CN108462573A - A kind of flexible quantum safety moving communication means - Google Patents
A kind of flexible quantum safety moving communication means Download PDFInfo
- Publication number
- CN108462573A CN108462573A CN201810132408.2A CN201810132408A CN108462573A CN 108462573 A CN108462573 A CN 108462573A CN 201810132408 A CN201810132408 A CN 201810132408A CN 108462573 A CN108462573 A CN 108462573A
- Authority
- CN
- China
- Prior art keywords
- qkmc
- qkd
- mobile terminal
- key
- bound
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Abstract
The invention discloses a kind of flexible quantum safety moving communication means, QKD nodes provide the injection service of quantum foundation key for mobile terminal, negotiate quantum key by QKD networks between QKD nodes and QKMC;QKMC distributes session key between two or more mobile terminals;Including registration process and online negotiation session key process.The present invention has more flexible quantum key service and way to manage:Quantum key service can be obtained in any QKD nodes after the sub- foundation key of a mobile terminal shot, can again be filled in any one QKD node after being finished, access;The overall process of acquisition for mobile terminal session key is quantum safety, needs to compare with higher safety using the key distribution scheme of the mobile application of traditional secrete key Negotiation Technology with other;Generation and negotiation that quantum key administrative center unifies management and control user conversation key are introduced, the management with higher efficiency and Life cycle.
Description
Technical field
The present invention relates to a kind of flexible quantum safety moving communication means.
Background technology
Under the background of cyberspace safe practice fast development, under the excitation of national related industry policy, with quantum
Quantum communications based on the deployment of encryption key distribution (Quantum Key Distribution, QKD) network and application system construction
Industry has stepped into fast-developing period.QKD is based on principle of quantum mechanics, is so far uniquely by the close of Strict Proof unconditional security
The key method of salary distribution.QKD combines " one-time pad " Encryption Algorithm, can fundamentally solve the safety issue of data transmission, has
There is important actual application value.
With the fast development of mobile Internet, mobile interchange and mobile office have become main trend.At the same time, mobile
The security challenge of application is more severe.Enterprise and research institution in domestic quantum communications field are all in positive cloth quant safety
With the technology and patent that mobile application is combined, and focus development quantum safety moving application system.The movement of quantum safety is answered
With one of the important directions for having become QKD applications.
Currently, carrying out the realization method of the mobile secret communication application amount of being mostly using the quantum key that QKD networks generate
Sub-key relays or ciphertext trunking scheme, there is a problem of being not easy to unified management and control and safety it is less perfect (for example, quantum is close
Key is not have quantum safety using conventional cipher encryption forwarding mostly from QKD network to mobile terminal).
Invention content
In order to overcome the disadvantages mentioned above of the prior art, the present invention provides a kind of flexible quantum safety moving communication parties
Method, it is intended to solve the problems, such as the unified management and control of quantum key in the communication of quantum safety moving, mobile terminal access sex chromosome mosaicism
With the safety issue of mobile application.
The technical solution adopted by the present invention to solve the technical problems is:A kind of flexible quantum safety moving communication party
Method includes the following steps:
Step 1: mobile terminal login network access, QKD node applications obtain QBK and establish service binding relation list;
Step 2: mobile terminal applies for session key to the branch centers QKMC or QKMC, the branch centers QKMC or QKMC, which are searched, to be moved
QKD nodes bound in dynamic terminal, and send service order to QKD nodes;
Step 3: the quantum key shared with the branch centers QKMC or QKMC is respectively adopted in QKD nodes, encrypt bound mobile
The QBK sub-keys of terminal, and obtained encryption data is issued the branch centers QKMC or QKMC;
Step 4: the branch centers QKMC or QKMC decrypt to obtain the sub-key of the QBK of the mobile terminal bound in QKD nodes,
And session key R is generated, be then utilized respectively after each sub-key encryption R and issues corresponding mobile terminal;Each mobile terminal point
R Xie Mi not be obtained, the session key as this communication;
Step 5: each QKD nodes and its mobile terminal of binding, the branch centers QKMC or QKMC delete respectively it is used close
Key data, and service binding relation list is updated, each QKD node updates node status information.
Compared with prior art, the positive effect of the present invention is:
The present invention has more flexible quantum key service and way to manage, and with the notable innovation of following three aspects
Property:
(1) quantum key service can be obtained in any QKD nodes after the sub- foundation key of a mobile terminal shot, used
It can again be filled in any one QKD node after complete, access;
(2) overall process of acquisition for mobile terminal session key is quantum safety, needs to assist using traditional secrete key with other
The key distribution scheme of the mobile application of quotient's technology, which is compared, has higher safety;
(3) generation and negotiation that quantum key administrative center unifies management and control user conversation key are introduced, is had more efficient
The management of rate and Life cycle.
Description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is the registration process schematic diagram of the method for the present invention;
Fig. 2 is the online negotiation session key process schematic of the method for the present invention;
Fig. 3 is the communication process schematic diagram of the method for the present invention;
Fig. 4 is the group communication schematic diagram of the method for the present invention;
Fig. 5 is QKD nodes connection relationship diagram different from QKMC's in the method for the present invention;
Fig. 6 is the communication process schematic diagram of embodiment one;
Fig. 7 is the communication process schematic diagram of embodiment two;
Fig. 8 is the communication process schematic diagram of embodiment three;
Fig. 9 is the communication process schematic diagram of example IV;
Figure 10 is the communication process schematic diagram of embodiment five;
Figure 11 is the communication process schematic diagram of embodiment six;
Figure 12 is the communication process schematic diagram of embodiment seven;
Figure 13 is the communication process schematic diagram of embodiment eight;
Figure 14 is the communication process schematic diagram of embodiment nine.
Specific implementation mode
One, system of the invention composition
A kind of mobile secret signalling of quantum safety proposed by the present invention includes that QKD nodes, mobile terminal, quantum are close
Key administrative center (Quantum Key Management Center, QKMC) and the branch centers QKMC, wherein:
(1) QKD nodes, be made of the transmitting terminal of one or more quantum key dispatching systems and receiving terminal (including but not
It is limited to the end access node and relay node of QKD networks), quantum-key distribution service is provided;Each QKD nodes can with deposit
Available link other QKD nodes negotiate quantum key, can also with there are the QKMC of available link negotiate quantum key;
The main function of QKD nodes includes but not limited to:(a) it is that registration mobile terminal distributes quantum ID number;(b) it is carried for mobile terminal
For quantum foundation key inject service, and create the service binding relation list between mobile terminal and the QKD nodes (including but
It is not limited to the quantum ID number of mobile terminal, the surplus with the addresss of node binding relationship QKD, quantum foundation key);(c)
To the upload service binding relationship list of the branch centers QKMC or affiliated QKMC;(d) instruction of the branch centers response QKMC or affiliated QKMC,
QKD nodes bound in mobile terminal select the son of the sub- foundation key of corresponding amount close according to the quantum ID number of instruction
Key, the sub-key issue the branch centers QKMC or affiliated QKMC after quantum key is encrypted.
(2) mobile terminal, including but not limited to smart mobile phone, tablet computer, laptop, vehicle-carried mobile equipment or its
It has the software and hardware system of mobile communication function, is the initiator and recipient of communication service.Mobile terminal configuration is permanently deposited
Equipment (including but not limited to flash chip and SD card) is stored up, has the hardware module for supporting network access capacity, has and QKD nets
Network carries out the ability of information exchange, has the computing capability of processing data encrypting and deciphering.Mobile terminal can connect nearby (including but
It is not limited to using USB or NFC interface) QKD nodes, the branch centers QKMC or QKMC, network registration is carried out, and succeeding in registration
The sub- foundation key of import volume afterwards;Mobile terminal can according to application demand in multiple sub- foundation keys of QKD nodes amount to obtain, and by
QKMC selects optimal service strategy according to QKD network conditions, or by the specified amount obtained in some QKD node using it of user
Sub- foundation key.
(3) QKMC is made of QKD nodes, quantum network management system and quantum key management and service system, towards complete
Net is unified to provide quantum network management, quantum key management and session key distribution.
QKMC major functions include but not limited to:
(a) it stores, safeguard and inquire the service binding relation list between mobile terminal and corresponding QKD nodes;According to receipts
The information arrived judges the legitimacy of associated mobile terminal;
(b) it utilizes and each QKD nodes of network connection real-time collecting between other QKD nodes (or the branch centers QKMC)
The status information of (or the branch centers QKMC), and sent to each QKD nodes (or the branch centers QKMC) and carry out quantum key relaying, quantum
Key agreement or report some mobile terminal quantum foundation key sub-key instruction;
(c) network connection between each QKD nodes is safeguarded, the current shape of each QKD nodes to participating in session key agreement
State index is summarized, and is judged and is specified the QKD nodes for participating in session key agreement;Wherein, QKMC judges and specifies session close
The method of QKD nodes that key is negotiated includes but not limited to:QKMC is according to the calling mobile terminal in received solicited message
With the relevant information of called mobile terminal, and corresponding binding relationship between QKD nodes and mobile terminal, obtain in this communication
Caller QKD node address and called QKD node address;Then inquire again and select caller QKD nodes and called QKD nodes it
Between best link.
Selection QKMC elementary tactics include:(a) for the multi-layer QKD networks of tree topology, its root node
As QKMC, using crucial child node as the branch centers QKMC;(b) for the QKD networks of irregular topology structure, QKD networks
Core node as QKMC, using the core node of region subnet as the branch centers QKMC (and by certain rule in QKMC points
The heart is numbered, such as is denoted as QKMC_i).
(4) branch centers QKMC are management node (the typically QKD networks that multiple QKD nodes are directly connected in QKD networks
The Centroid of middle region subnet);The branch centers QKMC are under the mandate of QKMC for bound in the QKD nodes specified by the mandate
Mobile terminal provides session key distribution service.
Two, basic skills
For convenience, key involved in the present invention program is illustrated first, it is involved in the present invention program
And key include mainly:
(1) quantum foundation key (Quantum Basic Key, QBK):It is shared between QKD nodes and mobile terminal
QBK is to be generated by QKD nodes and imported the true random number of mobile terminal (including but not limited to by quantum random number generator etc.
The random number sequence that physical noise source generates);Each secret communication is required for a part for the sub- foundation key of usage amount as son
Key, the sub-key are used for consult session key, use primary i.e. deletion;It is mobile whole after quantum foundation key is used up
End selects a QKD node to fill (including but not limited to USB and NFC interface is used to be filled) again nearby.
(2) quantum key (Quantum Key, QK):Between QKD nodes and QKMC share quantum key, or with it is other
The quantum key shared between QKD nodes, the QKD links by connecting QKD nodes and QKMC (or other QKD nodes) generate (logical
Cross QKD networks allocate in advance or the quantum key of negotiated in real time);The quantum key is deleted using primary.
(3) session key (being denoted as R below):Session key between mobile terminal is produced based on the branch centers QKMC or QKMC
Raw true random number (including but not limited to the random number generated by the physical noises such as quantum random number generator source) is made,
And issue mobile terminal after the sub-key encryption of the sub- foundation key of usage amount;The key is deleted using primary, after use again
Negotiate.
(4) master key (being denoted as MK below):The master key of mobile terminal is to be generated by QKD nodes or QKMC and inject movement
The key for device authentication of terminal.
(5) authentication key (being denoted as AK below):The authentication key of mobile terminal is produced by QKD nodes or QKMC
Give birth to and inject the key for differentiating user's identity of mobile terminal.
The basic principle of the method for the present invention:
QKD nodes provide the injection service of quantum foundation key for mobile terminal, pass through QKD nets between QKD nodes and QKMC
Network negotiates quantum key;Quantum key between quantum foundation key based on mobile terminal and QKMC and QKD nodes, QKMC are
Session key is distributed between two or more mobile terminals.
The method of the present invention includes registration process (as shown in Figure 1) and online negotiation session key process (as shown in Figure 2),
Specifically include following steps (communication process is as shown in Figure 3).(being illustrated below for the communication between two mobile terminals):
Registration process:
Step 1: just proximad a QKD node application networks mobile terminal, unique quantum ID number, master key are obtained
With authentication key (flow 1 in such as Fig. 1);
Step 2: mobile terminal to the sub- foundation key of QKD node applications (user according in certain period of time voice,
The communication requirements application injection rate such as video, data, such as the main business of certain user is enciphoring voice telecommunication, and in one month
General 10 hours of enciphoring voice telecommunication time, then once injection 300Mb just substantially meet the demand in one month.Using 8Kb/
The speech encoding rate of s encrypts vocoded data, 10 hours random keys for needing 288Mb using " one-time pad " mode)
(flow 2 in such as Fig. 1);
Step 3: QKD nodes (include but not limited to that service binding relationship arranges the log-on message for the mobile terminal being collected into
Table and authentication key) using between the QKD nodes and QKMC (or the branch centers QKMC) shared quantum key encrypt after send out
Give QKMC (or the branch centers QKMC) (flow 3 in such as Fig. 1);If do not had between the QKD nodes and QKMC (or the branch centers QKMC)
There is shared quantum key, then needs to negotiate to share quantum key first.
Online negotiation session key process:
Step 1: as shown in Fig. 2, when mobile terminal U and mobile terminal V need communication, initiator U is to QKMC (or QKMC
Branch center) ask the session key (flow 1 in Fig. 2) communicated with V;QKMC (or the branch centers QKMC) carries out identity to U first
Certification searches corresponding service binding relation list and its bound QKD by the quantum ID number according to U and V after certification
Node (the flow 2 in Fig. 2, it is assumed that be QKD_A and QKD_B, U to the sub- foundation key QBKu of QKD_A applications and has been divided into
Multiple sub-key QBKu_i, i=0,1,2 ...;V is to the sub- foundation key QBKv of QKD_B applications and to be divided into multiple sons close
Key QBKv_j, j=0,1,2 ...);QKMC (or the branch centers QKMC) sends service order to QKD_A and QKD_B respectively;QKD_A
QBKu_i is encrypted using shared with QKMC (or the branch centers QKMC) quantum key QK_A, and issue QKMC (or branch centers QKMC,
Flow 3 in Fig. 2);QKD_B encrypts QBKv_j using the quantum key QK_B shared with QKMC (or the branch centers QKMC), concurrently
Give QKMC (or branch centers QKMC, the flow 3 in Fig. 2);QKMC (or the branch centers QKMC) decrypt respectively and obtain QBKu_i and
Then QBKv_j generates session key R, and handleWith(It is XOR operation) it is respectively issued to
U and V (flow 4 in Fig. 2), U and V are decrypted respectively obtains R and the session key (flow in Fig. 2 using R as the secondary communication
5)。
Step 2: U, V, QKMC (or the branch centers QKMC), QKD_A and QKD_B delete used key data respectively, and
Service binding relation list is updated, each node updates node status information (includes but not limited to the link between adjacent node
State, shared key surplus).
For n (n>2) a user carries out the case where group communication (U1, U2 ... as shown in Figure 4, Un), it is assumed that initiator
The cluster conversation key that U1 is asked to QKMC and U2 ..., Un are communicated, QKMC is respectively according to U1, U2 ..., the quantum ID number of Un
Search corresponding service binding relation list and its m bound QKD node (it is assumed that QKD_A1 ..., QKD_Am);QKMC
Respectively to QKD_A1 ..., QKD_Am send service order;QKD_A1 ..., QKD_Am be respectively adopted with QKMC share quantum it is close
Key encrypts the sub-key of the quantum foundation key of bound application terminal and issues QKMC;QKMC decrypt and obtain respectively U1,
The sub-key of U2 ..., Un;Then session key R is generated, and is utilized respectively U1, U2 ..., the sub-key of Un encrypts R and distinguish
Issue U1, U2 ..., Un;U1, U2 ..., Un are decrypted obtain R respectively, and the cluster conversation key using R as the secondary communication.
For the connection relation different from QKMC's of QKD nodes in the method for the present invention, following several allusion quotations have also been devised in the present invention
The application extension method of type is (as shown in Figure 5, it should be noted that the application extension method of the method for the present invention includes but not limited to
Following several methods).
The elementary tactics of application extension:
All callers in the present invention and the session key agreement between called mobile terminal all by QKMC, caller or are called
The branch centers QKMC bound in mobile terminal prepare and distribution.Therefore, quantum involved during session key agreement is close
Key repeated link includes at least bound in the branch centers QKMC or called mobile terminal bound in QKMC, calling mobile terminal
One in the branch centers QKMC.Under the premise of herein, it is specifically including but not limited to following strategy:
(1) strategy A
(A-1) the case where QKMC being directly bound for the QKD nodes bound in caller and called mobile terminal, directly by
QKMC provides service;
(A-2) a case where branch center QKMC being belonged to for the QKD nodes bound in caller and called mobile terminal,
Directly the branch centers QKMC is specified to provide service.
It is directly bound when different for the QKD nodes (such as QKD_A and QKD_B) bound in caller and called mobile terminal
QKMC, and the case where be not belonging to the same branch centers QKMC, using following strategy:
(2) (effective shortest path is at least through a QKMC bound in QKMC, caller or called mobile terminal by strategy B
Branch center):
(B-1) effective most short chain road between the QKD nodes bound in caller and called mobile terminal is (i.e. actually available
Most short chain road) by QKMC but not by the branch centers QKMC bound in caller and called mobile terminal in the case of, by QKMC
The secondary service is provided;
(B-2) effective most short chain road between the QKD nodes bound in caller and called mobile terminal only passes through an institute
In the case of the branch centers QKMC (but not passing through QKMC) of binding, directly service is provided by the branch centers QKMC;
(B-3) effective most short chain road between the QKD nodes bound in caller and called mobile terminal passes through caller simultaneously
In the case of the branch centers QKMC (but not passing through QKMC) bound in called mobile terminal, QKMC is preferentially specified to be moved with caller
The branch centers QKMC belonging to terminal provide the secondary service;
(B-4) effective most short chain road between the QKD nodes bound in caller and called mobile terminal passes through QKMC and master
Cry the branch centers QKMC bound in mobile terminal but not by the branch centers QKMC bound in called mobile terminal in the case of, by
The branch centers QKMC bound in calling mobile terminal provide the secondary service;
(B-5) effective most short chain road between the QKD nodes bound in caller and called mobile terminal by QKMC and by
Cry the branch centers QKMC bound in mobile terminal but not by the branch centers QKMC bound in calling mobile terminal in the case of, by
The branch centers QKMC bound in called mobile terminal provide the secondary service;
(B-6) effective most short chain road between the QKD nodes bound in caller and called mobile terminal passes through QKMC, caller
In the case of the branch centers QKMC bound in called mobile terminal, provided by the branch centers QKMC bound in calling mobile terminal
The secondary service.
(3) (effective shortest path is neither by QKMC nor by bound in caller and called mobile terminal by strategy C
The branch centers QKMC)
QKMC is proceeded as follows:
(a) branch centers QKMC belonging to connection QKD_A, QKD_A and the shortest path 1 between QKD_B are calculated;
(b) branch centers QKMC belonging to connection QKD_A, QKD_B and the shortest path 2 between QKD_B are calculated;
(c) compare shortest path 1 and shortest path 2, if shortest path 1 is optimal, just belonging to specified QKD_A
The branch centers QKMC provide the secondary service;Otherwise, then just the branch centers QKMC belonging to specified QKD_B provide the secondary service.
According to the above strategy, following several typical application extension methods can be directly obtained:
(1) embodiment of tactful (A-1) is (such as in Fig. 5, it is assumed that U and QKD_C1 is bound, and V and QKD_C2 is bound, and QKMC is straight
It connects and this time service is provided):QKD_C1 uses the quantum key QK_C1 shared with QKMC to encrypt QBKu_i, and issues QKMC;QKD_
C2 uses the quantum key QK_C2 shared with QKMC to encrypt QBKv_j, and issues QKMC;QKMC is decrypted and is obtained QBKu_i respectively
And QBKv_j, then generate session key R, and handleWith(It is XOR operation) it sends out respectively
To U and V, U and V are decrypted and are obtained R and (utilize R encrypting plaintext P, agreement flow as the session key of the secondary communication using R respectively
As shown in Figure 6).
(2) embodiment of tactful (A-2) is (such as in Fig. 5, it is assumed that U and QKD_B1 is bound, and V and QKD_B2 is bound, QKD_B1
QKMC2 is specified to provide the secondary service, communication process such as Fig. 7 institutes by QKMC2, QKMC in effective most short chain road between QKD_B2
Show):QKD_B1 uses the quantum key QK_B1 shared with QKMC2 to encrypt QBKu_i, and issues QKMC2;QKD_B2 use with
Quantum key QK_B2 shared QKMC2 encrypts QBKv_j, and issues QKMC2;QKMC2 decrypt respectively and obtain QBKu_i and
Then QBKv_j generates session key R, and R ⊕ QBKu_i and R ⊕ QBKv_j is respectively issued to U and V, U and V are decrypted respectively
Session key to R and using R as the secondary communication.
(3) embodiment of tactful (B-1) is (such as in Fig. 5, it is assumed that U and QKD_D2 is bound, and V and QKD_E1 is bound, QKD_D2
Effective most short chain road between QKD_E1 provides the secondary service by QKMC, QKMC, and communication process is as shown in Figure 8):QKD_D2
QBKu_i encryptions are relayed to QKMC by QKD_D1;QKD_E1 uses the quantum key QK_E1 shared with QKMC to encrypt QBKv_
J, and issue QKMC;QKMC decrypts and obtains QBKu_i and QBKv_j respectively, then generates session key R, and handleWithIt is respectively issued to U and V, U and V are decrypted respectively obtains R and using R as the secondary communication
Session key.
(4) embodiment of tactful (B-2) is (such as in Fig. 5, it is assumed that U and QKD_A4 is bound, and V and QKD_B2 is bound, QKD_A4
QKMC2 is specified to provide the secondary service, communication process such as Fig. 9 institutes by QKMC2, QKMC in effective most short chain road between QKD_B2
Show):QBKu_i encryptions are relayed to QKMC2 by QKD_A4 by QKD_B1;QKD_B2 uses the quantum key shared with QKMC2
QK_B2 encrypts QBKv_j, and issues QKMC2;QKMC2 decrypts and obtains QBKu_i and QBKv_j respectively, and it is close then to generate session
Key R, and handleWithIt is respectively issued to U and V, U and V are decrypted respectively to be obtained R and be used as using R to be somebody's turn to do
The session key of secondary communication.
(5) tactful (B-3) embodiment (such as in Fig. 5, it is assumed that caller U and QKD_A1 is bound, and V and QKD_B2 is bound,
QKMC specifies QKMC1 to provide the secondary service, as shown in Figure 10):QKD_B2 is relayed to QBKv_j encryptions by QKMC2, QKD_A
QKMC1;QKD_A1 uses the quantum key QK_A1 encryptions QBKu_i shared with QKMC1 to issue QKMC1;QKMC1 is decrypted simultaneously respectively
QBKu_i and QBKv_j are obtained, session key R, and handle are then generatedWithIt is respectively issued to U
And V, U and V are decrypted obtain R and the session key using R as the secondary communication respectively.
(6) tactful (B-4) embodiment (such as in Fig. 5, it is assumed that caller U and QKD_A1 is bound, and V and QKD_D1 is bound,
QKMC specifies QKMC1 to provide the secondary service, as shown in figure 11):QBKv_j encryptions are relayed to QKMC1 by QKD_D1 by QKMC;
QKD_A1 uses the quantum key QK_A1 encryptions QBKu_i shared with QKMC1 to issue QKMC1;QKMC1 is decrypted and is obtained respectively
Then QBKu_i and QBKv_j generates session key R, and handleWithIt is respectively issued to U and V, U
It is decrypted respectively with V and obtains R and the session key using R as the secondary communication.
(7) tactful (B-5) embodiment (such as in Fig. 5, it is assumed that caller U and QKD_D1 is bound, and V and QKD_A1 is bound,
QKMC specifies QKMC1 to provide the secondary service, as shown in figure 12):QBKu_j encryptions are relayed to QKMC1 by QKD_D1 by QKMC;
QKD_A1 uses the quantum key QK_A1 encryptions QBKv_i shared with QKMC1 to issue QKMC1;QKMC1 is decrypted and is obtained respectively
Then QBKu_i and QBKv_j generates session key R, and handleWithIt is respectively issued to U and V, U
It is decrypted respectively with V and obtains R and the session key using R as the secondary communication.
(8) tactful (B-6) embodiment (such as in Fig. 5, it is assumed that caller U and QKD_A1 is bound, and V and QKD_E3 is bound,
QKMC specifies QKMC1 to provide the secondary service, as shown in figure 13):QKD_E3 adds QBKv_j by QKMC4, QKD_E1 and QKMC
It is close to be relayed to QKMC1;QKD_A1 uses the quantum key QK_A1 encryptions QBKu_i shared with QKMC1 to issue QKMC1;QKMC1 points
QBKu_i and QBKv_j are not decrypted and obtained, then generate session key R, and handleWithPoint
U and V are not issued, and U and V are decrypted respectively obtains R and the session key using R as the secondary communication.
(9) embodiment of tactful (C) is (such as in Fig. 5, it is assumed that U and QKD_A4 is bound, and V and QKD_B3 is bound, communication process
As shown in figure 14):QKMC calculates separately (this chain road of shortest path 1 between connection QKD_A4, QKMC1 and QKD_B3 first
Totally 8 nodes), shortest path 2 between QKD_A4, QKMC2 and QKD_B3 (this chain road totally 5 nodes), shortest path 2 is most
Excellent, QKMC specifies QKMC2 to provide the secondary service.QBKu_i encryptions are relayed to QKMC2 by QKD_A4 by QKD_B1;QKD_B3 is logical
It crosses QKD_B2 and QBKv_i encryptions is relayed to QKMC2;QKMC2 decrypts and obtains QBKu_i and QBKv_j respectively, then generates meeting
Talk about key R, and handle WithIt is respectively issued to U and V, U and V are decrypted respectively to be obtained R and made using R
For the session key of the secondary communication.
Claims (10)
1. a kind of flexible quantum safety moving communication means, it is characterised in that:Include the following steps:
Step 1: mobile terminal login network access, QKD node applications obtain QBK and establish service binding relation list;
Step 2: mobile terminal applies for that session key, the branch centers QKMC or QKMC are searched mobile whole to the branch centers QKMC or QKMC
The bound QKD nodes in end, and send service order to QKD nodes;
Step 3: the quantum key shared with the branch centers QKMC or QKMC is respectively adopted in QKD nodes, bound mobile terminal is encrypted
QBK sub-keys, and obtained encryption data is issued the branch centers QKMC or QKMC;
Step 4: the branch centers QKMC or QKMC decrypt to obtain the sub-key of the QBK of the mobile terminal bound in QKD nodes, and produce
Then raw session key R is utilized respectively after each sub-key encryption R and issues corresponding mobile terminal;Each mobile terminal solves respectively
It is close to obtain R, the session key as this communication;
Step 5: each QKD nodes and its mobile terminal of binding, the branch centers QKMC or QKMC delete used cipher key number respectively
According to, and service binding relation list is updated, each QKD node updates node status information.
2. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:Described in step 1
The mobile terminal login network access and process that service binding relationship is established with QKD nodes includes:
(1) just proximad a QKD node application networks mobile terminal, obtains unique quantum ID number, master key and identity and recognizes
Demonstrate,prove key;
(2) mobile terminal is to QKD node applications QBK;
(3) QKD nodes are that mobile terminal injects QBK, and creates the service binding relation list between mobile terminal:It is mobile whole
The quantum ID number at end, the surplus with the addresss of node binding relationship QKD, quantum foundation key;
(4) and then the log-on message for the mobile terminal being collected into is utilized the QKD nodes and the branch centers QKMC or QKMC by QKD nodes
Between shared quantum key encryption after issue the branch centers QKMC or QKMC.
3. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:The QBK is
The random number generated using quantum random number generator, the random number can be divided into multiple sub-keys.
4. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:The QKMC or
The branch centers QKMC are made of QKD nodes, quantum network management system and quantum key management and service system, the QKMC or
Distribution situation of the branch centers QKMC based on QKD nodes current state and its in a network, according to quantum network management strategy towards
The whole network uniformly provides quantum network management, quantum key management and session key distribution;The quantum network management strategy includes:
(a) for the multi-layer QKD networks of tree topology, using its root node as QKMC, using crucial child node as
The branch centers QKMC;(b) for the QKD networks of irregular topology structure, using the core node of QKD networks as QKMC, region
The core node of subnet is as the branch centers QKMC.
5. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:The QKD sections
Point current state index include:
(1) reflect the index of the heavy state for the business cipher key generation task that the node is currently born, which is one
The index of quantization, including:
The specified business cipher key generating rate of (1-1) node;
(1-2) node is being currently that how many groups of secure traffics generate business cipher key;
Currently also how many business cipher key amount is to be generated in total for (1-3) node;
(1-4) is designated in the business cipher key generated by the node, and each group business cipher key actually generates rate and wear rate;
(1-5) is designated in the business cipher key generated by the node, the generation quantity of each group business cipher key and quantity consumed;
(2) reflect the index for the location status that the node is presently in quantum key distribution network, which is one
The index of a quantization, including:
Possess quantum channel between (2-1) node and other how many a nodes, shared key can be generated;
Hop count between (2-2) node and other nodes;
(3) one or several arbitrary combination more than in 7 state indexs.
6. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:In session key
Involved quantum key repeated link includes at least the branch centers QKMC bound in QKMC, calling mobile terminal in negotiations process
Or one in the branch centers QKMC bound in called mobile terminal.
7. a kind of flexible quantum safety moving communication means according to claim 6, it is characterised in that:For caller and
The case where QKD nodes bound in called mobile terminal are all directly bound QKMC, directly provides service by QKMC;For caller and
The case where QKD nodes bound in called mobile terminal belong to a branch center QKMC directly specifies the branch centers QKMC to carry
For service.
8. a kind of flexible quantum safety moving communication means according to claim 6, it is characterised in that:For caller and
The case where QKMC being directly bound when QKD node differences bound in called mobile terminal, and being not belonging to the same branch centers QKMC:
(1) if effective most short chain road between QKD nodes bound in caller and called mobile terminal by QKMC but does not pass through
In the case of the branch centers QKMC bound in caller and called mobile terminal, then the secondary service is provided by QKMC;
(2) if effective most short chain road between QKD nodes bound in caller and called mobile terminal is only by bound in one
The branch centers QKMC but not by QKMC in the case of, then directly by the branch centers QKMC provide service;
(3) if effective most short chain road between QKD nodes bound in caller and called mobile terminal simultaneously by caller and by
Cry the branch centers QKMC bound in mobile terminal but not by QKMC in the case of, then QKMC is preferentially specified and calling mobile terminal
The affiliated branch centers QKMC provide the secondary service;
(4) if effective most short chain road between QKD nodes bound in caller and called mobile terminal passes through QKMC and caller moves
Branch centers QKMC bound in dynamic terminal but not by the branch centers QKMC bound in called mobile terminal in the case of, then by leading
The branch centers QKMC bound in mobile terminal are made to provide the secondary service;
(5) if effective most short chain road between QKD nodes bound in caller and called mobile terminal passes through QKMC and called moves
Branch centers QKMC bound in dynamic terminal but not by the branch centers QKMC bound in calling mobile terminal in the case of, then by quilt
The branch centers QKMC bound in mobile terminal are made to provide the secondary service;
(6) if effective most short chain road between QKD nodes bound in caller and called mobile terminal by QKMC, caller and by
In the case of crying the branch centers QKMC bound in mobile terminal, then being provided by the branch centers QKMC bound in calling mobile terminal should
Secondary service.
9. a kind of flexible quantum safety moving communication means according to claim 6, it is characterised in that:For caller and
QKD nodes bound in called mobile terminal are neither directly bound QKMC simultaneously, are also not belonging to the same branch centers QKMC, and have
Imitate shortest path neither by QKMC nor by branch centers QKMC bound in caller and called mobile terminal when, wherein:It is main
It is QKD_A to be QKD nodes bound in mobile terminal, and the QKD nodes bound in called mobile terminal are QKD_B, then QKMC into
The following operation of row:
(a) branch centers QKMC belonging to connection QKD_A, QKD_A and the shortest path 1 between QKD_B are calculated;
(b) branch centers QKMC belonging to connection QKD_A, QKD_B and the shortest path 2 between QKD_B are calculated;
(c) compare shortest path 1 and shortest path 2, if shortest path 1 is optimal, just the QKMC belonging to specified QKD_A divides
Center provides the secondary service;Otherwise, then just the branch centers QKMC belonging to specified QKD_B provide the secondary service.
10. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:The service
The content of instruction includes:The quantum ID number of caller or called mobile terminal and there is binding relationship with the mobile terminal
The addresss of node QKD.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810132408.2A CN108462573B (en) | 2018-02-09 | 2018-02-09 | Flexible quantum secure mobile communication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810132408.2A CN108462573B (en) | 2018-02-09 | 2018-02-09 | Flexible quantum secure mobile communication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108462573A true CN108462573A (en) | 2018-08-28 |
CN108462573B CN108462573B (en) | 2020-10-23 |
Family
ID=63239907
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810132408.2A Active CN108462573B (en) | 2018-02-09 | 2018-02-09 | Flexible quantum secure mobile communication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108462573B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005034A (en) * | 2018-09-19 | 2018-12-14 | 北京邮电大学 | A kind of multi-tenant quantum key Supply Method and device |
CN110381011A (en) * | 2018-12-04 | 2019-10-25 | 天津京东深拓机器人科技有限公司 | A kind of method and apparatus for realizing logistics equipment secure communication |
CN111277549A (en) * | 2018-12-05 | 2020-06-12 | 杭州希戈科技有限公司 | Security service method and system adopting block chain |
CN111342952A (en) * | 2018-12-18 | 2020-06-26 | 杭州希戈科技有限公司 | Safe and efficient quantum key service method and system |
CN111431703A (en) * | 2020-03-02 | 2020-07-17 | 哈尔滨工业大学 | Hybrid QKD network system based on QKD protocol classification |
CN111934871A (en) * | 2020-09-23 | 2020-11-13 | 南京易科腾信息技术有限公司 | Quantum key management service core network, system and quantum key negotiation method |
CN112737781A (en) * | 2021-03-29 | 2021-04-30 | 南京易科腾信息技术有限公司 | Quantum key management service method, system and storage medium |
CN113098872A (en) * | 2021-04-02 | 2021-07-09 | 山东量子科学技术研究院有限公司 | IP telephone and mobile terminal encryption communication system and method based on quantum network and convergence gateway |
CN116527259A (en) * | 2023-07-03 | 2023-08-01 | 中电信量子科技有限公司 | Cross-domain identity authentication method and system based on quantum key distribution network |
CN116684093A (en) * | 2023-08-02 | 2023-09-01 | 中电信量子科技有限公司 | Identity authentication and key exchange method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010064003A1 (en) * | 2008-12-05 | 2010-06-10 | Qinetiq Limited | Method of establishing a quantum key for use between network nodes |
CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
CN202121593U (en) * | 2011-07-01 | 2012-01-18 | 安徽量子通信技术有限公司 | Mobile encryption system based on quantum key distribution network |
CN104243143A (en) * | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | Mobile secret communication method based on quantum key distribution network |
CN107453869A (en) * | 2017-09-01 | 2017-12-08 | 中国电子科技集团公司第三十研究所 | A kind of method for the IPSecVPN for realizing quantum safety |
-
2018
- 2018-02-09 CN CN201810132408.2A patent/CN108462573B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010064003A1 (en) * | 2008-12-05 | 2010-06-10 | Qinetiq Limited | Method of establishing a quantum key for use between network nodes |
CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
CN202121593U (en) * | 2011-07-01 | 2012-01-18 | 安徽量子通信技术有限公司 | Mobile encryption system based on quantum key distribution network |
CN104243143A (en) * | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | Mobile secret communication method based on quantum key distribution network |
CN106972922A (en) * | 2013-06-08 | 2017-07-21 | 科大国盾量子技术股份有限公司 | A kind of mobile secret communication method based on quantum key distribution network |
CN107453869A (en) * | 2017-09-01 | 2017-12-08 | 中国电子科技集团公司第三十研究所 | A kind of method for the IPSecVPN for realizing quantum safety |
Non-Patent Citations (2)
Title |
---|
刘晓慧: ""多用户量子通信方案及协议研究"", 《中国博士学位论文全文数据库信息科技辑》 * |
徐兵杰等: ""量子通信技术发展现状及面临的问题研究"", 《通信技术》 * |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005034A (en) * | 2018-09-19 | 2018-12-14 | 北京邮电大学 | A kind of multi-tenant quantum key Supply Method and device |
CN109005034B (en) * | 2018-09-19 | 2020-10-02 | 北京邮电大学 | Multi-tenant quantum key supply method and device |
CN110381011A (en) * | 2018-12-04 | 2019-10-25 | 天津京东深拓机器人科技有限公司 | A kind of method and apparatus for realizing logistics equipment secure communication |
CN111277549B (en) * | 2018-12-05 | 2022-05-03 | 杭州希戈科技有限公司 | Security service method and system adopting block chain |
CN111277549A (en) * | 2018-12-05 | 2020-06-12 | 杭州希戈科技有限公司 | Security service method and system adopting block chain |
CN111342952A (en) * | 2018-12-18 | 2020-06-26 | 杭州希戈科技有限公司 | Safe and efficient quantum key service method and system |
CN111342952B (en) * | 2018-12-18 | 2022-12-09 | 杭州希戈科技有限公司 | Safe and efficient quantum key service method and system |
CN111431703A (en) * | 2020-03-02 | 2020-07-17 | 哈尔滨工业大学 | Hybrid QKD network system based on QKD protocol classification |
CN111431703B (en) * | 2020-03-02 | 2022-10-25 | 哈尔滨工业大学 | Hybrid QKD network system based on QKD protocol classification |
CN111934871A (en) * | 2020-09-23 | 2020-11-13 | 南京易科腾信息技术有限公司 | Quantum key management service core network, system and quantum key negotiation method |
CN112737781B (en) * | 2021-03-29 | 2021-06-18 | 南京易科腾信息技术有限公司 | Quantum key management service method, system and storage medium |
CN112737781A (en) * | 2021-03-29 | 2021-04-30 | 南京易科腾信息技术有限公司 | Quantum key management service method, system and storage medium |
CN113098872A (en) * | 2021-04-02 | 2021-07-09 | 山东量子科学技术研究院有限公司 | IP telephone and mobile terminal encryption communication system and method based on quantum network and convergence gateway |
CN116527259A (en) * | 2023-07-03 | 2023-08-01 | 中电信量子科技有限公司 | Cross-domain identity authentication method and system based on quantum key distribution network |
CN116527259B (en) * | 2023-07-03 | 2023-09-19 | 中电信量子科技有限公司 | Cross-domain identity authentication method and system based on quantum key distribution network |
CN116684093A (en) * | 2023-08-02 | 2023-09-01 | 中电信量子科技有限公司 | Identity authentication and key exchange method and system |
CN116684093B (en) * | 2023-08-02 | 2023-10-31 | 中电信量子科技有限公司 | Identity authentication and key exchange method and system |
Also Published As
Publication number | Publication date |
---|---|
CN108462573B (en) | 2020-10-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108462573A (en) | A kind of flexible quantum safety moving communication means | |
CN109767220B (en) | Block chain based transaction method and block chain based transaction system | |
CN106972922B (en) | A kind of mobile secret communication method based on quantum key distribution network | |
CN106357396B (en) | Digital signature method and system and quantum key card | |
CN109995513A (en) | A kind of quantum key Information Mobile Service method of low latency | |
CN107040378A (en) | A kind of key dispatching system and method based on Multi-user Remote Communication | |
CN109995514A (en) | A kind of safe and efficient quantum key Information Mobile Service method | |
CN107317789A (en) | Key distribution, authentication method, apparatus and system | |
CN107094076B (en) | Secret communication method based on quantum true random number and communication system | |
CN109787763A (en) | A kind of Mobile Authentication method, system, terminal and storage medium based on quantum key | |
CN106411525A (en) | Message authentication method and system | |
CN203912078U (en) | Quantum safety video conference system | |
CN103763099A (en) | Electric power security communication network based on quantum key distribution technology | |
CN108540436B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on quantum network | |
CN109995511A (en) | A kind of mobile secret communication method based on quantum key distribution network | |
CN111277404B (en) | Method for realizing quantum communication service block chain | |
CN108510270A (en) | A kind of move and transfer accounts method of quantum safety | |
CN106878528A (en) | A kind of disturbance incoming call SMS interception method and system based on block chain technology | |
CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
CN109842485A (en) | A kind of quantum key service network system having center | |
CN101170404B (en) | Method for secret key configuration based on specified group | |
CN108965338A (en) | The method of three factor authentications and key agreement under environment of multi-server | |
CN106533656B (en) | A kind of key multilayer mixing method for encryption/decryption based on WSN | |
WO2012024906A1 (en) | Mobile communication system and voice call encryption method thereof | |
CN111342952B (en) | Safe and efficient quantum key service method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |