CN108462573A - A kind of flexible quantum safety moving communication means - Google Patents

A kind of flexible quantum safety moving communication means Download PDF

Info

Publication number
CN108462573A
CN108462573A CN201810132408.2A CN201810132408A CN108462573A CN 108462573 A CN108462573 A CN 108462573A CN 201810132408 A CN201810132408 A CN 201810132408A CN 108462573 A CN108462573 A CN 108462573A
Authority
CN
China
Prior art keywords
qkmc
qkd
mobile terminal
key
bound
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810132408.2A
Other languages
Chinese (zh)
Other versions
CN108462573B (en
Inventor
徐兵杰
陈晖�
黄伟
何远杭
樊矾
杨杰
刘金璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN201810132408.2A priority Critical patent/CN108462573B/en
Publication of CN108462573A publication Critical patent/CN108462573A/en
Application granted granted Critical
Publication of CN108462573B publication Critical patent/CN108462573B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Abstract

The invention discloses a kind of flexible quantum safety moving communication means, QKD nodes provide the injection service of quantum foundation key for mobile terminal, negotiate quantum key by QKD networks between QKD nodes and QKMC;QKMC distributes session key between two or more mobile terminals;Including registration process and online negotiation session key process.The present invention has more flexible quantum key service and way to manage:Quantum key service can be obtained in any QKD nodes after the sub- foundation key of a mobile terminal shot, can again be filled in any one QKD node after being finished, access;The overall process of acquisition for mobile terminal session key is quantum safety, needs to compare with higher safety using the key distribution scheme of the mobile application of traditional secrete key Negotiation Technology with other;Generation and negotiation that quantum key administrative center unifies management and control user conversation key are introduced, the management with higher efficiency and Life cycle.

Description

A kind of flexible quantum safety moving communication means
Technical field
The present invention relates to a kind of flexible quantum safety moving communication means.
Background technology
Under the background of cyberspace safe practice fast development, under the excitation of national related industry policy, with quantum Quantum communications based on the deployment of encryption key distribution (Quantum Key Distribution, QKD) network and application system construction Industry has stepped into fast-developing period.QKD is based on principle of quantum mechanics, is so far uniquely by the close of Strict Proof unconditional security The key method of salary distribution.QKD combines " one-time pad " Encryption Algorithm, can fundamentally solve the safety issue of data transmission, has There is important actual application value.
With the fast development of mobile Internet, mobile interchange and mobile office have become main trend.At the same time, mobile The security challenge of application is more severe.Enterprise and research institution in domestic quantum communications field are all in positive cloth quant safety With the technology and patent that mobile application is combined, and focus development quantum safety moving application system.The movement of quantum safety is answered With one of the important directions for having become QKD applications.
Currently, carrying out the realization method of the mobile secret communication application amount of being mostly using the quantum key that QKD networks generate Sub-key relays or ciphertext trunking scheme, there is a problem of being not easy to unified management and control and safety it is less perfect (for example, quantum is close Key is not have quantum safety using conventional cipher encryption forwarding mostly from QKD network to mobile terminal).
Invention content
In order to overcome the disadvantages mentioned above of the prior art, the present invention provides a kind of flexible quantum safety moving communication parties Method, it is intended to solve the problems, such as the unified management and control of quantum key in the communication of quantum safety moving, mobile terminal access sex chromosome mosaicism With the safety issue of mobile application.
The technical solution adopted by the present invention to solve the technical problems is:A kind of flexible quantum safety moving communication party Method includes the following steps:
Step 1: mobile terminal login network access, QKD node applications obtain QBK and establish service binding relation list;
Step 2: mobile terminal applies for session key to the branch centers QKMC or QKMC, the branch centers QKMC or QKMC, which are searched, to be moved QKD nodes bound in dynamic terminal, and send service order to QKD nodes;
Step 3: the quantum key shared with the branch centers QKMC or QKMC is respectively adopted in QKD nodes, encrypt bound mobile The QBK sub-keys of terminal, and obtained encryption data is issued the branch centers QKMC or QKMC;
Step 4: the branch centers QKMC or QKMC decrypt to obtain the sub-key of the QBK of the mobile terminal bound in QKD nodes, And session key R is generated, be then utilized respectively after each sub-key encryption R and issues corresponding mobile terminal;Each mobile terminal point R Xie Mi not be obtained, the session key as this communication;
Step 5: each QKD nodes and its mobile terminal of binding, the branch centers QKMC or QKMC delete respectively it is used close Key data, and service binding relation list is updated, each QKD node updates node status information.
Compared with prior art, the positive effect of the present invention is:
The present invention has more flexible quantum key service and way to manage, and with the notable innovation of following three aspects Property:
(1) quantum key service can be obtained in any QKD nodes after the sub- foundation key of a mobile terminal shot, used It can again be filled in any one QKD node after complete, access;
(2) overall process of acquisition for mobile terminal session key is quantum safety, needs to assist using traditional secrete key with other The key distribution scheme of the mobile application of quotient's technology, which is compared, has higher safety;
(3) generation and negotiation that quantum key administrative center unifies management and control user conversation key are introduced, is had more efficient The management of rate and Life cycle.
Description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is the registration process schematic diagram of the method for the present invention;
Fig. 2 is the online negotiation session key process schematic of the method for the present invention;
Fig. 3 is the communication process schematic diagram of the method for the present invention;
Fig. 4 is the group communication schematic diagram of the method for the present invention;
Fig. 5 is QKD nodes connection relationship diagram different from QKMC's in the method for the present invention;
Fig. 6 is the communication process schematic diagram of embodiment one;
Fig. 7 is the communication process schematic diagram of embodiment two;
Fig. 8 is the communication process schematic diagram of embodiment three;
Fig. 9 is the communication process schematic diagram of example IV;
Figure 10 is the communication process schematic diagram of embodiment five;
Figure 11 is the communication process schematic diagram of embodiment six;
Figure 12 is the communication process schematic diagram of embodiment seven;
Figure 13 is the communication process schematic diagram of embodiment eight;
Figure 14 is the communication process schematic diagram of embodiment nine.
Specific implementation mode
One, system of the invention composition
A kind of mobile secret signalling of quantum safety proposed by the present invention includes that QKD nodes, mobile terminal, quantum are close Key administrative center (Quantum Key Management Center, QKMC) and the branch centers QKMC, wherein:
(1) QKD nodes, be made of the transmitting terminal of one or more quantum key dispatching systems and receiving terminal (including but not It is limited to the end access node and relay node of QKD networks), quantum-key distribution service is provided;Each QKD nodes can with deposit Available link other QKD nodes negotiate quantum key, can also with there are the QKMC of available link negotiate quantum key; The main function of QKD nodes includes but not limited to:(a) it is that registration mobile terminal distributes quantum ID number;(b) it is carried for mobile terminal For quantum foundation key inject service, and create the service binding relation list between mobile terminal and the QKD nodes (including but It is not limited to the quantum ID number of mobile terminal, the surplus with the addresss of node binding relationship QKD, quantum foundation key);(c) To the upload service binding relationship list of the branch centers QKMC or affiliated QKMC;(d) instruction of the branch centers response QKMC or affiliated QKMC, QKD nodes bound in mobile terminal select the son of the sub- foundation key of corresponding amount close according to the quantum ID number of instruction Key, the sub-key issue the branch centers QKMC or affiliated QKMC after quantum key is encrypted.
(2) mobile terminal, including but not limited to smart mobile phone, tablet computer, laptop, vehicle-carried mobile equipment or its It has the software and hardware system of mobile communication function, is the initiator and recipient of communication service.Mobile terminal configuration is permanently deposited Equipment (including but not limited to flash chip and SD card) is stored up, has the hardware module for supporting network access capacity, has and QKD nets Network carries out the ability of information exchange, has the computing capability of processing data encrypting and deciphering.Mobile terminal can connect nearby (including but It is not limited to using USB or NFC interface) QKD nodes, the branch centers QKMC or QKMC, network registration is carried out, and succeeding in registration The sub- foundation key of import volume afterwards;Mobile terminal can according to application demand in multiple sub- foundation keys of QKD nodes amount to obtain, and by QKMC selects optimal service strategy according to QKD network conditions, or by the specified amount obtained in some QKD node using it of user Sub- foundation key.
(3) QKMC is made of QKD nodes, quantum network management system and quantum key management and service system, towards complete Net is unified to provide quantum network management, quantum key management and session key distribution.
QKMC major functions include but not limited to:
(a) it stores, safeguard and inquire the service binding relation list between mobile terminal and corresponding QKD nodes;According to receipts The information arrived judges the legitimacy of associated mobile terminal;
(b) it utilizes and each QKD nodes of network connection real-time collecting between other QKD nodes (or the branch centers QKMC) The status information of (or the branch centers QKMC), and sent to each QKD nodes (or the branch centers QKMC) and carry out quantum key relaying, quantum Key agreement or report some mobile terminal quantum foundation key sub-key instruction;
(c) network connection between each QKD nodes is safeguarded, the current shape of each QKD nodes to participating in session key agreement State index is summarized, and is judged and is specified the QKD nodes for participating in session key agreement;Wherein, QKMC judges and specifies session close The method of QKD nodes that key is negotiated includes but not limited to:QKMC is according to the calling mobile terminal in received solicited message With the relevant information of called mobile terminal, and corresponding binding relationship between QKD nodes and mobile terminal, obtain in this communication Caller QKD node address and called QKD node address;Then inquire again and select caller QKD nodes and called QKD nodes it Between best link.
Selection QKMC elementary tactics include:(a) for the multi-layer QKD networks of tree topology, its root node As QKMC, using crucial child node as the branch centers QKMC;(b) for the QKD networks of irregular topology structure, QKD networks Core node as QKMC, using the core node of region subnet as the branch centers QKMC (and by certain rule in QKMC points The heart is numbered, such as is denoted as QKMC_i).
(4) branch centers QKMC are management node (the typically QKD networks that multiple QKD nodes are directly connected in QKD networks The Centroid of middle region subnet);The branch centers QKMC are under the mandate of QKMC for bound in the QKD nodes specified by the mandate Mobile terminal provides session key distribution service.
Two, basic skills
For convenience, key involved in the present invention program is illustrated first, it is involved in the present invention program And key include mainly:
(1) quantum foundation key (Quantum Basic Key, QBK):It is shared between QKD nodes and mobile terminal QBK is to be generated by QKD nodes and imported the true random number of mobile terminal (including but not limited to by quantum random number generator etc. The random number sequence that physical noise source generates);Each secret communication is required for a part for the sub- foundation key of usage amount as son Key, the sub-key are used for consult session key, use primary i.e. deletion;It is mobile whole after quantum foundation key is used up End selects a QKD node to fill (including but not limited to USB and NFC interface is used to be filled) again nearby.
(2) quantum key (Quantum Key, QK):Between QKD nodes and QKMC share quantum key, or with it is other The quantum key shared between QKD nodes, the QKD links by connecting QKD nodes and QKMC (or other QKD nodes) generate (logical Cross QKD networks allocate in advance or the quantum key of negotiated in real time);The quantum key is deleted using primary.
(3) session key (being denoted as R below):Session key between mobile terminal is produced based on the branch centers QKMC or QKMC Raw true random number (including but not limited to the random number generated by the physical noises such as quantum random number generator source) is made, And issue mobile terminal after the sub-key encryption of the sub- foundation key of usage amount;The key is deleted using primary, after use again Negotiate.
(4) master key (being denoted as MK below):The master key of mobile terminal is to be generated by QKD nodes or QKMC and inject movement The key for device authentication of terminal.
(5) authentication key (being denoted as AK below):The authentication key of mobile terminal is produced by QKD nodes or QKMC Give birth to and inject the key for differentiating user's identity of mobile terminal.
The basic principle of the method for the present invention:
QKD nodes provide the injection service of quantum foundation key for mobile terminal, pass through QKD nets between QKD nodes and QKMC Network negotiates quantum key;Quantum key between quantum foundation key based on mobile terminal and QKMC and QKD nodes, QKMC are Session key is distributed between two or more mobile terminals.
The method of the present invention includes registration process (as shown in Figure 1) and online negotiation session key process (as shown in Figure 2), Specifically include following steps (communication process is as shown in Figure 3).(being illustrated below for the communication between two mobile terminals):
Registration process:
Step 1: just proximad a QKD node application networks mobile terminal, unique quantum ID number, master key are obtained With authentication key (flow 1 in such as Fig. 1);
Step 2: mobile terminal to the sub- foundation key of QKD node applications (user according in certain period of time voice, The communication requirements application injection rate such as video, data, such as the main business of certain user is enciphoring voice telecommunication, and in one month General 10 hours of enciphoring voice telecommunication time, then once injection 300Mb just substantially meet the demand in one month.Using 8Kb/ The speech encoding rate of s encrypts vocoded data, 10 hours random keys for needing 288Mb using " one-time pad " mode) (flow 2 in such as Fig. 1);
Step 3: QKD nodes (include but not limited to that service binding relationship arranges the log-on message for the mobile terminal being collected into Table and authentication key) using between the QKD nodes and QKMC (or the branch centers QKMC) shared quantum key encrypt after send out Give QKMC (or the branch centers QKMC) (flow 3 in such as Fig. 1);If do not had between the QKD nodes and QKMC (or the branch centers QKMC) There is shared quantum key, then needs to negotiate to share quantum key first.
Online negotiation session key process:
Step 1: as shown in Fig. 2, when mobile terminal U and mobile terminal V need communication, initiator U is to QKMC (or QKMC Branch center) ask the session key (flow 1 in Fig. 2) communicated with V;QKMC (or the branch centers QKMC) carries out identity to U first Certification searches corresponding service binding relation list and its bound QKD by the quantum ID number according to U and V after certification Node (the flow 2 in Fig. 2, it is assumed that be QKD_A and QKD_B, U to the sub- foundation key QBKu of QKD_A applications and has been divided into Multiple sub-key QBKu_i, i=0,1,2 ...;V is to the sub- foundation key QBKv of QKD_B applications and to be divided into multiple sons close Key QBKv_j, j=0,1,2 ...);QKMC (or the branch centers QKMC) sends service order to QKD_A and QKD_B respectively;QKD_A QBKu_i is encrypted using shared with QKMC (or the branch centers QKMC) quantum key QK_A, and issue QKMC (or branch centers QKMC, Flow 3 in Fig. 2);QKD_B encrypts QBKv_j using the quantum key QK_B shared with QKMC (or the branch centers QKMC), concurrently Give QKMC (or branch centers QKMC, the flow 3 in Fig. 2);QKMC (or the branch centers QKMC) decrypt respectively and obtain QBKu_i and Then QBKv_j generates session key R, and handleWith(It is XOR operation) it is respectively issued to U and V (flow 4 in Fig. 2), U and V are decrypted respectively obtains R and the session key (flow in Fig. 2 using R as the secondary communication 5)。
Step 2: U, V, QKMC (or the branch centers QKMC), QKD_A and QKD_B delete used key data respectively, and Service binding relation list is updated, each node updates node status information (includes but not limited to the link between adjacent node State, shared key surplus).
For n (n>2) a user carries out the case where group communication (U1, U2 ... as shown in Figure 4, Un), it is assumed that initiator The cluster conversation key that U1 is asked to QKMC and U2 ..., Un are communicated, QKMC is respectively according to U1, U2 ..., the quantum ID number of Un Search corresponding service binding relation list and its m bound QKD node (it is assumed that QKD_A1 ..., QKD_Am);QKMC Respectively to QKD_A1 ..., QKD_Am send service order;QKD_A1 ..., QKD_Am be respectively adopted with QKMC share quantum it is close Key encrypts the sub-key of the quantum foundation key of bound application terminal and issues QKMC;QKMC decrypt and obtain respectively U1, The sub-key of U2 ..., Un;Then session key R is generated, and is utilized respectively U1, U2 ..., the sub-key of Un encrypts R and distinguish Issue U1, U2 ..., Un;U1, U2 ..., Un are decrypted obtain R respectively, and the cluster conversation key using R as the secondary communication.
For the connection relation different from QKMC's of QKD nodes in the method for the present invention, following several allusion quotations have also been devised in the present invention The application extension method of type is (as shown in Figure 5, it should be noted that the application extension method of the method for the present invention includes but not limited to Following several methods).
The elementary tactics of application extension:
All callers in the present invention and the session key agreement between called mobile terminal all by QKMC, caller or are called The branch centers QKMC bound in mobile terminal prepare and distribution.Therefore, quantum involved during session key agreement is close Key repeated link includes at least bound in the branch centers QKMC or called mobile terminal bound in QKMC, calling mobile terminal One in the branch centers QKMC.Under the premise of herein, it is specifically including but not limited to following strategy:
(1) strategy A
(A-1) the case where QKMC being directly bound for the QKD nodes bound in caller and called mobile terminal, directly by QKMC provides service;
(A-2) a case where branch center QKMC being belonged to for the QKD nodes bound in caller and called mobile terminal, Directly the branch centers QKMC is specified to provide service.
It is directly bound when different for the QKD nodes (such as QKD_A and QKD_B) bound in caller and called mobile terminal QKMC, and the case where be not belonging to the same branch centers QKMC, using following strategy:
(2) (effective shortest path is at least through a QKMC bound in QKMC, caller or called mobile terminal by strategy B Branch center):
(B-1) effective most short chain road between the QKD nodes bound in caller and called mobile terminal is (i.e. actually available Most short chain road) by QKMC but not by the branch centers QKMC bound in caller and called mobile terminal in the case of, by QKMC The secondary service is provided;
(B-2) effective most short chain road between the QKD nodes bound in caller and called mobile terminal only passes through an institute In the case of the branch centers QKMC (but not passing through QKMC) of binding, directly service is provided by the branch centers QKMC;
(B-3) effective most short chain road between the QKD nodes bound in caller and called mobile terminal passes through caller simultaneously In the case of the branch centers QKMC (but not passing through QKMC) bound in called mobile terminal, QKMC is preferentially specified to be moved with caller The branch centers QKMC belonging to terminal provide the secondary service;
(B-4) effective most short chain road between the QKD nodes bound in caller and called mobile terminal passes through QKMC and master Cry the branch centers QKMC bound in mobile terminal but not by the branch centers QKMC bound in called mobile terminal in the case of, by The branch centers QKMC bound in calling mobile terminal provide the secondary service;
(B-5) effective most short chain road between the QKD nodes bound in caller and called mobile terminal by QKMC and by Cry the branch centers QKMC bound in mobile terminal but not by the branch centers QKMC bound in calling mobile terminal in the case of, by The branch centers QKMC bound in called mobile terminal provide the secondary service;
(B-6) effective most short chain road between the QKD nodes bound in caller and called mobile terminal passes through QKMC, caller In the case of the branch centers QKMC bound in called mobile terminal, provided by the branch centers QKMC bound in calling mobile terminal The secondary service.
(3) (effective shortest path is neither by QKMC nor by bound in caller and called mobile terminal by strategy C The branch centers QKMC)
QKMC is proceeded as follows:
(a) branch centers QKMC belonging to connection QKD_A, QKD_A and the shortest path 1 between QKD_B are calculated;
(b) branch centers QKMC belonging to connection QKD_A, QKD_B and the shortest path 2 between QKD_B are calculated;
(c) compare shortest path 1 and shortest path 2, if shortest path 1 is optimal, just belonging to specified QKD_A The branch centers QKMC provide the secondary service;Otherwise, then just the branch centers QKMC belonging to specified QKD_B provide the secondary service.
According to the above strategy, following several typical application extension methods can be directly obtained:
(1) embodiment of tactful (A-1) is (such as in Fig. 5, it is assumed that U and QKD_C1 is bound, and V and QKD_C2 is bound, and QKMC is straight It connects and this time service is provided):QKD_C1 uses the quantum key QK_C1 shared with QKMC to encrypt QBKu_i, and issues QKMC;QKD_ C2 uses the quantum key QK_C2 shared with QKMC to encrypt QBKv_j, and issues QKMC;QKMC is decrypted and is obtained QBKu_i respectively And QBKv_j, then generate session key R, and handleWith(It is XOR operation) it sends out respectively To U and V, U and V are decrypted and are obtained R and (utilize R encrypting plaintext P, agreement flow as the session key of the secondary communication using R respectively As shown in Figure 6).
(2) embodiment of tactful (A-2) is (such as in Fig. 5, it is assumed that U and QKD_B1 is bound, and V and QKD_B2 is bound, QKD_B1 QKMC2 is specified to provide the secondary service, communication process such as Fig. 7 institutes by QKMC2, QKMC in effective most short chain road between QKD_B2 Show):QKD_B1 uses the quantum key QK_B1 shared with QKMC2 to encrypt QBKu_i, and issues QKMC2;QKD_B2 use with Quantum key QK_B2 shared QKMC2 encrypts QBKv_j, and issues QKMC2;QKMC2 decrypt respectively and obtain QBKu_i and Then QBKv_j generates session key R, and R ⊕ QBKu_i and R ⊕ QBKv_j is respectively issued to U and V, U and V are decrypted respectively Session key to R and using R as the secondary communication.
(3) embodiment of tactful (B-1) is (such as in Fig. 5, it is assumed that U and QKD_D2 is bound, and V and QKD_E1 is bound, QKD_D2 Effective most short chain road between QKD_E1 provides the secondary service by QKMC, QKMC, and communication process is as shown in Figure 8):QKD_D2 QBKu_i encryptions are relayed to QKMC by QKD_D1;QKD_E1 uses the quantum key QK_E1 shared with QKMC to encrypt QBKv_ J, and issue QKMC;QKMC decrypts and obtains QBKu_i and QBKv_j respectively, then generates session key R, and handleWithIt is respectively issued to U and V, U and V are decrypted respectively obtains R and using R as the secondary communication Session key.
(4) embodiment of tactful (B-2) is (such as in Fig. 5, it is assumed that U and QKD_A4 is bound, and V and QKD_B2 is bound, QKD_A4 QKMC2 is specified to provide the secondary service, communication process such as Fig. 9 institutes by QKMC2, QKMC in effective most short chain road between QKD_B2 Show):QBKu_i encryptions are relayed to QKMC2 by QKD_A4 by QKD_B1;QKD_B2 uses the quantum key shared with QKMC2 QK_B2 encrypts QBKv_j, and issues QKMC2;QKMC2 decrypts and obtains QBKu_i and QBKv_j respectively, and it is close then to generate session Key R, and handleWithIt is respectively issued to U and V, U and V are decrypted respectively to be obtained R and be used as using R to be somebody's turn to do The session key of secondary communication.
(5) tactful (B-3) embodiment (such as in Fig. 5, it is assumed that caller U and QKD_A1 is bound, and V and QKD_B2 is bound, QKMC specifies QKMC1 to provide the secondary service, as shown in Figure 10):QKD_B2 is relayed to QBKv_j encryptions by QKMC2, QKD_A QKMC1;QKD_A1 uses the quantum key QK_A1 encryptions QBKu_i shared with QKMC1 to issue QKMC1;QKMC1 is decrypted simultaneously respectively QBKu_i and QBKv_j are obtained, session key R, and handle are then generatedWithIt is respectively issued to U And V, U and V are decrypted obtain R and the session key using R as the secondary communication respectively.
(6) tactful (B-4) embodiment (such as in Fig. 5, it is assumed that caller U and QKD_A1 is bound, and V and QKD_D1 is bound, QKMC specifies QKMC1 to provide the secondary service, as shown in figure 11):QBKv_j encryptions are relayed to QKMC1 by QKD_D1 by QKMC; QKD_A1 uses the quantum key QK_A1 encryptions QBKu_i shared with QKMC1 to issue QKMC1;QKMC1 is decrypted and is obtained respectively Then QBKu_i and QBKv_j generates session key R, and handleWithIt is respectively issued to U and V, U It is decrypted respectively with V and obtains R and the session key using R as the secondary communication.
(7) tactful (B-5) embodiment (such as in Fig. 5, it is assumed that caller U and QKD_D1 is bound, and V and QKD_A1 is bound, QKMC specifies QKMC1 to provide the secondary service, as shown in figure 12):QBKu_j encryptions are relayed to QKMC1 by QKD_D1 by QKMC; QKD_A1 uses the quantum key QK_A1 encryptions QBKv_i shared with QKMC1 to issue QKMC1;QKMC1 is decrypted and is obtained respectively Then QBKu_i and QBKv_j generates session key R, and handleWithIt is respectively issued to U and V, U It is decrypted respectively with V and obtains R and the session key using R as the secondary communication.
(8) tactful (B-6) embodiment (such as in Fig. 5, it is assumed that caller U and QKD_A1 is bound, and V and QKD_E3 is bound, QKMC specifies QKMC1 to provide the secondary service, as shown in figure 13):QKD_E3 adds QBKv_j by QKMC4, QKD_E1 and QKMC It is close to be relayed to QKMC1;QKD_A1 uses the quantum key QK_A1 encryptions QBKu_i shared with QKMC1 to issue QKMC1;QKMC1 points QBKu_i and QBKv_j are not decrypted and obtained, then generate session key R, and handleWithPoint U and V are not issued, and U and V are decrypted respectively obtains R and the session key using R as the secondary communication.
(9) embodiment of tactful (C) is (such as in Fig. 5, it is assumed that U and QKD_A4 is bound, and V and QKD_B3 is bound, communication process As shown in figure 14):QKMC calculates separately (this chain road of shortest path 1 between connection QKD_A4, QKMC1 and QKD_B3 first Totally 8 nodes), shortest path 2 between QKD_A4, QKMC2 and QKD_B3 (this chain road totally 5 nodes), shortest path 2 is most Excellent, QKMC specifies QKMC2 to provide the secondary service.QBKu_i encryptions are relayed to QKMC2 by QKD_A4 by QKD_B1;QKD_B3 is logical It crosses QKD_B2 and QBKv_i encryptions is relayed to QKMC2;QKMC2 decrypts and obtains QBKu_i and QBKv_j respectively, then generates meeting Talk about key R, and handle WithIt is respectively issued to U and V, U and V are decrypted respectively to be obtained R and made using R For the session key of the secondary communication.

Claims (10)

1. a kind of flexible quantum safety moving communication means, it is characterised in that:Include the following steps:
Step 1: mobile terminal login network access, QKD node applications obtain QBK and establish service binding relation list;
Step 2: mobile terminal applies for that session key, the branch centers QKMC or QKMC are searched mobile whole to the branch centers QKMC or QKMC The bound QKD nodes in end, and send service order to QKD nodes;
Step 3: the quantum key shared with the branch centers QKMC or QKMC is respectively adopted in QKD nodes, bound mobile terminal is encrypted QBK sub-keys, and obtained encryption data is issued the branch centers QKMC or QKMC;
Step 4: the branch centers QKMC or QKMC decrypt to obtain the sub-key of the QBK of the mobile terminal bound in QKD nodes, and produce Then raw session key R is utilized respectively after each sub-key encryption R and issues corresponding mobile terminal;Each mobile terminal solves respectively It is close to obtain R, the session key as this communication;
Step 5: each QKD nodes and its mobile terminal of binding, the branch centers QKMC or QKMC delete used cipher key number respectively According to, and service binding relation list is updated, each QKD node updates node status information.
2. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:Described in step 1 The mobile terminal login network access and process that service binding relationship is established with QKD nodes includes:
(1) just proximad a QKD node application networks mobile terminal, obtains unique quantum ID number, master key and identity and recognizes Demonstrate,prove key;
(2) mobile terminal is to QKD node applications QBK;
(3) QKD nodes are that mobile terminal injects QBK, and creates the service binding relation list between mobile terminal:It is mobile whole The quantum ID number at end, the surplus with the addresss of node binding relationship QKD, quantum foundation key;
(4) and then the log-on message for the mobile terminal being collected into is utilized the QKD nodes and the branch centers QKMC or QKMC by QKD nodes Between shared quantum key encryption after issue the branch centers QKMC or QKMC.
3. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:The QBK is The random number generated using quantum random number generator, the random number can be divided into multiple sub-keys.
4. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:The QKMC or The branch centers QKMC are made of QKD nodes, quantum network management system and quantum key management and service system, the QKMC or Distribution situation of the branch centers QKMC based on QKD nodes current state and its in a network, according to quantum network management strategy towards The whole network uniformly provides quantum network management, quantum key management and session key distribution;The quantum network management strategy includes:
(a) for the multi-layer QKD networks of tree topology, using its root node as QKMC, using crucial child node as The branch centers QKMC;(b) for the QKD networks of irregular topology structure, using the core node of QKD networks as QKMC, region The core node of subnet is as the branch centers QKMC.
5. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:The QKD sections Point current state index include:
(1) reflect the index of the heavy state for the business cipher key generation task that the node is currently born, which is one
The index of quantization, including:
The specified business cipher key generating rate of (1-1) node;
(1-2) node is being currently that how many groups of secure traffics generate business cipher key;
Currently also how many business cipher key amount is to be generated in total for (1-3) node;
(1-4) is designated in the business cipher key generated by the node, and each group business cipher key actually generates rate and wear rate;
(1-5) is designated in the business cipher key generated by the node, the generation quantity of each group business cipher key and quantity consumed;
(2) reflect the index for the location status that the node is presently in quantum key distribution network, which is one
The index of a quantization, including:
Possess quantum channel between (2-1) node and other how many a nodes, shared key can be generated;
Hop count between (2-2) node and other nodes;
(3) one or several arbitrary combination more than in 7 state indexs.
6. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:In session key Involved quantum key repeated link includes at least the branch centers QKMC bound in QKMC, calling mobile terminal in negotiations process Or one in the branch centers QKMC bound in called mobile terminal.
7. a kind of flexible quantum safety moving communication means according to claim 6, it is characterised in that:For caller and The case where QKD nodes bound in called mobile terminal are all directly bound QKMC, directly provides service by QKMC;For caller and The case where QKD nodes bound in called mobile terminal belong to a branch center QKMC directly specifies the branch centers QKMC to carry For service.
8. a kind of flexible quantum safety moving communication means according to claim 6, it is characterised in that:For caller and The case where QKMC being directly bound when QKD node differences bound in called mobile terminal, and being not belonging to the same branch centers QKMC:
(1) if effective most short chain road between QKD nodes bound in caller and called mobile terminal by QKMC but does not pass through In the case of the branch centers QKMC bound in caller and called mobile terminal, then the secondary service is provided by QKMC;
(2) if effective most short chain road between QKD nodes bound in caller and called mobile terminal is only by bound in one The branch centers QKMC but not by QKMC in the case of, then directly by the branch centers QKMC provide service;
(3) if effective most short chain road between QKD nodes bound in caller and called mobile terminal simultaneously by caller and by Cry the branch centers QKMC bound in mobile terminal but not by QKMC in the case of, then QKMC is preferentially specified and calling mobile terminal The affiliated branch centers QKMC provide the secondary service;
(4) if effective most short chain road between QKD nodes bound in caller and called mobile terminal passes through QKMC and caller moves Branch centers QKMC bound in dynamic terminal but not by the branch centers QKMC bound in called mobile terminal in the case of, then by leading The branch centers QKMC bound in mobile terminal are made to provide the secondary service;
(5) if effective most short chain road between QKD nodes bound in caller and called mobile terminal passes through QKMC and called moves Branch centers QKMC bound in dynamic terminal but not by the branch centers QKMC bound in calling mobile terminal in the case of, then by quilt The branch centers QKMC bound in mobile terminal are made to provide the secondary service;
(6) if effective most short chain road between QKD nodes bound in caller and called mobile terminal by QKMC, caller and by In the case of crying the branch centers QKMC bound in mobile terminal, then being provided by the branch centers QKMC bound in calling mobile terminal should Secondary service.
9. a kind of flexible quantum safety moving communication means according to claim 6, it is characterised in that:For caller and QKD nodes bound in called mobile terminal are neither directly bound QKMC simultaneously, are also not belonging to the same branch centers QKMC, and have Imitate shortest path neither by QKMC nor by branch centers QKMC bound in caller and called mobile terminal when, wherein:It is main It is QKD_A to be QKD nodes bound in mobile terminal, and the QKD nodes bound in called mobile terminal are QKD_B, then QKMC into The following operation of row:
(a) branch centers QKMC belonging to connection QKD_A, QKD_A and the shortest path 1 between QKD_B are calculated;
(b) branch centers QKMC belonging to connection QKD_A, QKD_B and the shortest path 2 between QKD_B are calculated;
(c) compare shortest path 1 and shortest path 2, if shortest path 1 is optimal, just the QKMC belonging to specified QKD_A divides Center provides the secondary service;Otherwise, then just the branch centers QKMC belonging to specified QKD_B provide the secondary service.
10. a kind of flexible quantum safety moving communication means according to claim 1, it is characterised in that:The service The content of instruction includes:The quantum ID number of caller or called mobile terminal and there is binding relationship with the mobile terminal The addresss of node QKD.
CN201810132408.2A 2018-02-09 2018-02-09 Flexible quantum secure mobile communication method Active CN108462573B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810132408.2A CN108462573B (en) 2018-02-09 2018-02-09 Flexible quantum secure mobile communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810132408.2A CN108462573B (en) 2018-02-09 2018-02-09 Flexible quantum secure mobile communication method

Publications (2)

Publication Number Publication Date
CN108462573A true CN108462573A (en) 2018-08-28
CN108462573B CN108462573B (en) 2020-10-23

Family

ID=63239907

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810132408.2A Active CN108462573B (en) 2018-02-09 2018-02-09 Flexible quantum secure mobile communication method

Country Status (1)

Country Link
CN (1) CN108462573B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005034A (en) * 2018-09-19 2018-12-14 北京邮电大学 A kind of multi-tenant quantum key Supply Method and device
CN110381011A (en) * 2018-12-04 2019-10-25 天津京东深拓机器人科技有限公司 A kind of method and apparatus for realizing logistics equipment secure communication
CN111277549A (en) * 2018-12-05 2020-06-12 杭州希戈科技有限公司 Security service method and system adopting block chain
CN111342952A (en) * 2018-12-18 2020-06-26 杭州希戈科技有限公司 Safe and efficient quantum key service method and system
CN111431703A (en) * 2020-03-02 2020-07-17 哈尔滨工业大学 Hybrid QKD network system based on QKD protocol classification
CN111934871A (en) * 2020-09-23 2020-11-13 南京易科腾信息技术有限公司 Quantum key management service core network, system and quantum key negotiation method
CN112737781A (en) * 2021-03-29 2021-04-30 南京易科腾信息技术有限公司 Quantum key management service method, system and storage medium
CN113098872A (en) * 2021-04-02 2021-07-09 山东量子科学技术研究院有限公司 IP telephone and mobile terminal encryption communication system and method based on quantum network and convergence gateway
CN116527259A (en) * 2023-07-03 2023-08-01 中电信量子科技有限公司 Cross-domain identity authentication method and system based on quantum key distribution network
CN116684093A (en) * 2023-08-02 2023-09-01 中电信量子科技有限公司 Identity authentication and key exchange method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010064003A1 (en) * 2008-12-05 2010-06-10 Qinetiq Limited Method of establishing a quantum key for use between network nodes
CN102196425A (en) * 2011-07-01 2011-09-21 安徽量子通信技术有限公司 Quantum-key-distribution-network-based mobile encryption system and communication method thereof
CN202121593U (en) * 2011-07-01 2012-01-18 安徽量子通信技术有限公司 Mobile encryption system based on quantum key distribution network
CN104243143A (en) * 2013-06-08 2014-12-24 安徽量子通信技术有限公司 Mobile secret communication method based on quantum key distribution network
CN107453869A (en) * 2017-09-01 2017-12-08 中国电子科技集团公司第三十研究所 A kind of method for the IPSecVPN for realizing quantum safety

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010064003A1 (en) * 2008-12-05 2010-06-10 Qinetiq Limited Method of establishing a quantum key for use between network nodes
CN102196425A (en) * 2011-07-01 2011-09-21 安徽量子通信技术有限公司 Quantum-key-distribution-network-based mobile encryption system and communication method thereof
CN202121593U (en) * 2011-07-01 2012-01-18 安徽量子通信技术有限公司 Mobile encryption system based on quantum key distribution network
CN104243143A (en) * 2013-06-08 2014-12-24 安徽量子通信技术有限公司 Mobile secret communication method based on quantum key distribution network
CN106972922A (en) * 2013-06-08 2017-07-21 科大国盾量子技术股份有限公司 A kind of mobile secret communication method based on quantum key distribution network
CN107453869A (en) * 2017-09-01 2017-12-08 中国电子科技集团公司第三十研究所 A kind of method for the IPSecVPN for realizing quantum safety

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘晓慧: ""多用户量子通信方案及协议研究"", 《中国博士学位论文全文数据库信息科技辑》 *
徐兵杰等: ""量子通信技术发展现状及面临的问题研究"", 《通信技术》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005034A (en) * 2018-09-19 2018-12-14 北京邮电大学 A kind of multi-tenant quantum key Supply Method and device
CN109005034B (en) * 2018-09-19 2020-10-02 北京邮电大学 Multi-tenant quantum key supply method and device
CN110381011A (en) * 2018-12-04 2019-10-25 天津京东深拓机器人科技有限公司 A kind of method and apparatus for realizing logistics equipment secure communication
CN111277549B (en) * 2018-12-05 2022-05-03 杭州希戈科技有限公司 Security service method and system adopting block chain
CN111277549A (en) * 2018-12-05 2020-06-12 杭州希戈科技有限公司 Security service method and system adopting block chain
CN111342952A (en) * 2018-12-18 2020-06-26 杭州希戈科技有限公司 Safe and efficient quantum key service method and system
CN111342952B (en) * 2018-12-18 2022-12-09 杭州希戈科技有限公司 Safe and efficient quantum key service method and system
CN111431703A (en) * 2020-03-02 2020-07-17 哈尔滨工业大学 Hybrid QKD network system based on QKD protocol classification
CN111431703B (en) * 2020-03-02 2022-10-25 哈尔滨工业大学 Hybrid QKD network system based on QKD protocol classification
CN111934871A (en) * 2020-09-23 2020-11-13 南京易科腾信息技术有限公司 Quantum key management service core network, system and quantum key negotiation method
CN112737781B (en) * 2021-03-29 2021-06-18 南京易科腾信息技术有限公司 Quantum key management service method, system and storage medium
CN112737781A (en) * 2021-03-29 2021-04-30 南京易科腾信息技术有限公司 Quantum key management service method, system and storage medium
CN113098872A (en) * 2021-04-02 2021-07-09 山东量子科学技术研究院有限公司 IP telephone and mobile terminal encryption communication system and method based on quantum network and convergence gateway
CN116527259A (en) * 2023-07-03 2023-08-01 中电信量子科技有限公司 Cross-domain identity authentication method and system based on quantum key distribution network
CN116527259B (en) * 2023-07-03 2023-09-19 中电信量子科技有限公司 Cross-domain identity authentication method and system based on quantum key distribution network
CN116684093A (en) * 2023-08-02 2023-09-01 中电信量子科技有限公司 Identity authentication and key exchange method and system
CN116684093B (en) * 2023-08-02 2023-10-31 中电信量子科技有限公司 Identity authentication and key exchange method and system

Also Published As

Publication number Publication date
CN108462573B (en) 2020-10-23

Similar Documents

Publication Publication Date Title
CN108462573A (en) A kind of flexible quantum safety moving communication means
CN109767220B (en) Block chain based transaction method and block chain based transaction system
CN106972922B (en) A kind of mobile secret communication method based on quantum key distribution network
CN106357396B (en) Digital signature method and system and quantum key card
CN109995513A (en) A kind of quantum key Information Mobile Service method of low latency
CN107040378A (en) A kind of key dispatching system and method based on Multi-user Remote Communication
CN109995514A (en) A kind of safe and efficient quantum key Information Mobile Service method
CN107317789A (en) Key distribution, authentication method, apparatus and system
CN107094076B (en) Secret communication method based on quantum true random number and communication system
CN109787763A (en) A kind of Mobile Authentication method, system, terminal and storage medium based on quantum key
CN106411525A (en) Message authentication method and system
CN203912078U (en) Quantum safety video conference system
CN103763099A (en) Electric power security communication network based on quantum key distribution technology
CN108540436B (en) Communication system and communication method for realizing information encryption and decryption transmission based on quantum network
CN109995511A (en) A kind of mobile secret communication method based on quantum key distribution network
CN111277404B (en) Method for realizing quantum communication service block chain
CN108510270A (en) A kind of move and transfer accounts method of quantum safety
CN106878528A (en) A kind of disturbance incoming call SMS interception method and system based on block chain technology
CN108847928B (en) Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card
CN109842485A (en) A kind of quantum key service network system having center
CN101170404B (en) Method for secret key configuration based on specified group
CN108965338A (en) The method of three factor authentications and key agreement under environment of multi-server
CN106533656B (en) A kind of key multilayer mixing method for encryption/decryption based on WSN
WO2012024906A1 (en) Mobile communication system and voice call encryption method thereof
CN111342952B (en) Safe and efficient quantum key service method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant