CN108173652A - IPSec VPN cipher machines based on quantum key distribution - Google Patents

IPSec VPN cipher machines based on quantum key distribution Download PDF

Info

Publication number
CN108173652A
CN108173652A CN201810147575.4A CN201810147575A CN108173652A CN 108173652 A CN108173652 A CN 108173652A CN 201810147575 A CN201810147575 A CN 201810147575A CN 108173652 A CN108173652 A CN 108173652A
Authority
CN
China
Prior art keywords
key
quantum key
quantum
vpn
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810147575.4A
Other languages
Chinese (zh)
Inventor
查振兴
高泉
李强
刘潇
张伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Sanjiang Space Network Communication Co Ltd
Original Assignee
Wuhan Sanjiang Space Network Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Sanjiang Space Network Communication Co Ltd filed Critical Wuhan Sanjiang Space Network Communication Co Ltd
Priority to CN201810147575.4A priority Critical patent/CN108173652A/en
Publication of CN108173652A publication Critical patent/CN108173652A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The IPSec VPN cipher machines based on quantum key distribution of the present invention, including the industrial control mainboard using server architecture, optical fiber network interface and normal grid mouth, wherein optical fiber network interface is supported to be attached with quantum key server, specific quantum key is obtained, for VPN hand shaking processes;Normal grid mouth is used to establish routine VPN circuits with opposite end VPN device;Encrypted card is connect with industrial control mainboard by data/address bus, provides regular key and enciphering and deciphering algorithm, for VPN hand shakings and data encrypting and deciphering;Electron key is connect with encrypted card by data line, for the backup and recovery of key;DOM disks are connect with industrial control mainboard by data/address bus, store the software systems of VPN cipher machines.The quantum VPN technologies of the present invention are for the hand shaking process in Internet protocol safety standards frame structure (ipsec protocol) by the key generated in quantum key distribution system, key safety distribution is solved the problems, such as using quantum key distribution technology, makes that the key of unconditional security can be shared between communicating pair.

Description

IPSec VPN cipher machines based on quantum key distribution
Technical field
The invention belongs to the safe and secret fields of communication technology of quantum, and in particular to the IPSec based on quantum key distribution VPN cipher machines.
Background technology
VPN (Virtual Private Network) Virtual Private Network is that one kind is added on public network using tunnel Transmission is encrypted in the dedicated network that secret skill art is set up.It can help strange land user, branch, business parnter with Company's internal network establishes believable secure connection, and ensures the safe transmission of data.
Ipsec protocol is ensured to pacify based on IP communication datas end to end by what IETF (Internet engineering task forces) was formulated A kind of network layer protocol of full property can provide data integrity protection, data source discriminating, load confidentiality and preventing playback attack Wait security services.IKE (Internet Key Exchange) belongs to a kind of hybrid protocol, and based on ISAKMP, (internet security joins Alliance and Key Management Protocol) frame that defines, for exchanging and managing the key used in VPN negotiations process.
Current tradition VPN cipher machines carry out hand shaking, such as patent announcement number is using IKE modes The patent of invention of CN102111377A " network cryptographic machine " it is a tradition VPN cipher machines, it is further with computing capability It improves, key has the risk being cracked in VPN negotiations process.How by Quantum Secure Communication and traditional VPN network Fusion, improves the safety of data transmission, becomes the emphasis paid close attention at present.
Invention content
The present invention is to merge Quantum Secure Communication with traditional VPN network, improves the safety of data transmission, provides A quantum VPN cipher machines, quantum key distribution technology is introduced into IKE cipher key agreement process, solves tradition VPN passwords The safety issue of machine negotiations process.
The IPSec VPN cipher machines based on quantum key distribution of the present invention, it is characterised in that including:
Industrial control mainboard:Using the industrial control mainboard of server architecture, optical fiber network interface and normal grid mouth, wherein optical network are supported Mouth is attached with quantum key server, specific quantum key is obtained, for VPN hand shaking processes;Normal grid mouth For establishing routine VPN circuits with opposite end VPN device;
Encrypted card:It is attached with industrial control mainboard by peripheral components interconnection bus standard, regular key and plus solution is provided Close algorithm, for VPN hand shakings and data encrypting and deciphering;
Electron key:It is connect with encrypted card by universal serial bus, for the backup and recovery of key;
DOM disks:It is connect with industrial control mainboard by computer bus, stores the software systems of VPN cipher machines.
Specifically, the software systems include system kernel module, quantum key Switching Module, crypto-operation module, page Face configuration module,
The system kernel module:Normal for cipher machine starts operation, including startup program, each hardware driving, right The processing of physical layer data, system usual instructions;
Quantum key Switching Module:For the management and use to quantum key, acquisition, quantum including quantum key are close The negotiation use of key, the mark of local terminal quantum key and opposite end quantum key, authentication key, encryption key;
Crypto-operation module:For negotiations process and after the completion of negotiating, the encryption and decryption of data transmission works, including symmetrical Algorithm, asymmetric arithmetic, hash algorithm, random number;
Page configuration module:For being managed to cipher machine, by browser login password machine administration page, including right Local password machine intranet and extranet message breath, routing iinformation, account information are configured, complete with postpone can with opposite end cipher machine into Row negotiation communication.
Specifically, the quantum key Switching Module includes quantum module, and the essential information of the quantum module includes obtaining Time cycle, quantum key mark, authentication key, encryption key are taken, after the completion of configuration, the quantum module will go to obtain first Quantum key verifies quantum key and by quantum key for ike negotiation process, system default using quantum key with Opposite end carries out ike negotiation, if quantum key obtains failure or check errors, automatically switches to conventional ike negotiation, not shadow Ring the break-make of vpn tunneling.
Specifically, the quantum key Switching Module further includes the key exchange negotiation module for including Key Exchange Protocol, The Key Exchange Protocol includes first stage and second stage:
In exchanging in the first stage, communicating pair establishes the SA of an ISAKMP, which is to negotiate both sides to protect it Between communication and the sharing policy and key that use.The negotiations process of IPSec SA is protected with this SA.One ISAKMP SA can be used for establishing multiple IPSec SA;
In second stage exchange, communicating pair establishes IPSec SA using first stage ISAKMP SA negotiations, determines logical Believe the ipsec security strategy and session key of both sides.
Preferably, the encrypted card is connect with industrial control mainboard by PCI-E slots.
Preferably, the electron key is connect with encrypted card by USB.
Preferably, the DOM disks are connect with industrial control mainboard by SATA modes.
The present invention is a gigabit using industry control mechanism rack based on quantum key distribution protocol and ipsec security agreement VPN cipher machines.Quantum secret communication is then combined with quantum-mechanical basic principle by classical cipher theory and is generated, but Unlike classical teaching aid puzzle, the great advantage of quantum secret communication be it with theoretic Unconditional security with High efficiency.The main application form of quantum communications at this stage is the secret communication based on quantum key distribution (QKD), distribution procedure It is exactly the process that communicating pair completes key agreement on unsafe channel (quantum channel and classical channel), quantum channel can To be that either free space is used for transmission single photon signal or entangled photon pairs to optical fiber, classical channel is used for subsequent negotiation Deng.Generation and authentication mechanism, authentication mechanism of the safety of quantum key dependent on key ensure that communicating pair is can be found that surreptitiously The presence of hearer, so as to ensure the safety of cipher key agreement process.
The IPSec VPN cipher machines based on quantum-key distribution of the present invention will generate in quantum key distribution system Key is used for the hand shaking process in Internet protocol safety standards frame structure (ipsec protocol), close using quantum Key distribution technique solves the problems, such as key safety distribution, makes that the key of unconditional security can be shared between communicating pair.
The quantum VPN cipher machines hardware platform of the present invention passes through optical fiber network interface and quantum service using optic electric interface mainboard Device connection obtains quantum key (passing through optical fiber network interface amount to obtain sub-key), and Encrypt and Decrypt operation is carried out by hardware encryption card, Hardware encryption card provides crypto-operation module.Software platform includes:System kernel module, quantum key Switching Module, password fortune Calculate module, page configuration module.Quantum VPN cipher machines are compatible with tradition VPN cipher machine functions, when obtaining quantum key failure, Traditional IKE (Internet Key Exchange) will be automatically switched to hold consultation with opposite end.
In terms of key agreement pattern, quantum VPN cipher machines are mutually tied with ipsec protocol using quantum key distribution agreement It closes, also supports traditional standard ike negotiation pattern.Standard negotiation pattern is the IPSec that national Password Management office in 2014 promulgates Negotiation standard in VPN technologies specification includes key exchange module, tunnel encapsulation module.Key agreement pattern herein be On the basis of standard negotiation pattern, it is integrated with the use of quantum key.Country puts into effect the VPN about quantum key not yet at present Technical specification.Standard negotiation pattern includes key and exchanges submodule and tunnel encapsulation submodule.It is mainly complete that key exchanges submodule Into the session key agreement of communicating pair, the encrypted tunnel of communicating pair is formed.Tunnel encapsulation submodule completes IP data packets Capture carries out corresponding circulation processing according to the information inquiry security strategy of data packet, and according to security strategy:Forward, encrypt, It decrypts, turn upper-layer protocol etc..
Attached drawing and explanation
Technical solution in technology in order to illustrate the embodiments of the present invention more clearly, in being described below to embodiment technology Required attached drawing is briefly described.IPSec VPN cipher machines based on quantum key distribution here referred to as " quantum VPN cipher machines ".
Fig. 1 is quantum VPN cipher machine functional structure charts;
Fig. 2 is the protocol figure that quantum VPN cipher machines use;
Fig. 3 passes in and out flow chart for quantum VPN cipher machines data packet;
Fig. 4 is quantum VPN cipher machine applied environment figures;
Fig. 5 is quantum VPN cipher machine application journal displayings.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes.
With reference to shown in attached drawing 1, the content of present invention is the IPSec VPN cipher machines based on quantum key distribution, including:
Industrial control mainboard:Using the industrial control mainboard of server architecture, optical fiber network interface and normal grid mouth, wherein optical network are supported Mouth is attached with quantum key server, specific quantum key is obtained, for VPN hand shaking processes;Normal grid mouth For establishing routine VPN circuits with opposite end VPN device;
Encrypted card:It is connect with industrial control mainboard by PCI-E slots, regular key and enciphering and deciphering algorithm is provided, held for VPN Handball Association quotient and data encrypting and deciphering;Common PCI can also be used.
Electron key:With encrypted card using universal serial bus, support hot plug, use USB connections in the present embodiment, use In the backup and recovery of key;
DOM disks:It is connect with industrial control mainboard by SATA modes, stores the software systems of VPN cipher machines.SATA belongs to computer Bus, major function are used as mainboard and a large amount of storage devices, such as hard disk.
Specifically, the software systems include system kernel module, quantum key Switching Module, crypto-operation module, page Face configuration module needs to communicate between each module, using interprocess communication mode,
The system kernel module:Normal for cipher machine starts operation, including startup program, each hardware driving, right The processing of physical layer data, system usual instructions;
Quantum key Switching Module:For the management and use to quantum key, acquisition, quantum including quantum key are close The negotiation use of key, the mark of local terminal quantum key and opposite end quantum key, authentication key, encryption key;
Crypto-operation module:For negotiations process and after the completion of negotiating, the encryption and decryption of data transmission works, including symmetrical Algorithm, asymmetric arithmetic, hash algorithm, random number;
Page configuration module:For being managed to cipher machine, by browser login password machine administration page, including right Local password machine intranet and extranet message breath, routing iinformation, account information are configured, complete with postpone can with opposite end cipher machine into Row negotiation communication.
For adaptation quantum cipher machine, the quantum key Switching Module of customized development includes quantum module, the quantum module Essential information include obtain the time cycle, quantum key mark, authentication key, encryption key, after the completion of configuration, the quantum Module will go to obtain quantum key, quantum key be verified and by quantum key for ike negotiation process first, and system is write from memory Recognize and ike negotiation is carried out using quantum key and opposite end, if quantum key obtains failure or check errors, automatically switch to Conventional ike negotiation does not influence the access of original vpn tunneling.
The quantum key Switching Module further includes the key exchange negotiation module for including Key Exchange Protocol, the key Exchange agreement includes first stage and second stage, and the first stage uses holotype, and second stage uses quick mode:
In exchanging in the first stage, holotype is the switching phase of an identity-based protection, realizes the body of communicating pair Part Authentication and Key Agreement, obtains working key;Communicating pair (transmitting terminal and receiving terminal) establishes an ISAKMP (internet Security Association and Key Management Protocol) SA (Security Association), the SA be negotiate both sides for protection they between communication make Sharing policy and key protect the negotiations process of IPSec SA with this SA.One ISAKMP SA can be used for establishing Multiple IPSec SA;Sharing policy is the policy information that two terminals carry out VPN negotiations, depending on practical application environment, this In embodiment, initiator and recipient need to exchange data, and the content of exchange includes Nonce (generation encryption key and authentication key Necessary parameter), the load such as identification ID, also relate to specific data format, various Encryption Algorithm in exchange process Some sharing policy information in this way such as pattern.
In second stage exchange, Quick mode exchange depends on the Main mode exchange of first stage, as IPSec SA A part for negotiations process negotiates the security strategy of IPSec SA and derivative session key;Communicating pair uses the first stage IPSec SA are established in ISAKMP SA negotiations, determine the ipsec security strategy and session key of communicating pair.
In the present embodiment, the quantum module disappears according to quantum key in the formation speed of quantum key and negotiations process Consumption, can with the acquisition period of quantum key, since quantum key formation speed is limited, if quantum key every time can only 1KB sizes are collected, and VPN negotiations each time need the quantum key using 512B sizes, then go to adopt after per VPN twice negotiating Collect quantum key, achieve the purpose that make full use of quantum key.
The software platform of the present invention includes:System kernel module, quantum key Switching Module, crypto-operation module, the page Configuration module.System kernel module starts operation for the normal of cipher machine.Quantum key Switching Module is used for quantum key Management, including obtaining quantum key, quantum key negotiation, local terminal quantum mark, authentication key, encryption key etc..Password is transported Calculate the data encrypting and deciphering work that module is used for after negotiating successfully.Page configuration is used to provide WEB configuration operations to administrator.
For the agreement that quantum VPN cipher machines use, with reference to shown in attached drawing 2, Ethernet is current most important LAN Networking technology, refine and practicality TCP/IP architectures in network layer and network access layer when, employ Underlying protocol of the IEEE802.2 logic link controls as TCP/IP architectures.And quantum key distribution agreement and IEEE802.2 logic link controls belong to network insertion (mouth) layer, it provides the cryptographic services with unconditional security for upper strata. The security service that IPSec (layer) security protocol is provided provides in network layer, it provides such as network for upper-layer protocol The access control of unit, data source authentication and limited data flow secrecy.Sublayer is carried out to quantum key distribution agreement simultaneously It divides, coding layer mainly generates original key stream;Screening layer is used to filter out some by shadows such as noise, eavesdropping, destructions Loud undesirable quantum key bit;EDC error detection and correction layer be used for after screening quantum key bit carry out error detection and Error correction;Secrecy enhancement layer is used to that transmission to be encrypted to the quantum key used during intercommunication;Authentication layers are used to prevent Attack in communication process is authenticated the integrality and consistency of quantum key.
As communication party once it is determined that when carrying out quantum-key distribution processing to data stream, it is put into quantum key Lookup matching is carried out in the database of distributorship agreement security association library, there are many security items in database, each entry is by following Several domains are formed:
1. screen domain:Negotiate specific screening technique and strategy for the communicating pair of Virtual Private Network in the domain;
2. EDC error detection and correction domain:Negotiate specific EDC error detection and correction technology for Virtual Private Network communicating pair in the domain;
3. secrecy enhancing domain:Negotiate specific secrecy enhancing technology and plan for the communicating pair of Virtual Private Network in the domain Slightly;
4. security association life cycle domain:A time interval is contained in the domain, additional one expired when the Security Association When whether the mark for being substituted or being terminated.The life cycle of security association represents with two kinds of parametric forms, Yi Zhongshi The form of time interval, another kind are generated eventually for encrypted cipher key number.If both parameters all employ, Be subject to first it is expired, i.e., parameter expired at first is preferential.
When to carry out quantum distribution key handling there are one data packet, by being parsed from the domain of upper layer data packet header Domain information search quantum key distribution protocol security association database, if as soon as a matched entry is found, to data packet It is handled, if not finding matched entry, just abandons the data packet.
For quantum VPN cipher machines to the encapsulation of data packet and inflow and outflow form, with reference to shown in attached drawing 3, communication is double It adds corresponding strategy after the completion of SA negotiations in SPD (security policy database) and fills SA security association database in side.Work as hair When sending end cipher machine sends IP data packet texts, first according to source IP address, purpose IP address, source port, purpose in IP data packets Port and protocol number search corresponding SA.Data packet is encrypted, calculates HMAC verifications and ESP agreements envelope according to SA Dress.When IP datagram text is transferred to receiving terminal cipher machine, receiving terminal cipher machine is first according to SPI (the security strategy ropes on ESP heads Draw) parameter lookup SA, carry out HMAC integrity verifications to receiving data packet, the sequence number in ESP heads carries out putting weight It puts inspection, data be decrypted and filler inspection, deblocking recombination is finally carried out to data packet and is sent.
In the case where quantum key distribution protocol is determined, the generation of quantum key and exchange process are as follows:
1. transmitting terminal generates primary key and after each sublayer processing of quantum key distribution protocol, close by quantum Key distributes network transmission to receiving terminal, negotiates through both sides, ultimately generates for encrypted key;
2. these keys are inputted in transmitting terminal as the key of ipsec security agreement Encryption Algorithm, to Virtual Private Network (VPN) data flow of communicating pair is encrypted;
3. encrypted data flow is transmitted in public infrastructure network, receiving terminal is reached;
4. receiving terminal is decrypted using the data key stream negotiated, original data stream is generated.
The application environment of quantum VPN cipher machine reality with reference to shown in attached drawing 4, is disposed using routing mode, is propped up simultaneously Hold the deployment of single armed pattern.Service terminal is exactly current work computer in Fig. 4, and service switch is exactly current conventional classical friendship Change planes, quantum VPN be exactly the present invention the IPSec VPN cipher machines based on quantum key distribution, quantum key gateway be used for VPN cipher machines provide quantum key, and quantum communicativity machine is used for the forwarding of data in quantum network.
In the case of quantum key interruption is simulated in system and normal network environment, IKE keys and quantum key are tested Automatic switchover effect, with reference to shown in attached drawing 5:VPN journal displayings cipher mode is observed for quantum key by daily record, using end Simulation quantum key failure in end needs that VPN negotiations are switched to IKE keys from quantum key and are surveyed altogether 3 times:
1st testing time:2017-1-11 17:34 to 2017-1-11 18:10
2nd testing time:2017-1-11 18:14 to 2017-1-11 18:22
3rd testing time:2017-1-11 18:28 to 2017-1-11 18:39
After quantum key restores, VPN negotiates to be switched to quantum key from IKE keys for simulation.

Claims (7)

1. the IPSec VPN cipher machines based on quantum key distribution, it is characterised in that including:
Industrial control mainboard:Using the industrial control mainboard of server architecture, support optical fiber network interface and normal grid mouth, wherein optical fiber network interface with Quantum key server is attached, and obtains specific quantum key, for VPN hand shaking processes;Normal grid mouth is used for Routine VPN circuits are established with opposite end VPN device;
Encrypted card:It is attached with industrial control mainboard by peripheral components interconnection bus standard, regular key is provided and encryption and decryption is calculated Method, for VPN hand shakings and data encrypting and deciphering;
Electron key:It is connect with encrypted card using universal serial bus, for the backup and recovery of key;
DOM disks:It is connect with industrial control mainboard by computer bus, stores the software systems of VPN cipher machines.
2. the IPSecVPN cipher machines based on quantum key distribution according to any one of claim 1, feature exist In:The software systems include system kernel module, quantum key Switching Module, crypto-operation module, page configuration module,
The system kernel module:Normal for cipher machine starts operation, including startup program, each hardware driving, to physics The processing of layer data, system usual instructions;
Quantum key Switching Module:For the management and use to quantum key, acquisition, quantum key including quantum key Negotiate the mark, authentication key, encryption key of use, local terminal quantum key and opposite end quantum key;
Crypto-operation module:For negotiations process and after the completion of negotiating, the encryption and decryption of data transmission works, including symmetrically calculating Method, asymmetric arithmetic, hash algorithm, random number;
Page configuration module:For being managed to cipher machine, by browser login password machine administration page, including to local Cipher machine intranet and extranet message breath, routing iinformation, account information are configured, and completion, which is matched, to be postponed and can be assisted with opposite end cipher machine Quotient communicates.
3. according to the IPSec VPN cipher machines based on quantum key distribution in claim 2, it is characterised in that:The quantum Key exchange module includes quantum module, the essential information of the quantum module include obtaining the time cycle, quantum key mark, Authentication key, encryption key, after the completion of configuration, the quantum module will go to obtain quantum key, quantum key will be carried out first It verifies and by quantum key for ike negotiation process, system default carries out ike negotiation using quantum key and opposite end, if amount Sub-key obtains failure or check errors, then automatically switches to conventional ike negotiation, do not influence the break-make of vpn tunneling.
4. according to the IPSec VPN cipher machines based on quantum key distribution in claim 3, it is characterised in that:The quantum Key exchange module further includes the key exchange negotiation module for including Key Exchange Protocol, and the Key Exchange Protocol includes first Stage and second stage:
In exchanging in the first stage, communicating pair establishes the SA of an ISAKMP, which is to negotiate both sides to protect they it Between communication and the sharing policy and key that use.The negotiations process of IPSec SA is protected with this SA.One ISAKMP SA It can be used for establishing multiple IPSec SA;
In second stage exchange, communicating pair establishes IPSec SA using first stage ISAKMP SA negotiations, determines that communication is double The ipsec security strategy and session key of side.
5. the IPSec VPN cipher machines according to claim 1 based on quantum key distribution, it is characterised in that:It is described to add Close card is connect with industrial control mainboard by PCI-E slots.
6. the IPSec VPN cipher machines according to claim 1 based on quantum key distribution, it is characterised in that:The electricity Sub- key is connect with encrypted card by USB.
7. the IPSec VPN cipher machines according to claim 1 based on quantum key distribution, it is characterised in that:The DOM Disk is connect with industrial control mainboard by SATA modes.
CN201810147575.4A 2018-02-12 2018-02-12 IPSec VPN cipher machines based on quantum key distribution Pending CN108173652A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810147575.4A CN108173652A (en) 2018-02-12 2018-02-12 IPSec VPN cipher machines based on quantum key distribution

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810147575.4A CN108173652A (en) 2018-02-12 2018-02-12 IPSec VPN cipher machines based on quantum key distribution

Publications (1)

Publication Number Publication Date
CN108173652A true CN108173652A (en) 2018-06-15

Family

ID=62513966

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810147575.4A Pending CN108173652A (en) 2018-02-12 2018-02-12 IPSec VPN cipher machines based on quantum key distribution

Country Status (1)

Country Link
CN (1) CN108173652A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109309570A (en) * 2018-10-15 2019-02-05 北京天融信网络安全技术有限公司 Quantum key method used in SSL VPN and relevant device and storage medium
CN111158938A (en) * 2019-12-31 2020-05-15 重庆鲲量科技有限公司 QKD-based communication method between server and browser client
CN112235318A (en) * 2020-11-17 2021-01-15 国科量子通信网络有限公司 Metropolitan area network system for realizing quantum security encryption
WO2021027035A1 (en) * 2019-08-09 2021-02-18 苏州浪潮智能科技有限公司 Network security ipsec acceleration processing method and system
CN113037478A (en) * 2021-03-22 2021-06-25 阿米华晟数据科技(江苏)有限公司 Quantum key distribution system and method
CN113489586A (en) * 2021-07-26 2021-10-08 河南国科量子通信网络有限公司 VPN network system compatible with quantum key negotiation
CN114244506A (en) * 2021-12-10 2022-03-25 问天鼎讯量子科技(无锡)有限公司 Method and system for quickly synchronizing quantum key
CN114650129A (en) * 2020-12-21 2022-06-21 科大国盾量子技术股份有限公司 Quantum cryptography device, quantum key management apparatus, and quantum key relay system
WO2023089699A1 (en) * 2021-11-17 2023-05-25 日本電信電話株式会社 Communication system, communication device, method, and program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103441839A (en) * 2013-08-15 2013-12-11 国家电网公司 Method and system for using quantum cryptography in safe IP communication
CN104660603A (en) * 2015-02-14 2015-05-27 山东量子科学技术研究院有限公司 Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network)
CN107453869A (en) * 2017-09-01 2017-12-08 中国电子科技集团公司第三十研究所 A kind of method for the IPSecVPN for realizing quantum safety
CN211352206U (en) * 2018-02-12 2020-08-25 武汉三江航天网络通信有限公司 IPSec VPN cryptographic machine based on quantum key distribution

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103441839A (en) * 2013-08-15 2013-12-11 国家电网公司 Method and system for using quantum cryptography in safe IP communication
CN104660603A (en) * 2015-02-14 2015-05-27 山东量子科学技术研究院有限公司 Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network)
CN107453869A (en) * 2017-09-01 2017-12-08 中国电子科技集团公司第三十研究所 A kind of method for the IPSecVPN for realizing quantum safety
CN211352206U (en) * 2018-02-12 2020-08-25 武汉三江航天网络通信有限公司 IPSec VPN cryptographic machine based on quantum key distribution

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109309570B (en) * 2018-10-15 2021-09-14 北京天融信网络安全技术有限公司 Method for using quantum key in SSL VPN and corresponding equipment and storage medium
CN109309570A (en) * 2018-10-15 2019-02-05 北京天融信网络安全技术有限公司 Quantum key method used in SSL VPN and relevant device and storage medium
WO2021027035A1 (en) * 2019-08-09 2021-02-18 苏州浪潮智能科技有限公司 Network security ipsec acceleration processing method and system
CN111158938A (en) * 2019-12-31 2020-05-15 重庆鲲量科技有限公司 QKD-based communication method between server and browser client
CN112235318A (en) * 2020-11-17 2021-01-15 国科量子通信网络有限公司 Metropolitan area network system for realizing quantum security encryption
CN112235318B (en) * 2020-11-17 2023-07-14 国科量子通信网络有限公司 Metropolitan area network system for realizing quantum security encryption
CN114650129A (en) * 2020-12-21 2022-06-21 科大国盾量子技术股份有限公司 Quantum cryptography device, quantum key management apparatus, and quantum key relay system
CN113037478A (en) * 2021-03-22 2021-06-25 阿米华晟数据科技(江苏)有限公司 Quantum key distribution system and method
CN113489586A (en) * 2021-07-26 2021-10-08 河南国科量子通信网络有限公司 VPN network system compatible with quantum key negotiation
CN113489586B (en) * 2021-07-26 2023-01-31 河南国科量子通信网络有限公司 VPN network system compatible with quantum key negotiation
WO2023089699A1 (en) * 2021-11-17 2023-05-25 日本電信電話株式会社 Communication system, communication device, method, and program
CN114244506A (en) * 2021-12-10 2022-03-25 问天鼎讯量子科技(无锡)有限公司 Method and system for quickly synchronizing quantum key
CN114244506B (en) * 2021-12-10 2024-04-02 问天鼎讯量子科技(无锡)有限公司 Method and system for quickly synchronizing quantum keys

Similar Documents

Publication Publication Date Title
CN108173652A (en) IPSec VPN cipher machines based on quantum key distribution
CN107018134B (en) Power distribution terminal safety access platform and implementation method thereof
CN107453869B (en) A method of realizing the IPSecVPN of quantum safety
US7039713B1 (en) System and method of user authentication for network communication through a policy agent
CN108881224A (en) Encryption method and related device for power distribution automation system
CN108432205A (en) Use the system and method for the multi-party communication of the safety of agency
JP2018534884A (en) Client-cloud or remote server secure data or file object encryption gateway
US20100228968A1 (en) Split termination of secure communication sessions with mutual certificate-based authentication
CN111819824A (en) Decrypting transport layer security traffic without a broker
CN106104562A (en) Safety of secret data stores and recovery system and method
Ahmed et al. Diffie-Hellman and its application in security protocols
CN211352206U (en) IPSec VPN cryptographic machine based on quantum key distribution
Li et al. ME-TLS: middlebox-enhanced TLS for internet-of-things devices
CN111130775A (en) Key negotiation method, device and equipment
WO2009018510A1 (en) Systems and methods for implementing a mutating internet protocol security
Yang et al. Publicly verifiable outsourced data migration scheme supporting efficient integrity checking
Angelo Secure Protocols And Virtual Private Networks: An Evaluation.
CN107276996A (en) The transmission method and system of a kind of journal file
CN105591748B (en) A kind of authentication method and device
CN112073182B (en) Quantum key management method and system based on block chain
Purchina et al. Improving the security level of the information system using the SSL protocol
Liu Next generation SSH2 implementation: securing data in motion
Zhang et al. Anonymous multi-hop payment for payment channel networks
Boyd et al. Design and analysis of key exchange protocols via secure channel identification
Marchesini et al. Virtual hierarchies-an architecture for building and maintaining efficient and resilient trust chains

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination