the Virtual Private Network includes the first Virtual Private Network, the second Virtual Private Network, is connected between adjacent virtual dedicated network by virtual private network tunnel;Further including to establish between quantum key distribution equipment Virtual Private Network and quantum key distribution equipment has key to read passage, and the key reads the key that passage is used for transmission the generation of quantum key distribution equipment;Quantum Virtual Private Network is used to send key request and after key is obtained from quantum key distribution equipment to quantum key distribution equipment, and key synchronization is carried out between quantum Virtual Private Network, to determine that the key obtained is identical key pair;If synchronous correct, it is encrypted, is decrypted with the cipher key pair communication data of acquisition;If synchronous incorrect, re-request key.Data are encrypted using quantum key, carry out the cipher mode of one-time pad, ensure that data are perfectly safe.

Description

Network cryptographic device based on quantum key
Technical field
The invention belongs to Virtual Private Network (VPN) key code system of field of information security technology more particularly to a kind of bases In the network cryptographic device of quantum key.
Background technology
Virtual Private Network (VPN) is used on network, and data are encrypted with the communication equipment of safe transmission.At present, Traditional Virtual Private Network (VPN) key is to exchange (IKE) scheme using internet information, and used key is all to pass Through being calculated after the enterprising row information exchange of network of system, traditional netkey exchange process is easy to be attacked by the external world It hits, therefore there is very big risk in safety.In addition IKE systems are built upon on the basis of computational complexity, and this Computational complexity is that no law theory confirmation is to be perfectly safe reliably, when by attack, there is the possibility being broken.
The content of the invention
In order to overcome the shortcomings of key used in existing Virtual Private Network (VPN) cipher key system in secure context, It realizes and the safety of clear data is encrypted, protect data or the safe transmission of file, present invention offer is a kind of to be based on quantum key Network cryptographic device, which can ensure key being perfectly safe in transmission process.
To realize above-mentioned technical purpose, technical solution of the invention is as follows:
Network cryptographic device based on quantum key, including Virtual Private Network, the Virtual Private Network includes first Virtual Private Network, the second Virtual Private Network are connected by virtual private network tunnel between adjacent virtual dedicated network;Also Including quantum key distribution equipment, the quantum key distribution equipment includes i.e. the first quantum key distribution equipment, the second quantum Cipher key distribution system is connected by optical fiber between adjacent quantum key distribution equipment;The Virtual Private Network and the first quantum Cipher key distribution system, the second quantum key distribution equipment are connected, and establish key and read passage;The addition in Virtual Private Network Sub-key injection module, quantum key injection module are responsible for taking key from quantum key distribution equipment, for needing on network The data of transmission are encrypted or decrypt, encrypt or decrypt used in key from the first quantum key distribution equipment, the second amount Quantum key distribution equipment obtains;It is characterized in that:Being established between Virtual Private Network and quantum key distribution equipment has key reading Passage is taken, the key reads the key that passage is used for transmission the generation of quantum key distribution equipment;Quantum Virtual Private Network is used In sending key request and after key is obtained from quantum key distribution equipment to quantum key distribution equipment, quantum is virtually special With key synchronization is carried out between network, to determine that the key obtained is identical key pair;It is close with acquisition if synchronous correct Key is encrypted communication data, decrypts;If synchronous incorrect, re-request key.
In quantum Virtual Private Network, key acquisition is to be transferred to by quantum key distribution equipment (QKD) by a side The opposing party, and the passage of quantum key distribution equipment (QKD) transmission key is optical fiber.Quantum Virtual Private Network is to quantum key Discharge device (QKD) sends key request, after quantum key distribution equipment (QKD) obtains key, quantum Virtual Private Network Both sides carry out key synchronization, and the key for determining to obtain is identical key pair, if synchronous correct, with the cipher key pair communication of acquisition Data are encrypted, decrypt;If synchronous incorrect, re-request key.
Quantum key distribution equipment (QKD) is when receiving key request, and according to key management algorithm, distribution is suitable close Key if there is available key, just sends key and gives Virtual Private Network VPN, during key obtains, Virtual Private Network Network VPN and quantum key distribution equipment QKD needs to establish a session.Virtual Private Network VPN while new key is consulted, Still continued to keep Virtual Private Network VPN work with old key, the negotiation of new key is the passage in old key foundation Middle negotiation.VPN the key replacement cycle to when, it is necessary to more new key, VPN to QKD send out request key, correctly obtaining After taking key, Virtual Private Network VPN tells obtained cipher key sequence number and Md5 check values to the opposing party's Virtual Private Network VPN, the opposing party VPN read key according to the serial number received to quantum key distribution equipment QKD, read CN It is whether consistent with what is received to compare the Md5 values of the key of reading after 201830272U keys of page 201,830,276 2/3 4, if one It causes, VPN, which is responded, confirms that key obtains successfully (OK), represents that current key updating obtains successfully;If inconsistent, both ends are represented The key difference that VPN is obtained is, it is necessary to re-request key.
After successfully getting key, data are encrypted using quantum key, and carry out the encryption side of one-time pad Formula ensures being perfectly safe for data.
During cipher key delivery, according to quantum mechanics characteristic, quantum Virtual Private Network is in cipher key transmitting process It can not be broken, even if by external attack, attack is also easy for being found.Therefore Quantum Teleportation technology successor is employed What third party wants that it is all impossible to intercept and capture key.In quantum Virtual Private Network, substitute traditional key acquisition modes, it is close Key acquisition is to be transferred to the opposing party by a side by quantum key distribution equipment (QKD), and quantum key distribution equipment (QKD) passes The passage of defeated key is optical fiber.Quantum Virtual Private Network is to do one on the basis of original Virtual Private Network (VPN) to change It is dynamic, in original Virtual Private Network (VPN) system, add in quantum key injection module, this quantum key injection module It is responsible for taking key from quantum key distribution equipment (QKD), and carries out the cipher mode of one-time pad, ensures the abampere of data Entirely.It can not be stolen by third party.
It the invention has the advantages that can be while Virtual Private Network be established using public network, it is ensured that data exist Being perfectly safe in transmission process increases quantum key injection module only in traditional VPN, simple in structure.The present invention is suitable for The various networks of the units such as government, enterprise, army, bank, security, insurance.
Description of the drawings
Fig. 1 is the fundamental diagram of the present invention.
Fig. 2 is the work sequence figure that quantum VPN obtains key in Fig. 1.
Fig. 3 be in Fig. 2, quantum key distribution equipment (QKD) use level sub-VPN using complete key management, update, The work sequence figure used.
Specific embodiment
Below in conjunction with the accompanying drawings, the present invention is further described by embodiment.
Embodiment 1
Based on the network cryptographic device of quantum key, including Virtual Private Network, the Virtual Private Network includes the One Virtual Private Network, the second Virtual Private Network are connected by virtual private network tunnel between adjacent virtual dedicated network; Quantum key distribution equipment is further included, the quantum key distribution equipment includes i.e. the first quantum key distribution equipment, the second amount Quantum key distribution equipment is connected by optical fiber between adjacent quantum key distribution equipment;The Virtual Private Network and the first amount Quantum key distribution equipment, the second quantum key distribution equipment are connected, and establish key and read passage;It is added in Virtual Private Network Quantum key injection module, quantum key injection module are responsible for taking key from quantum key distribution equipment, for needing in network The data of upper transmission are encrypted or decrypt, encrypt or decrypt used in key from the first quantum key distribution equipment, second Quantum key distribution equipment obtains;Being established between Virtual Private Network and quantum key distribution equipment has key to read passage, institute It states key and reads the key that passage is used for transmission the generation of quantum key distribution equipment;Quantum Virtual Private Network is used for close to quantum Key discharge device sends key request and after key is obtained from quantum key distribution equipment, between quantum Virtual Private Network Key synchronization is carried out, to determine that the key obtained is identical key pair;If synchronous correct, with the cipher key pair communication number of acquisition According to being encrypted, decrypt;If synchronous incorrect, re-request key.
Referring to Fig. 1, the network cryptographic device based on quantum key includes the first Virtual Private Network (VPN1), second virtually Dedicated network (VPN2), the first Virtual Private Network (VPN1) and the second Virtual Private Network (VPN2) are virtual special by establishing It is connected with network (VPN) tunnel;Further include the first quantum key distribution equipment (QKD1) and the second quantum key distribution equipment (QKD2), it is connected by optical fiber therebetween, Virtual Private Network passes through network interface either USB interface or Console Interface or other interface and the first quantum key distribution equipment (QKD1) of data transmission and the second quantum key can be used for divide It sends out equipment (QKD2) to be connected, establishes key and read passage, in Virtual Private Network, add in quantum key injection module, quantum Key injection module is responsible for taking key from quantum key distribution equipment (QKD), for the data in transmission over networks is needed to carry out Encryption, key used in encryption is from the first quantum key distribution equipment (QKD1) and the second quantum key distribution equipment (QKD2) It obtains.During cipher key delivery, according to quantum mechanics characteristic, key is safe and reliable, is that can not be stolen by third party 's.
In Fig. 1 and embodiment illustrated in fig. 2, Virtual Private Network (VPN) by network mouth either USB mouthfuls or Console port etc. is any to be connected into the interface of row data communication with quantum key distribution (QKD) equipment, establish key reading Passage, the key that then transmission quantity quantum key distribution (QKD) equipment generates on this passage.First Virtual Private Network (VPN1) send key request to quantum key distribution equipment 1 (QKD1) and establish connection, from quantum key distribution equipment 1 (QKD1) Key is obtained, while the second Virtual Private Network (VPN2) sends key request to quantum key distribution equipment 2 (QKD2) and establishes Connection obtains key, the first Virtual Private Network (VPN1) and the second Virtual Private Network from quantum key distribution equipment 2 (QKD2) Network (VPN2) carries out key synchronization, and the key for determining to obtain is identical key pair, if synchronous correct, Virtual Private Network (VPN) it is encrypted, is decrypted with the cipher key pair communication data obtained.
As shown in figure 3, quantum key distribution equipment 1 (QKD1) when receiving key request, according to key management algorithm, is divided With suitable key, if there is available key, key is just sent to the 3rd Virtual Private Network 1 (VPN1), is obtained in key During.3rd Virtual Private Network 1 (VPN1) is still continued to keep the 3rd with old key while new key is consulted Virtual Private Network 1 (VPN1) works, and the negotiation of new key is consulted in the passage of old key foundation.3rd is virtual special With network 1 the key replacement cycle to when, it is necessary to more new key, the 3rd Virtual Private Network 1 (VPN1) is to quantum key Discharge device 1 (QKD1) hair request key, after correctly key is obtained, the 3rd Virtual Private Network 1 (VPN1) is close by what is obtained Key serial number and Md5 check values tell the 4th Virtual Private Network 2 (VPN2), and the 4th Virtual Private Network 2 (VPN2) basis receives Serial number read key to quantum key distribution equipment 2 (QKD2), read the Md5 values of the key for comparing reading after key with Whether what is received is consistent, if unanimously, the 4th Virtual Private Network 2 (VPN2), which is responded, confirms that key obtains successfully (OK), shows this Secondary key update obtains successfully;Otherwise respond key and obtain failure.

Claims (1)

1. the network cryptographic device based on quantum key, including Virtual Private Network, it is empty that the Virtual Private Network includes first Intend dedicated network, the second Virtual Private Network, be connected between adjacent virtual dedicated network by virtual private network tunnel;Also wrap Quantum key distribution equipment is included, it is close that the quantum key distribution equipment includes i.e. the first quantum key distribution equipment, the second quantum Key discharge device is connected by optical fiber between adjacent quantum key distribution equipment;The Virtual Private Network and the first quantum are close Key discharge device, the second quantum key distribution equipment are connected, and establish key and read passage;Quantum is added in Virtual Private Network Key injection module, quantum key injection module are responsible for taking key from quantum key distribution equipment, for needing to upload in network Defeated data are encrypted or decrypt, encrypt or decrypt used in key from the first quantum key distribution equipment, the second quantum Cipher key distribution system obtains;It is characterized in that:Being established between Virtual Private Network and quantum key distribution equipment has key reading Passage, the key read the key that passage is used for transmission the generation of quantum key distribution equipment;Quantum Virtual Private Network is used for Key request is sent to quantum key distribution equipment and after key is obtained from quantum key distribution equipment, quantum virtual private Key synchronization is carried out between network, to determine that the key obtained is identical key pair;If synchronous correct, with the key of acquisition Communication data is encrypted, is decrypted;If synchronous incorrect, re-request key.
CN201711156815.9A 2017-11-20 2017-11-20 Network cryptographic device based on quantum key Withdrawn CN108123797A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711156815.9A CN108123797A (en) 2017-11-20 2017-11-20 Network cryptographic device based on quantum key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711156815.9A CN108123797A (en) 2017-11-20 2017-11-20 Network cryptographic device based on quantum key

Publications (1)

Publication Number Publication Date
CN108123797A true CN108123797A (en) 2018-06-05

Family

ID=62228496

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711156815.9A Withdrawn CN108123797A (en) 2017-11-20 2017-11-20 Network cryptographic device based on quantum key

Country Status (1)

Country Link
CN (1) CN108123797A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110071943A (en) * 2019-05-28 2019-07-30 中国电子科技集团公司第三十研究所 The compound high safety IP secret communication method of the truly random variation of key
CN112367124A (en) * 2019-09-01 2021-02-12 成都量安区块链科技有限公司 Quantum relay node virtualization method and device
CN113347147A (en) * 2021-04-15 2021-09-03 中安云科科技发展(山东)有限公司 Two-point secret key safety synchronization method, system and equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201830272U (en) * 2010-09-17 2011-05-11 安徽问天量子科技股份有限公司 Network encryption machine based on quantum keys

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201830272U (en) * 2010-09-17 2011-05-11 安徽问天量子科技股份有限公司 Network encryption machine based on quantum keys

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110071943A (en) * 2019-05-28 2019-07-30 中国电子科技集团公司第三十研究所 The compound high safety IP secret communication method of the truly random variation of key
CN110071943B (en) * 2019-05-28 2021-07-27 中国电子科技集团公司第三十研究所 Compound high-safety IP secret communication method with truly random change of secret key
CN112367124A (en) * 2019-09-01 2021-02-12 成都量安区块链科技有限公司 Quantum relay node virtualization method and device
CN112367124B (en) * 2019-09-01 2022-07-15 成都量安区块链科技有限公司 Quantum relay node virtualization method and device
CN113347147A (en) * 2021-04-15 2021-09-03 中安云科科技发展(山东)有限公司 Two-point secret key safety synchronization method, system and equipment

Similar Documents

Publication Publication Date Title
CN201830272U (en) Network encryption machine based on quantum keys
CN107453869B (en) A method of realizing the IPSecVPN of quantum safety
CN110535868A (en) Data transmission method and system based on Hybrid Encryption algorithm
JP5845393B2 (en) Cryptographic communication apparatus and cryptographic communication system
US20110170692A1 (en) Method And System For Establishing Cryptographic Communications Between A Remote Device And A Medical Device
CN109194656A (en) A kind of method of distribution wireless terminal secure accessing
CN104158653A (en) Method of secure communication based on commercial cipher algorithm
CN103338215A (en) Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm
CN109951513B (en) Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card
CN108173644A (en) Data transfer encryption method, device, storage medium, equipment and server
CN102780698A (en) User terminal safety communication method in platform of Internet of Things
CN102111273B (en) Pre-sharing-based secure data transmission method for electric load management system
CN110969431A (en) Safe trusteeship method, equipment and system of block chain digital currency private key
CN110519300A (en) Client key method for secure storing based on password bidirectional authentication
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN108123797A (en) Network cryptographic device based on quantum key
CN107483388A (en) A kind of safety communicating method and its terminal and high in the clouds
CN108632251A (en) Authentic authentication method based on cloud computing data service and its Encryption Algorithm
CN105612728A (en) Secured data channel authentication implying a shared secret
CN110224816A (en) Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number
CN110519222A (en) Outer net access identity authentication method and system based on disposable asymmetric key pair and key card
WO2020042023A1 (en) Instant messaging data encryption method and apparatus
CN109995785A (en) File security unlocking method in local area network based on quantum cryptography
CN109587149A (en) A kind of safety communicating method and device of data
JP5102701B2 (en) Secret key distribution method and secret key distribution system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20180605

WW01 Invention patent application withdrawn after publication