CN109714164B - Method for IKEv2 to negotiate use of quantum key - Google Patents
Method for IKEv2 to negotiate use of quantum key Download PDFInfo
- Publication number
- CN109714164B CN109714164B CN201910140622.7A CN201910140622A CN109714164B CN 109714164 B CN109714164 B CN 109714164B CN 201910140622 A CN201910140622 A CN 201910140622A CN 109714164 B CN109714164 B CN 109714164B
- Authority
- CN
- China
- Prior art keywords
- key
- exchange
- quantum
- ikev2
- responder
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
A method for IKEv2 to negotiate quantum key usage relates to the technical field of communication. The technical problem that the existing network encryption method is easy to crack and is not safe enough can be solved. The method comprises the steps of generating a quantum key QK by using a quantum key distribution protocol QKD, replacing or combining a shared key g ^ ir generated by Diffie-Hellman key exchange with the QK, and giving specific steps of calculating a key material and a HASH value by using the QK value, so that the generated IKE SA and IPSEC SA keys indirectly use the quantum key; in the ISAKMP protocol, the new increment sub-key bill QKT load uniquely identifies the current generation of the QK key, and the QKT load is used for quantum key exchange instead of or in combination with the KE load of Diffie-Hellman key exchange, thereby giving specific exchange steps in IKEv2 negotiation. The invention can combine with a novel quantum encryption technology, so that the traditional IPSEC technology can use the quantum key to generate IKE SA and CHILD SA in the IKEv2 negotiation stage, and the encryption of the negotiation stage and the encryption of the tunnel message improve the security because of using the quantum key.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a method for IKEv2 to negotiate and use a quantum key.
Background
IPSEC (Internet Protocol Security) is an open standard framework that ensures secure and secure communication over IP networks by using encrypted Security services. IKE (internet Key exchange) is a major protocol in the IPSEC architecture, and IPSEC exchanges and manages encryption keys used in VPN through the IKE protocol. IKE has two versions, V1 and V2. IKEv1 was an early version. IKEv2 simplifies the negotiation process of the security association, completes the negotiation process mainly through initial exchange and creation of sub-SA exchanges, and adds security features and extensibility. IKEv2 initially uses 2 exchanges, i.e., IKE _ SA _ INIT exchange and IKE _ AUTH exchange, to complete the negotiation of one IKE SA and a pair of IPSec SAs, and then performs key renewal of the IKE SA and IPSec SA through CREATE _ CHILD _ SA exchange. The key exchange of IKEv1 and IKEv2 is implemented based on the Diffie-Hellman algorithm, the security of which is based on the difficulty of computing the discrete logarithm of large prime numbers. With the continuous improvement of computer performance, people begin to worry about any encryption algorithm based on the mathematical problem, and the encryption algorithm is cracked for one day. At present, a new technology is not a mathematical problem but depends on a physical principle, namely a Quantum Key Distribution (QKD) protocol, wherein the QKD takes Quantum as an information carrier and establishes a shared Key between legal users through Quantum channel transmission. The BB84 protocol is one of QKD protocols, meets the inaccuracy measuring principle and the unclonable law of quantum science through the physical characteristics of polarization of light, once a quantum channel is monitored, the physical law is triggered and found, and the unconditional safety of quantum key distribution is guaranteed.
Disclosure of Invention
The method for using the quantum key in the IKEv2 negotiation provided by the invention can solve the technical problem that the existing network encryption method is easy to crack and is not safe enough.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method of IKEv2 negotiating use of quantum keys, comprising:
adding or modifying the following steps on the basis of IKEv2 negotiation:
1) the initiator and the responder adopt a quantum key distribution protocol QKD to generate a quantum key QK, and the QK is used for replacing or combining a shared key g ^ ir generated by Diffie-Hellman key exchange;
2) using the quantum key bill QKT to uniquely identify the current generation QK;
3) the initiator and the responder perform key exchange by adopting an IKEv2 protocol, newly add QKT load and send the load to the responder by the initiator;
4) the calculation method for generating the basic key material SKEYSEED and the working key for the initial exchange of the IKEv2 is as follows:
SKEYSEED=prf(Ni|Nr,QK[|g^ir])
then 7 working keys are generated:
{SK_d|SK_ai|SK_ar|SK_ei|SK_er|SK_pi|SK_pr}=prf+(SKEYSEED,Ni|Nr|SPIi|SPIr)
description of the drawings:
[ | g ^ ir ] is an optional item, g ^ ir represents the shared key generated by the KE key exchange of Diffie-Hellman. If the quantum key QK is adopted to replace the KE key exchange mode of Diffie-Hellman, [ | g ^ ir ] does not participate in calculation;
the SK _ d represents deriving which is a derivative key;
a represents authentication and is an authentication key;
e represents encryption and is an encryption key;
p represents payload and generates a key used when an AUTH effective load;
i represents an initiator;
r represents a responder;
the 7 generated working keys of the IKE SA are derived from parameters such as a quantum key QK and the like, so that the security of the encryption of the IKEv2 negotiation stage is improved due to the use of the quantum key;
5) the key material KEYMAT for the SA generated by the initial exchange of IKEv2 is calculated as follows:
KEYMAT=prf+(SK_d,Ni|Nr)
KEYMAT may be divided into two parts, a first part for the IPSEC SA encryption key and another part for the authentication key. The parameters are obtained by indirect derivation of parameters such as quantum keys QK and the like, so that the security of the IPSEC tunnel message is improved due to the quantum keys.
6) When creating the sub SA, the initiator regenerates a quantum key QK (new) and a quantum bill QKT (new), and then performs CREATE _ CHILD _ SA exchange;
7) the calculation method for creating _ CHILD _ SA exchange to generate the keying material KEYMAT is as follows:
KEYMAT=prf+(SK_d,QK(new)[|g^ir(new)]|Ni|Nr)
[ | g ^ ir (new)) ] is optional, g ^ ir (new)) represents the shared key generated by the KE key exchange of Diffie-Hellman when the sub-SAs are created; if quantum key QK is used to replace the KE key exchange mode of Diffie-Hellman, [ | g ^ ir (new) ] does not participate in calculation.
KEYMAT may be divided into two parts, a first part for the IPSEC SA encryption key and another part for the authentication key.
The created sub-SA can be used for IKE key updating and IPSEC encryption and authentication, and is obtained by parameter derivation such as quantum key, so that the security of IKE key updating and IPSEC tunnel message encryption is improved by using the quantum key.
Further, the initial exchange of IKEv2 employs the following steps:
the first pair of messages, i.e. IKE _ SA _ INIT exchange, performs a negotiation encryption algorithm, transmits quantum bills, exchanges nonces, and optionally performs a Diffie-Hellman KE key exchange, wherein the specific message content is as follows: the initiator sends HDR, SAi1, QKT, [ KEi, ] Ni; the responder transmits HDR, SAr1, [ KEr, ] Nr, [ CERTREQ ].
The second pair of messages, namely IKE _ AUTH exchange, verifies the previous pair of messages, exchanges identity and certificate, and establishes a first sub SA, the message content is encrypted by an SK _ e key and authenticated by an SK _ a key, and the specific message content is as follows: the initiator sends HDR, SK { IDi, [ CERT, ] [ CERTREQ, ] [ IDr, ]AUTH, SAi2, TSi, TSr }; the responder transmits HDR, SK { IDr, [ CERT, ] AUTH, SAr2, TSi, TSr }.
QKT generates quantum ticket corresponding to quantum key QK for initiator through QKD key distribution protocol, and sends it as IKE load to responder. The responder requests the quantum QKD device for the QK using QKT.
[ KEi, ], [ KEr, ] is an optional item, KE represents the KE payload at Diffie-Hellman key exchange, and i and r represent the initiator and responder, respectively. A quantum key QK is adopted to replace a Diffie-Hellman key exchange mode, and a KE load is not carried in the exchange process.
Further, the CREATE CHILD SA exchange may be used to CREATE new sub-SAs, key updates for IKE SAs, key updates for sub-SAs, respectively, using the following steps:
creating message content of new sub SA, encrypting with SK _ e key, authenticating with SK _ a key, transmitting HDR, SK { SA, Ni, QKT (new), [ KEi, ] TSi, TSr } by initiator; the responder transmits HDR, SK { SA, Nr, [ KEr, ] TSi, TSr }.
The message content of key update of IKE SA is encrypted by SK _ e key, authenticated by SK _ a key, initiator sends HDR, SK { SA, Ni, QKT (new), [ KEi ] }; the responder sends HDR, SK { SA, Nr, [ KEr ] }.
The key updating message content of the sub SA is encrypted by an SK _ e key, authenticated by an SK _ a key, and the initiator sends HDR, SK { N (REKEY _ SA), SA, Ni, QKT (new), [ KEi, ] TSi, TSr }; the responder transmits HDR, SK { SA, Nr, [ KEr, ] TSi, TSr }.
According to the technical scheme, the method for negotiating and using the quantum key by the IKEv2 has the following beneficial effects: the conventional IPSEC technology can use the quantum key to generate IKE SA and CHILD SA in an IKEv2 negotiation stage, and the encryption of the negotiation stage and the encryption of the tunnel message improve the security because the quantum key is used.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention;
FIG. 2 is a network topology of the present invention;
FIG. 3 is a message format of a newly added quantum bill payload;
FIG. 4 is a schematic diagram of IKE _ SA _ INIT exchange;
FIG. 5 is a schematic diagram of IKE _ AUTH exchange;
FIG. 6 is a schematic diagram of CREATE CHILD SA exchange-creation of a new sub-SA;
FIG. 7 is a schematic diagram of CREATE CHILD SA exchange-IKE SA rekeying
Fig. 8 is a schematic diagram of CREATE CHILD SA exchange-rekeying of the sub-SAs.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention.
As shown in fig. 1, the method for using quantum keys in an IKEv2 negotiation manner in this embodiment establishes an IPESC tunnel using quantum keys in an IKEv2 pre-shared key manner, and includes the following main steps:
s100, the initiator and the responder adopt a quantum key distribution protocol QKD to generate a quantum key QK, and the QK is used for replacing or combining a shared key g ^ ir generated by Diffie-Hellman key exchange;
s200, using the quantum key bill QKT to uniquely identify the quantum key QK generated at this time;
s300, the initiator and the responder perform key exchange by adopting an IKEv2 protocol, newly add QKT load and send the load to the responder by the initiator;
s400, generating a basic key material SKEYSEED and a working key for the initial exchange calculation of the IKEv 2;
s500, calculating key material KEYMAT of SA generated by IKEv2 initial exchange;
s600, when the sub SA is created, the initiator regenerates a quantum key QK (new) and a quantum bill QKT (new), and then the CREATE _ CHILD _ SA exchange is carried out;
s700, CREATE _ CHILD _ SA exchange generates the keying material KEYMAT.
The following is detailed in conjunction with fig. 2-8:
step 1: establishing an IPSEC tunnel between two encryption devices, and the detailed steps are as follows: configuring IPSEC tunnel parameters between two encryption devices, comprising:
1) configuring an IP address and a route of the equipment;
2) configuring IKE parameters, adopting IKEv2 version, using pre-shared key identity authentication mode, and configuring pre-shared key;
3) configuring an encryption algorithm of IPSEC as SM4, and an authentication algorithm as SM 3;
4) configuring a quantum key output protocol and completing negotiation with quantum QKD equipment;
5) and a quantum key QK is adopted to replace a Diffie-Hellman key exchange mode.
Step 2: the initiator acquires a quantum key QK and a key bill QKT from the quantum QKD equipment through a quantum key output protocol;
and step 3: the initiator and the responder adopt IKEv2 version, and complete IKE _ SA _ INIT exchange through 2 interactive messages:
1) the initiator sends a message with SAi1, QKT, Ni payload;
2) the responder replies with a message carrying the SAr1, Nr payload. Because a quantum key QK is adopted to replace a Diffie-Hellman key exchange mode, the KE load is not carried in the IKE _ SA _ INIT exchange. Through IKE _ SA _ INIT exchange, basic key material SKEYSEED and working key are generated, and the calculation method is as follows:
SKEYSEED=prf(Ni|Nr,QK)
then 7 working keys are generated:
{SK_d|SK_ai|SK_ar|SK_ei|SK_er|SK_pi|SK_pr}=prf+(SKEYSEED,Ni|Nr|SPIi|SPIr)
the 7 working keys of the IKE SA generated in the above way are derived from parameters such as QK, so that the encryption of the IKEv2 negotiation stage improves the security because quantum keys are used.
And 4, step 4: the initiator and the responder adopt IKEv2 version, and complete IKE _ AUTH exchange through 2 interactive messages:
1) the initiator sends an encrypted and authenticated message with loads of IDi, AUTH, SAi2, TSi and TSr;
2) the responder responds to an encrypted and authenticated message with the payload IDr, AUTH, SAr2, TSi, TSr. The encryption key and the authentication key of the authentication exchange respectively adopt SK _ e and SK _ a in step 3, and the 2 keys are obtained by parameter derivation such as quantum key QK, so that the IKE _ AUTH exchange process of IKEv2 improves the security due to the use of the quantum key.
And 5: the initiator and responder calculate the first sub-SAs, i.e., key material KEYMAT of IPSEC SA and encryption and authentication keys of IPSEC, using the following method:
KEYMAT=prf+(SK_d,Ni|Nr)
KEYMAT may be divided into two parts, a first part for the IPSEC SA encryption key and another part for the authentication key. The parameters are obtained by indirect derivation of parameters such as quantum keys, so that the security of the IPSEC tunnel message is improved due to the quantum keys.
Step 6: when the IPSEC SA key is updated, the initiator acquires a new quantum key QK (new) and a new key bill QKT (new) from the quantum QKD equipment;
and 7: when the IPSEC SA key is updated, the CREATE _ CHILD _ SA exchange is completed through 2 interactive messages:
1) the initiator sends an encrypted and authenticated message with N (REKEY _ SA), SA, Ni, QKT (new), TSi and TSr loads;
2) the responder responds with an encrypted and authenticated message with SA, Nr, TSi, TSr payload. Because the quantum key QK is adopted to replace a Diffie-Hellman key exchange mode, the KE load is not carried in the CREATE-CHILD-SA exchange. The encryption key and the authentication key of the CREATE CHILD SA exchange respectively adopt SK _ e and SK _ a in step 3, and the 2 keys are derived through parameters such as quantum key QK, so that the security of the CREATE CHILD SA exchange process of the IKEv2 is improved due to the use of the quantum key.
And 8: the initiator and responder calculate the key material KEYMAT of IPSEC SA and the encryption and authentication keys using the following method:
KEYMAT=prf+(SK_d,QK(new)|Ni|Nr)
KEYMAT may be divided into two parts, a first part for the IPSEC SA encryption key and another part for the authentication key. The parameters are derived by using parameters such as quantum keys, so that the security of the message encryption after the IPSEC tunnel key is updated is improved by using the quantum keys.
The method for negotiating the use of the quantum key by using the IKEv2 provided by the embodiment has the following beneficial effects: the novel quantum encryption technology can be combined, so that the conventional IPSEC technology can use a quantum key in an IKEv2 negotiation stage, and the network security is improved.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (8)
1. A method of IKEv2 negotiation using quantum keys, comprising: the method comprises the following steps:
s100, the initiator and the responder adopt a quantum key distribution protocol QKD to generate a quantum key QK, and the QK is used for replacing or combining a shared key g ^ ir generated by Diffie-Hellman key exchange;
s200, using the quantum key bill QKT to uniquely identify the quantum key QK generated at this time;
s300, the initiator and the responder perform key exchange by adopting an IKEv2 protocol, newly add QKT load and send the load to the responder by the initiator;
s400, generating a basic key material SKEYSEED and a working key for the initial exchange calculation of the IKEv 2;
the initial exchange of IKEv2 in step S400 employs the following steps:
the first pair of messages, i.e. IKE _ SA _ INIT exchange, performs a negotiation encryption algorithm, transmits quantum bills, exchanges nonces, and optionally performs a Diffie-Hellman KE key exchange, wherein the specific message content is as follows: the initiator sends HDR, SAi1, QKT, [ KEi, ] Ni; the responder transmits HDR, SAr1, [ KEr, ] Nr, [ CERTREQ ];
description of the drawings: wherein HDR is a table header; SAi1, SAr1 is the IKE SA recommendation; KEi, KEr is a public value of the DH algorithm; ni, Nr is a Nonce; CERTREQ is the certificate request payload;
the second pair of messages, namely IKE _ AUTH exchange, verifies the previous pair of messages, exchanges identity and certificate, and establishes a first sub SA, the message content is encrypted by an SK _ e key and authenticated by an SK _ a key, and the specific message content is as follows: the initiator sends HDR, SK { IDi, [ CERT, ] [ CERTREQ, ] [ IDr, ]AUTH, SAi2, TSi, TSr }; the responder transmits HDR, SK { IDr, [ CERT, ] AUTH, SAr2, TSi, TSr };
description of the drawings: wherein SAi2, SAr2 suggests a payload for IPSEC SA; CERT is the certificate payload; TSi, TSr traffic selector; AUTH is authentication data load;
QKT quantum bill corresponding to quantum key QK is generated by initiator through QKD key distribution protocol and sent to responder as IKE load, and responder uses QKT to request quantum QKD equipment to obtain QK;
[ KEi, ], [ KEr, ] is optional, KE represents the KE payload at Diffie-Hellman key exchange, i and r represent the initiator and responder, respectively; a quantum key QK is adopted to replace a Diffie-Hellman key exchange mode, and a KE load is not carried in the exchange process;
s500, calculating key material KEYMAT of SA generated by IKEv2 initial exchange;
s600, when the sub SA is created, the initiator regenerates a quantum key QK (new) and a quantum bill QKT (new), and then the CREATE _ CHILD _ SA exchange is carried out;
s700, CREATE _ CHILD _ SA exchange generates the keying material KEYMAT.
2. A method of IKEv2 negotiation a quantum key according to claim 1, wherein: step S400 generates a basic key material SKEYSEED and a working key for the IKEv2 initial exchange calculation, and the calculation method is as follows:
SKEYSEED=prf(Ni|Nr,QK[|g^ir])
then 7 working keys are generated:
{SK_d|SK_ai|SK_ar|SK_ei|SK_er|SK_pi|SK_pr}=prf+(SKEYSEED,Ni|Nr|SPIi|SPIr)
description of the drawings:
prf is a pseudo-random function; SPIi and SPIr are safety parameter index numbers;
[ | g ^ ir ] is a selectable item, and g ^ ir represents a shared key generated by KE key exchange of Diffie-Hellman;
if the quantum key QK is adopted to replace the KE key exchange mode of Diffie-Hellman, [ | g ^ ir ] does not participate in calculation;
the SK _ d represents deriving which is a derivative key;
a represents authentication and is an authentication key;
e represents encryption and is an encryption key;
p represents payload and generates a key used when an AUTH effective load;
i represents an initiator;
and r represents a responder.
3. A method of IKEv2 negotiation a quantum key according to claim 1, wherein:
the calculation method of the key material KEYMAT of the SA generated by the initial exchange of IKEv2 in S500 is as follows:
KEYMAT=prf+(SK_d,Ni|Nr)
KEYMAT is divided into two parts, the first part being used for the IPSEC SA encryption key and the other part being used for the authentication key.
4. A method of IKEv2 negotiation a quantum key according to claim 1, wherein: the CREATE CHILD SA exchange in step S600 may be used to CREATE new sub-SAs, key update of IKE SA, and key update of sub-SA, respectively adopting the following steps:
creating message content of new sub SA, encrypting with SK _ e key, authenticating with SK _ a key, transmitting HDR, SK { SA, Ni, QKT (new), [ KEi, ] TSi, TSr } by initiator; the responder transmits HDR, SK { SA, Nr, [ KEr, ] TSi, TSr };
the message content of key update of IKE SA is encrypted by SK _ e key, authenticated by SK _ a key, initiator sends HDR, SK { SA, Ni, QKT (new), [ KEi ] }; the responder sends HDR, SK { SA, Nr, [ KEr ] };
the key updating message content of the sub SA is encrypted by an SK _ e key, authenticated by an SK _ a key, and the initiator sends HDR, SK { N (REKEY _ SA), SA, Ni, QKT (new), [ KEi, ] TSi, TSr }; the responder transmits HDR, SK { SA, Nr, [ KEr, ] TSi, TSr }.
5. A method of IKEv2 negotiation a quantum key according to claim 1, wherein: the step S100 specifically includes:
establishing an IPSEC tunnel between two encryption devices, and in particular configuring IPSEC tunnel parameters between the two encryption devices, including,
s101, configuring an IP address and a route of equipment;
s102, configuring IKE parameters, adopting an IKEv2 version, using a pre-shared key identity authentication mode, and configuring a pre-shared key;
s103, configuring an encryption algorithm of IPSEC as SM4, and an authentication algorithm as SM 3;
s104, configuring a quantum key output protocol and completing negotiation with quantum QKD equipment;
s105, replacing a Diffie-Hellman key exchange mode with a quantum key QK.
6. A method of IKEv2 negotiation a quantum key according to claim 1, wherein: in the step S300, the initiator and the responder use an IKEv2 protocol to complete IKE _ SA _ INIT exchange through 2 interactive messages:
1) the initiator sends a message with SAi1, QKT, Ni payload;
2) the responder replies with a message carrying the SAr1, Nr payload.
7. A method of IKEv2 negotiation a quantum key according to claim 1, wherein: in step S300, the initiator and the responder perform key exchange using an IKEv2 protocol, and specifically complete IKE _ AUTH exchange through 2 interactive messages:
1) the initiator sends an encrypted and authenticated message with loads of IDi, AUTH, SAi2, TSi and TSr;
2) the responder responds to an encrypted and authenticated message with the payload IDr, AUTH, SAr2, TSi, TSr.
8. A method of IKEv2 negotiation a quantum key according to claim 1, wherein: the calculation method for generating the key material KEYMAT by CREATE _ CHILD _ SA exchange in step S700 is as follows:
KEYMAT=prf+(SK_d,QK(new)[|g^ir(new)]|Ni|Nr)
[ | g ^ ir (new)) ] is optional, g ^ ir (new)) represents the shared key generated by the KE key exchange of Diffie-Hellman when the sub-SAs are created; if quantum key QK is adopted to replace the KE key exchange mode of Diffie-Hellman, [ | g ^ ir (new) ] does not participate in calculation;
KEYMAT may be divided into two parts, a first part for the IPSEC SA encryption key and another part for the authentication key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910140622.7A CN109714164B (en) | 2019-02-26 | 2019-02-26 | Method for IKEv2 to negotiate use of quantum key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910140622.7A CN109714164B (en) | 2019-02-26 | 2019-02-26 | Method for IKEv2 to negotiate use of quantum key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109714164A CN109714164A (en) | 2019-05-03 |
| CN109714164B true CN109714164B (en) | 2021-11-30 |
Family
ID=66265035
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910140622.7A Active CN109714164B (en) | 2019-02-26 | 2019-02-26 | Method for IKEv2 to negotiate use of quantum key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109714164B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110071943B (en) * | 2019-05-28 | 2021-07-27 | 中国电子科技集团公司第三十研究所 | Compound high-safety IP secret communication method with truly random change of secret key |
| CN113507358B (en) * | 2020-03-24 | 2022-09-27 | 阿里巴巴集团控股有限公司 | Communication system, authentication method, electronic device, and storage medium |
| WO2021237746A1 (en) * | 2020-05-29 | 2021-12-02 | 华为技术有限公司 | Method for acquiring key and related apparatus |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101142779A (en) * | 2005-03-16 | 2008-03-12 | Magiq技术公司 | Method of integrating qkd with ipsec |
| CN102210121A (en) * | 2008-09-10 | 2011-10-05 | 马来西亚微电子系统有限公司 | Method of integrating quantum key distribution with internet key exchange protocol |
| CN103441839A (en) * | 2013-08-15 | 2013-12-11 | 国家电网公司 | Method and system for using quantum cryptography in safe IP communication |
| CN104660603A (en) * | 2015-02-14 | 2015-05-27 | 山东量子科学技术研究院有限公司 | Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network) |
| CN107453869A (en) * | 2017-09-01 | 2017-12-08 | 中国电子科技集团公司第三十研究所 | A kind of method for the IPSecVPN for realizing quantum safety |
| CN108075890A (en) * | 2016-11-16 | 2018-05-25 | 中兴通讯股份有限公司 | Data sending terminal, data receiver, data transmission method and system |
| CN108923917A (en) * | 2018-06-28 | 2018-11-30 | 浙江九州量子信息技术股份有限公司 | A kind of Virtual Private Network encryption method based on quantum communications |
| CN109257388A (en) * | 2018-11-20 | 2019-01-22 | 安徽皖通邮电股份有限公司 | Pseudo-wire encryption method in a kind of MPLS-TP |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8082443B2 (en) * | 2006-01-09 | 2011-12-20 | Bbnt Solutions Llc. | Pedigrees for quantum cryptography |
-
2019
- 2019-02-26 CN CN201910140622.7A patent/CN109714164B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101142779A (en) * | 2005-03-16 | 2008-03-12 | Magiq技术公司 | Method of integrating qkd with ipsec |
| CN102210121A (en) * | 2008-09-10 | 2011-10-05 | 马来西亚微电子系统有限公司 | Method of integrating quantum key distribution with internet key exchange protocol |
| CN103441839A (en) * | 2013-08-15 | 2013-12-11 | 国家电网公司 | Method and system for using quantum cryptography in safe IP communication |
| CN104660603A (en) * | 2015-02-14 | 2015-05-27 | 山东量子科学技术研究院有限公司 | Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network) |
| CN108075890A (en) * | 2016-11-16 | 2018-05-25 | 中兴通讯股份有限公司 | Data sending terminal, data receiver, data transmission method and system |
| CN107453869A (en) * | 2017-09-01 | 2017-12-08 | 中国电子科技集团公司第三十研究所 | A kind of method for the IPSecVPN for realizing quantum safety |
| CN108923917A (en) * | 2018-06-28 | 2018-11-30 | 浙江九州量子信息技术股份有限公司 | A kind of Virtual Private Network encryption method based on quantum communications |
| CN109257388A (en) * | 2018-11-20 | 2019-01-22 | 安徽皖通邮电股份有限公司 | Pseudo-wire encryption method in a kind of MPLS-TP |
Non-Patent Citations (1)
| Title |
|---|
| 基于量子密钥的VPN安全性研究;张明;《中国优秀硕士学位论文期刊全文数据库》;20131115;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109714164A (en) | 2019-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107919956B (en) | End-to-end safety guarantee method in cloud environment facing to Internet of things | |
| CN102318258B (en) | The subjective entropy of identity-based | |
| DK1714418T3 (en) | KEY MANAGEMENT FOR NETWORK ELEMENTS | |
| CN103095696B (en) | A kind of authentication and cryptographic key negotiation method being applicable to power information acquisition system | |
| CN104754581B (en) | A kind of safety certifying method of the LTE wireless networks based on public-key cryptosystem | |
| CN109714164B (en) | Method for IKEv2 to negotiate use of quantum key | |
| US20100042841A1 (en) | Updating and Distributing Encryption Keys | |
| CN102111273B (en) | Pre-sharing-based secure data transmission method for electric load management system | |
| CN101420694A (en) | WAPI-XG1 access and fast switch authentication method | |
| CN113037499B (en) | Block chain encryption communication method and system | |
| CN113630248B (en) | Session key negotiation method | |
| CN107360567B (en) | Key agreement method for wireless network cross-domain switching authentication based on identity unpaired | |
| CN114285571A (en) | Method, gateway device and system for using quantum key in IPSec protocol | |
| CN114398602A (en) | Internet of things terminal identity authentication method based on edge calculation | |
| CN109802831A (en) | A kind of method that IKEv1 negotiation uses quantum key | |
| Cho et al. | Using QKD in MACsec for secure Ethernet networks | |
| CN111049649A (en) | Zero-interaction key negotiation security enhancement protocol based on identification password | |
| CN106953727B (en) | Group safety certifying method based on no certificate in D2D communication | |
| CN116599659B (en) | Certificate-free identity authentication and key negotiation method and system | |
| CN114070570B (en) | Safe communication method of electric power Internet of things | |
| CN113242129B (en) | End-to-end data confidentiality and integrity protection method based on lattice encryption | |
| CN113014376B (en) | Method for safety authentication between user and server | |
| Chowdhury et al. | Security issues in integrated EPON and next-generation WLAN networks | |
| CN114285550A (en) | Quantum security key service network, system and node device | |
| CN114363086A (en) | Industrial internet data encryption transmission method based on stream cipher |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |