CN110247765A - A kind of quantum secure data link communications system - Google Patents
A kind of quantum secure data link communications system Download PDFInfo
- Publication number
- CN110247765A CN110247765A CN201910554249.XA CN201910554249A CN110247765A CN 110247765 A CN110247765 A CN 110247765A CN 201910554249 A CN201910554249 A CN 201910554249A CN 110247765 A CN110247765 A CN 110247765A
- Authority
- CN
- China
- Prior art keywords
- key
- quantum
- authentication
- secrecy
- management control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0858—Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention discloses a kind of quantum secure data link communications system, the system comprises: two identical quantum secure devices, the quantum secure device include: quantum key generating device, key management control server and multiple secrecy terminals;Wherein, each key management control server binds multiple secrecy terminals;Two quantum key generating devices, for running BB84 agreement, generating symmetrical quantum key by transmission polarization state monochromatic light quantum;It is put into respective pool of keys;Then it is issued to the key management control server respectively connected respectively;Then the key management control server is distributed to multiple secrecy terminals of binding for the quantum key that pool of keys issues to be received and verified;The secrecy terminal receives and stores quantum key for establishing binding connection by built-in authentication key and key management control server.System of the invention has high security, high independence, disposes convenient, fast, simple advantage.
Description
Technical field
The present invention relates to secret communication field/fields of communication technology, logical in particular to a kind of quantum secure data-link
Letter system.
Background technique
As more and more traditional artificial business are replaced network electronic business, such as Web bank, Online Taxation, net
The rise of the business such as network security implies that China's construction of information expressway has come into the booming stage.Encryption
Technology, authentication techniques, many technical problems such as digital signature are urgently to be resolved, and wherein the status of information password and safety is especially prominent
Out.It is most strong that quanta cryptology technique becomes current safety using the inseparability of uncertainty principle and single photon as theoretical basis
Cryptographic means, application prospect is unlimited.The research of quantum cryptography is to pursue being perfectly safe for information to provide technical guarantee.
Quantum cryptography is more superior than common Email or radio because this mode can not theoretically be destroyed or
It intercepts.If the quantum in laser beam is observed by third party, particle itself will change, and here it is physically so-called
" Heisenberg's uncertainty principle ", the change of this State-dependence particle are measured.If encountering interception, sender and recipient are
Someone can be aware of at once to spy upon.
Currently, the core content of quantum cryptography research is exactly how to utilize quantum techniques safe and reliable on quantum channel
Ground distributes key.If having held any password of appropriate method all from mathematical angle can decode, but and traditional cryptography
Difference, quantum cryptology protect information using physics principle.Usually " using quantum as information carrier, being passed via quantum channel
Send, the method for shared key established between legitimate user ", referred to as quantum-key distribution (quantum key
Distribution, QKD), safety is guaranteed by " Heisenberg uncertainty principle " and " the not reproducible theorem of single quantum ".
" Heisenberg uncertainty principle " is quantum-mechanical basic principle, it shows in synchronization with identical precision
Measure the position of quantum with momentum be it is impossible, can only accurately measure one of both." the not reproducible theorem of single quantum " is " sea
The inference of gloomy fort uncertainty principle ", it show to replicate in the case where not knowing quantum state single quantum be it is impossible,
Because replicating single quantum just can only first measure, and the state for necessarily changing quantum is measured, thus can not.It is available
These characteristics of quantum come solve the problems, such as privacy key distribute.
Quanta cryptology technique applies quantum-mechanical basic theories, uncertainty principle and single photon including Heisenberg
Inseparability, so that the safety issue of processing can not be improved by solving typical password always.Assuming that listener-in can be observed
The information sent in conventional channel, also observable and retransmit quantum channel on photon.
The rapid development of data communication brings convenient and fast communication mode, also brings the problem of data are given away secrets.In tradition
Secret communication in traditional encryption system, either to cipher key technique or public-key technology, the safety of ciphertext completely according to
Rely the secret in key.Key must be made of sufficiently long random binary string, once key is set up, by close
Ciphertext made of key coding can be transmitted to establish key on overt channel, and sender is necessary with recipient
A safe and reliable communication channel is selected, but due to the presence of intercept person, technically, really safety is difficult to protect
Card, and the distribution of key can always be monitored in the case where legitimate user has no way of discovering by passiveness.It is logical in traditional secrecy
The struggle that letter field, data encryption and technology are stolen secret information constantly upgrades, and eternal with advances in technology, so also not depositing
In absolute communication security.
Traditional cryptography thinks that the Encryption Algorithm and decipherment algorithm of any encryption system are all can be disclosed, encrypted body
The safety of system depends on the safety of key.Since the information of normal channel may be replicated, communicating pair is normal
It is impossible for establishing security key on rule channel.
Quantum cryptology is realized using the non-reproduction of quantum state and the inseparability of single quantum unsafe
It is the target of communicating pair distribution security quantum key on normal channel, thoroughly solves traditional cryptography problem.Quantum cryptography
Communication, which is that current scientific circles are generally acknowledged, is uniquely able to achieve the communication mode being perfectly safe, and depends on basic quantum mechanics effect
And quantum key distribution protocol.Quantum communications have to be perfectly safe not available for conventional communication mode.
The rsa encryption method of extensive utilization has theoretically been captured by the factorising algorithm of quantum at present.Even if
It is under the premise of there is presently no quantum computer, rsa cryptosystem system is also that may be broken, and people are also constantly grinding
Study carefully new algorithm, solves this problem of Factorization faster in classic computer.
Current quantum secret communication network is mainly based upon the cable network of optical fiber, and application layer is closed wired guarantor
Subnet is protected, ease for use is by larger limitation, and there is presently no the pratical and feasible schemes that quantum key is used on portable terminal.
But with the development of science and technology, portable terminal demand is growing, therefore it provides a kind of can carry the mobile quantum secure used
Data-link communication terminal and communication system be very it is necessary to.
Summary of the invention
It is an object of the invention to solve above-mentioned technical problem, a kind of quantum secure data link communications system, energy are proposed
It is enough really to realize the coded communication process being perfectly safe.Quantum key is to pass through the system of both sides after both sides establish communication
Column operation generates.Its generation process is exactly its transmittance process, it may be said that is " being used while making ", utilizes quantum mechanics
Characteristic, both sides can be made to generate a string of random numbers in respective hand simultaneously, and do not have to the data for seeing other side, it is ensured that double
The random number sequence of side is identical.This string random number sequence is exactly key.The generation process of quantum key is exactly simultaneously
Distribution procedure also avoids risk thus without transmitting key.
To achieve the goals above, the invention proposes a kind of quantum secure data link communications system, the system comprises:
Two identical quantum secure devices, the quantum secure device include: quantum key generating device, key management control service
Device and multiple secrecy terminals;Wherein, each key management control server binds multiple secrecy terminals;
Two quantum key generating devices are generated for running BB84 agreement by transmission polarization state monochromatic light quantum
Symmetrical quantum key;It is put into respective pool of keys;Then it is issued to the key management control server respectively connected respectively;
The key management control server, for the quantum key that pool of keys issues to be received and verified, then
It is distributed to multiple secrecy terminals of binding;
The secrecy terminal, for establishing binding connection by built-in authentication key and key management control server,
Receive and store quantum key.
As a kind of improvement of above system, the quantum key generating device includes:
Front end data processing module, for generating primary key Raw Key;
Basic vector comparison module, for extracting screening key Sifted Key from primary key Raw Key;
Correction module, for generating error correction ciphering key orrected Key;With
Secrecy enhancement unit generates final security key Final Key and is put into pool of keys.
As a kind of improvement of above system, the channel includes quantum channel and normal channel, and the quantum channel is used
In transmission polarization state monochromatic light quantum;The normal channel for B84 agreement shake hands and data agreement and verifying.
Random number inspection module, amount are set as a kind of improvement of above system, in the key management control server
Sub-key management module and quantum key distribution module;
The random number inspection module, for carrying out random number inspection to the quantum key received;
The quantum key management module, for remembering to device status information, key storage information and output information
Record and upload;
Then the quantum key distribution module is issued to for being encrypted by built-in authentication key to quantum key
Multiple secrecy terminals of binding.
As a kind of improvement of above system, the quantum key distribution module includes: quantum secure terminal binding unit
With quantum key transmission unit;
The quantum secure terminal binding unit, for carrying out authentication to the secrecy terminal of access, if certification is logical
It crosses, then binds the secrecy terminal;The process of the authentication verification are as follows: judge the authentication key and key management of secrecy terminal built-in
Whether the authentication key built in control server is consistent;
The quantum key transmission unit, for sending pre-assigned quantum key for the secrecy terminal of binding.
As a kind of improvement of above system, the key management have with the authentication key built in the distribution server it is multiple,
One authentication key is for connecting a quantum secure terminal.
As a kind of improvement of above system, authentication key management mould is also set up in the key management control server
Block receives the authentication key replacement request that the secrecy terminal of binding is sent for storing old authentication key KOld, close from quantum
New authentication key Knew is extracted in the authentication key that key generating device generates;Using old authentication key KOld to new authentication
Key KNew is encrypted, and is obtained ciphertext KNewKOld and is sent to the quantum secure terminal of binding.
As a kind of improvement of above system, the secrecy terminal includes: quantum key management module, quantum key setting
Module and authentication key management module;
The quantum key management module, for carrying out storage and management to received quantum key;
The quantum key setup module: for key strength and key freshness time to be arranged;
The authentication key management module is also used to the key management to binding for storing old authentication key KOld
Control server sends authentication key replacement request, as the ciphertext KNew for receiving key management and the distribution server transmission
KOld is decrypted the ciphertext KNewKOld received by the old authentication key KOld prestored, obtains new authentication
Key KNew, and old authentication key KOld is replaced with new authentication key KNew.
Present invention has an advantage that
1, quantum secure data link communications system of the invention has following performance characteristics:
1) safety
System uses the trick state quantum key distribution BB84 agreement of polarization encoder, and realizing can not theoretically decode, no
The quantum attack that the secure quantum key distribution that can be eavesdropped faces: such as strong photic blind attack, double-counting attack, four tunnels count unevenness
Weighing apparatus attack, using detector open the door the moment it is inconsistent sideband attack etc., product has monitoring capability and certain defence capability;
System carries out security isolation using related datas such as logic isolation technical protection quantum keys, with public network;
System realizes logic hardware, thus most using FPGA solidification quantum key distribution agreement and data processing algorithm
Ensure the safety for generating key to big degree;
The key storage for the quantum key that system generates and application are using hardware isolated progress multi-zone supervision.
2) compatible
System quantum signal tranmitting frequency is 40MH, can the frequencies such as upward-compatible 80MHz;
System supports quantum channel wavelength-division multiplex.
3) it standardizes
The quantum key randomness of system output meets national Password Management office " randomness inspection criterion ".
System external nuclear interface standardizing;
4) integrated
System is to be integrated with the integration apparatus of quantum key distribution and quantum key management.
5) ease for maintenance
System supports fault remote positioning (removing link problem);
System supports syslog file remotely to export;
System uses blade type electronics board structure, maintenance easy to install;
2, quantum secure data link communications system of the invention is based on inveigling state BB84 quantum key distribution agreement, using inclined
Shake coding techniques, provides safe quantum key;System uses a series of calculator room equipments, and the secret communication for metropolitan area needs
It asks, pairing is authenticated by authentication key and is used, sets up safe quantum key distribution network, providing can not decode, can not eavesdrop
Quantum key;Before all there is wide application in fields such as defense military, national security, finance, government affairs, the energy, cloud computings
Scape;
3, system of the invention has high security, high independence, disposes convenient, fast, simple advantage.
Detailed description of the invention
Fig. 1 is the flow diagram of the BB84 agreement of the ideal situation of the prior art;
Fig. 2 be the prior art there are when Eve the case where BB84 agreement flow chart;
Fig. 3 is quantum secure data link communications system block diagram of the invention;
Fig. 4 is the work flow diagram of quantum key generating device of the invention;
Cipher protocol interaction flow chart of the Fig. 5 between quantum key generating device of the invention;
Fig. 6 is the schematic diagram of quantum secret communication network of the invention.
Specific embodiment
Technical solution of the present invention is described in detail in the following with reference to the drawings and specific embodiments.
BB84 agreement is used during quantum key distribution.The realization of BB84 agreement needs two channels: normal channel
And quantum channel.Normal channel will ensure to can be carried out the exchange of some necessary informations between receiving-transmitting sides Alice and Bob, and measure
Subchannel, which is used for transmission, carries information or random quantum state.The realization approach of BB84 agreement is briefly described below, briefly
Step is as shown in Figure 1.
1) one group of binary sequence sA is randomly generated in sender Alice.Simplicity is described in order to illustrate, it is assumed that the sequence is
8bit, numerical value are [01100101].Then, Alice regenerates the random sequence mA of another group of equal length.
2) assume that mA is [10111100], here it is the sequences sent in quantum channel (such as in a fiber).According to
The two sequences, modulation generate 8 photons.The state for modulating each photon, particular state are determined how according to the relationship in table 1
As shown in Figure 1.
The corresponding relationship of photon state and sA, mA sequence is modulated in table 1:BB84
Any 3) be measured with group base since recipient Bob is not aware that, so Bob generates a random sequence and uses
To select measurement base, it is assumed that referred to as measurement basic sequence mB, for example be [00101010].Base is measured according to the relationship selection of table 2,
Bob measures particle.
The selection of table 2:Bob measurement base
Later, Bob notifies his selected measurement basic sequence mB of Alice by normal channel.
Then, the transmission basic sequence mA that Alice compares the measurement basic sequence mB of Bob and herself retains, and notify Bob institute
Which is identical in the measurement base of use, which is different.Alice and Bob saves the wherein measurement consistent survey of base respectively
Amount is as a result, and abandon wherein measuring the inconsistent measurement result of base.Determined according to the error rate of selected measurement basic sequence
With the presence or absence of attack, stop agreement if abnormal.
4) quantum state is encoded into binary bits in the following way by Alice and Bob:
With expression 0, and expression 1, primary key is obtained.
5) last Alice and Bob obtains identical key sequence kA and kB.
The case where there are Eve eavesdroppings is given in Fig. 2, that is to say, that Eve has intercepted the photon of transmission, measures, so
It oneself modulates photon again afterwards and is sent to Bob.
Equally, Eve does not know yet be measured with which group base, therefore the sequence mE of oneself is used to select as measurement base,
Result sE, such as [01010010] are obtained in this way.Then, Eve according to sE and mE reconstruct photon and is transferred to Bob.Notice this
In will can just introduce mistake because sA, mA and sE, mE can not be identical from probability.In this way, passing through the in Fig. 2 the 6th
The comparison verifying between Alice and Bob is walked, i.e., is compared by choosing some Key, so that it may find the presence of Eve.And
Can be more complicated in practical operation, it is for further processing using the methods of correction process, secrecy enhancing to primary key, to improve
The confidentiality of key, and finally obtain security key.
In BB84 agreement, used liner polarization and circular polarization is to grip state altogether, meets uncertainty principle.According to indeterminacy
Principle, the measurement result of linear polarization photon more accurately mean more inaccurate to the measurement result of circular polarization photon.Therefore, any
The measurement of attacker inherently generates change to original quantum state, and legitimate correspondence both sides can detect according to uncertainty principle
Disturbance out, to there is eavesdropping whether detecting.In addition, linear polarization and circular polarization state are non-orthogonal, therefore they are
Undistinguishable, attacker can not accurately measure each quantum state intercepted and captured, and also be impossible to produce identical
Photon is pretended to be.Uncertainty principle and quantum non-clone principle ensure that the Unconditional security of BB84 agreement quantum communications.
The present invention provides a kind of quantum secure data link communications system, business demand used in secret communication data-link
Password is generated management and control equipment by a pair of of quantum key and is generated using BB84 agreement, and real by key management control server
When be transmitted to secret communication terminal, realize the remote quantum secure secure communication in strange land.System includes that quantum key generates pipe
Reason control equipment, key management control server, secret communication terminal, quantum communications channel and public communication network.Quantum is close
Key generates management and control equipment and generates symmetrical quantum key for agreement, and key management control server is used for raw from quantum key
At obtaining quantum key in real time in the pool of keys of management and control equipment and being distributed to several secret communication terminals, secret communication is whole
For using quantum key encrypted transmission and receiving and deciphering business datum, quantum communications channel is used for transmission carrying quantum key at end
Monochromatic light subsequence, public communication network for synchronization signal, authentication and encrypted data transmission.What this system used
Symmetrical quantum key producing method and " one-time pad " cipher mode ensure the safety that is kept absolutely secret of transmission information.
Embodiment 1
The embodiment of the present invention 1 proposes a kind of quantum secure data link communications system, business used in secret communication
Demand key is generated by a pair of of quantum key generating device, and is issued to via key management control server and is passed through authentication
Multiple secrecy terminals, communication terminal can connect any business device, be encrypted in real time using quantum key to business datum
Transmission can also store the quantum key received, complete mobile use after key distribution.System block diagram is as shown in Figure 3.
The quantum secure data link communications system is mainly directed towards metropolitan area network users, provides quantum key distribution control, amount
Sub-key management, key relaying, key output function, have the characteristics that Highgrade integration.
Secure communication unit in system positioned at two places is connect by quantum channel with normal channel, You Liangtai quantum key
Terminal is generated by transmission polarization state light quantum, operation BB84 protocol negotiation generates symmetrical quantum key, and the quantum of generation is close
Key is located in device keys pond, is received, verifies, manages and is distributed to quantum key by key management control server, amount
Sub- private data chain communication terminal connects key management control server, can request after completion authentication, the amount of receiving and storing
Sub-key, eventually for " one-time pad " secret communication for carrying out safety to business datum.
Quantum key generating device described in system is quantum key distribution equipment, based on trick state BB84 quantum key point
Agreement is sent out, using polarization encoder technology, realizes the symmetrical quantum key distribution that can not be decoded, can not eavesdrop.It negotiates generation pair
Weigh sub-key, the Secure Terminal Unit for being distributed in two different zones, so that between the Secure Terminal Unit in strange land
It can carry out symmetric cryptography communication.
The equipment starting workflow of the quantum key generating device is as shown in Figure 4.The quantum key generating device
Booting sequence is primarily to whether some intrinsic informations and detection device of acquisition equipment meet power up requirement.
Cipher protocol interaction process and brief description between the quantum key generating device is as shown in Figure 5.Quantum is close
Cipher protocol interaction is carried out according to Data Post mechanism in key generating device operational process, mainly there are several steps: front end number
Raw Key is generated according to processing, basic vector comparison process extracts Sifted Key from Raw Key, and error correction procedure generates Corrected
Key, secrecy enhancing process generate final security key Final Key.
The quantum key generating device communication process has used quantum channel and two kinds of channels of normal channel, normal channel
For B84 agreement shake hands and data agreement, verifying, quantum channel are used for transmission polarization state monochromatic light subsequence.
Key management control server includes following functions:
1) generation of quantum key and distribution control
The equipment is based on C/S framework in quantum secret communication network, generates control client, realization pair as key
Its lower quantum layer equipment hung carries out the control of quantum key distribution process.It may be implemented to distribute more quantum layer device keys
The control of process.
2) quantum key stores
On the one hand the reception to quantum key is realized by the interface with quantum layer quantum key generating device, receives speed
Rate is supported to 100,000,000 ranks.It can be adapted for the key receptions of a variety of quantum devices such as quantum key generating device, GHZ and deposit
Storage.On the other hand, can with high-rate reception and store relay processes generation key.
After the completion of key reception, equipment can independently initiate key comparison end to end between network.It is compared by key
Technology ensure that the consistency of key storage between network node under the premise of not revealing key.
3) quantum key exports
Key output is the interface of application-oriented layer, which uses unified hardware and software platform interfacing, can pass through password
Plate realizes the quantum key output function to the quantum secure data-link communication terminal.It can be realized simultaneously more quantum secures
The access of data-link communication terminal has the characteristics that key output stablizes, is efficient, has ensured effective branch to application layer service
Support.
4) quantum key supervisor
The equipment is based on snmp protocol and supports Network Management System proxy interface, is realized by network management proxy to equipment
The upload function of status information, key storage information and output information, and the control of network management system can be received.
5) access control
Operating system account divides domestic consumer's group, maintenance user group, management user group.
There is secrecy terminal quantum key reception, store function to encrypt for connecting business device to business datum
Transmission.
Every secrecy terminal can connect more business devices by network interface and the network switch, lead between more secrecy terminals
Network interface or intelligent acess local area network or wide area network are crossed, when needing to carry out secret communication between the business device of two heterodoxies, source is protected
Close terminal obtains the business datum of business device, after encrypting using quantum key and a variety of encryptions calculation to data, passes through net
Network is transmitted to destination secrecy terminal, and destination secrecy terminal is decrypted encryption data using symmetrical quantum key, most
Eventually by being handled to destination business device reception.
Business device includes but is not limited to computer, video camera, server etc., and the business datum includes but is not limited to language
Sound, text, picture, video, file etc..
It is bound between secrecy terminal and quantum key management control server using unique authentication key, and binding
Authentication key can be with synchronized update.
Secrecy terminal and quantum key management control server between binding authentication key should secrecy terminal request
It updates, the method updated are as follows:
1) secrecy terminal manages control server to the quantum key for establishing binding relationship therewith and initiates authentication key replacement
Request, quantum key management control server extract new authentication key in the authentication key that quantum key generating device generates
Knew;
2) quantum key management control server adds new authentication key KNew using old authentication key KOld
It is close, ciphertext KNewKOld is obtained, and send ciphertext KNewKOld to secrecy terminal;
3) after secrecy terminal authentication message end is legal, by old authentication key KOld to the ciphertext KNew received
KOld is decrypted, obtain new authentication key KNew, and replaces old authentication key KOld with new authentication key KNew.
Further, the system can support more quantum key generating devices to be connected by optical switch, form quantum
Secret communication network, quantum communication network are made of three-decker, as shown in Figure 6.System uses time-division multiplex communication mode, often
Two quantum key generating devices carry out protocol communication and generate quantum key in a communication time period.
It should be noted last that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting.Although ginseng
It is described the invention in detail according to embodiment, those skilled in the art should understand that, to technical side of the invention
Case is modified or replaced equivalently, and without departure from the spirit and scope of technical solution of the present invention, should all be covered in the present invention
Scope of the claims in.
Claims (8)
1. a kind of quantum secure data link communications system, which is characterized in that the system comprises: two identical quantum secure dresses
It sets, the quantum secure device includes: quantum key generating device, key management control server and multiple secrecy terminals;Its
In, each key management control server binds multiple secrecy terminals;
Two quantum key generating devices generate symmetrical for running BB84 agreement by transmission polarization state monochromatic light quantum
Quantum key;It is put into respective pool of keys;Then it is issued to the key management control server respectively connected respectively;
Then the key management control server is distributed for the quantum key that pool of keys issues to be received and verified
To multiple secrecy terminals of binding;
The secrecy terminal is received for establishing binding connection by built-in authentication key and key management control server
And store quantum key.
2. quantum secure data link communications system according to claim 1, which is characterized in that the quantum key generation is set
It is standby to include:
Front end data processing module, for generating primary key Raw Key;
Basic vector comparison module, for extracting screening key Sifted Key from primary key Raw Key;
Correction module, for generating error correction ciphering key orrected Key;With
Secrecy enhancement unit generates final security key Final Key and is put into pool of keys.
3. quantum secure data link communications system according to claim 2, which is characterized in that the channel includes quantum letter
Road and normal channel, the quantum channel are used for transmission polarization state monochromatic light quantum;The normal channel is shaken hands for B84 agreement
And data agreement and verifying.
4. quantum secure data link communications system according to claim 3, which is characterized in that the key management control clothes
It is engaged in that random number inspection module, quantum key management module and quantum key distribution module is arranged on device;
The random number inspection module, for carrying out random number inspection to the quantum key received;
The quantum key management module, for device status information, key storage information and output information carry out record and
It uploads;
Then the quantum key distribution module is issued to binding for encrypting by built-in authentication key to quantum key
Multiple secrecy terminals.
5. quantum secret communication system according to claim 4, which is characterized in that the quantum key distribution module packet
It includes: quantum secure terminal binding unit and quantum key transmission unit;
The quantum secure terminal binding unit, for carrying out authentication to the secrecy terminal of access, if certification passes through,
Bind the secrecy terminal;The process of the authentication verification are as follows: judge the authentication key and key management control of secrecy terminal built-in
Whether the authentication key built in server is consistent;
The quantum key transmission unit, for sending pre-assigned quantum key for the secrecy terminal of binding.
6. quantum secret communication system according to claim 5, which is characterized in that the key management and the distribution server
Built-in authentication key has multiple, and authentication key is for connecting a quantum secure terminal.
7. quantum secret communication system according to claim 5, which is characterized in that in the key management control server
Authentication key management module is also set up, for storing old authentication key KOld, receives the authentication that the secrecy terminal of binding is sent
Key replacement request extracts new authentication key Knew out of quantum key generating device generates authentication key;Using old
Authentication key KOld encrypts new authentication key KNew, obtains ciphertext KNewKOld and is sent to the quantum guarantor of binding
Close terminal.
8. quantum secret communication system according to claim 7, which is characterized in that the secrecy terminal includes: that quantum is close
Key management module, quantum key setup module and authentication key management module;
The quantum key management module, for carrying out storage and management to received quantum key;
The quantum key setup module: for key strength and key freshness time to be arranged;
The authentication key management module is also used to the key management control to binding for storing old authentication key KOld
Server sends authentication key replacement request, as the ciphertext KNewKOld for receiving key management and the distribution server transmission, leads to
It crosses the old authentication key KOld prestored the ciphertext KNewKOld received is decrypted, obtains new authentication key
KNew, and old authentication key KOld is replaced with new authentication key KNew.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910554249.XA CN110247765B (en) | 2019-06-25 | 2019-06-25 | Quantum secret data chain communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910554249.XA CN110247765B (en) | 2019-06-25 | 2019-06-25 | Quantum secret data chain communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110247765A true CN110247765A (en) | 2019-09-17 |
| CN110247765B CN110247765B (en) | 2021-12-28 |
Family
ID=67889245
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910554249.XA Active CN110247765B (en) | 2019-06-25 | 2019-06-25 | Quantum secret data chain communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110247765B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110650009A (en) * | 2019-09-23 | 2020-01-03 | 中国联合网络通信集团有限公司 | Mobile network and communication method |
| CN111510224A (en) * | 2020-03-20 | 2020-08-07 | 军事科学院系统工程研究院网络信息研究所 | Quantum communication method and system based on wavelength division multiplexing coding and key storage conversion |
| CN111865590A (en) * | 2020-08-28 | 2020-10-30 | 国科量子通信网络有限公司 | Quantum secret communication technology-based work key distribution system in financial field and application method thereof |
| CN111988139A (en) * | 2020-08-18 | 2020-11-24 | 中南大学 | Improved one-time pad quantum proxy signature method based on quantum walk |
| CN112769558A (en) * | 2020-12-31 | 2021-05-07 | 华南师范大学 | Code rate self-adaptive QKD post-processing method and system |
| CN113395158A (en) * | 2021-08-18 | 2021-09-14 | 北京中创为南京量子通信技术有限公司 | Message authentication key generation method and device and message authentication system |
| CN113645619A (en) * | 2021-09-16 | 2021-11-12 | 四川灵通电讯有限公司 | One-to-many key distribution method and device |
| CN113708928A (en) * | 2021-08-25 | 2021-11-26 | 济南浪潮数据技术有限公司 | Edge cloud communication method and related device |
| CN114172586A (en) * | 2020-09-11 | 2022-03-11 | 军事科学院系统工程研究院网络信息研究所 | Electro-optical double-carrier free space quantum encryption communication method |
| CN114172636A (en) * | 2020-09-11 | 2022-03-11 | 军事科学院系统工程研究院网络信息研究所 | Hybrid secure communication method for encrypting critical data quanta |
| CN114285547A (en) * | 2021-11-29 | 2022-04-05 | 中国联合网络通信集团有限公司 | Processing method, device, equipment and medium for quantum key distribution |
| CN115022059A (en) * | 2022-06-13 | 2022-09-06 | 中国银行股份有限公司 | Quantum communication method and device |
| CN117176346A (en) * | 2023-11-01 | 2023-12-05 | 中电信量子科技有限公司 | Distributed quantum key link control method and key management system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101207628A (en) * | 2006-12-19 | 2008-06-25 | 日本电气株式会社 | Method and system for managing shared information |
| CN105049198A (en) * | 2015-08-05 | 2015-11-11 | 清华大学 | Asymmetry-based communication method of decoy-state quantum key distribution protocols |
| CN107094076A (en) * | 2017-04-14 | 2017-08-25 | 江苏亨通问天量子信息研究院有限公司 | Secret communication method and communication system based on quantum true random number |
| CN108134672A (en) * | 2018-03-16 | 2018-06-08 | 安徽问天量子科技股份有限公司 | Data transmission system and its transmission method based on quantum cryptography exchange apparatus |
-
2019
- 2019-06-25 CN CN201910554249.XA patent/CN110247765B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101207628A (en) * | 2006-12-19 | 2008-06-25 | 日本电气株式会社 | Method and system for managing shared information |
| CN105049198A (en) * | 2015-08-05 | 2015-11-11 | 清华大学 | Asymmetry-based communication method of decoy-state quantum key distribution protocols |
| CN107094076A (en) * | 2017-04-14 | 2017-08-25 | 江苏亨通问天量子信息研究院有限公司 | Secret communication method and communication system based on quantum true random number |
| CN108134672A (en) * | 2018-03-16 | 2018-06-08 | 安徽问天量子科技股份有限公司 | Data transmission system and its transmission method based on quantum cryptography exchange apparatus |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110650009A (en) * | 2019-09-23 | 2020-01-03 | 中国联合网络通信集团有限公司 | Mobile network and communication method |
| CN111510224A (en) * | 2020-03-20 | 2020-08-07 | 军事科学院系统工程研究院网络信息研究所 | Quantum communication method and system based on wavelength division multiplexing coding and key storage conversion |
| CN111510224B (en) * | 2020-03-20 | 2021-06-15 | 军事科学院系统工程研究院网络信息研究所 | Quantum communication method and system based on wavelength division multiplexing coding and key storage conversion |
| CN111988139A (en) * | 2020-08-18 | 2020-11-24 | 中南大学 | Improved one-time pad quantum proxy signature method based on quantum walk |
| CN111988139B (en) * | 2020-08-18 | 2022-05-17 | 中南大学 | Improved one-time pad quantum proxy signature method based on quantum walk |
| CN111865590A (en) * | 2020-08-28 | 2020-10-30 | 国科量子通信网络有限公司 | Quantum secret communication technology-based work key distribution system in financial field and application method thereof |
| CN114172586A (en) * | 2020-09-11 | 2022-03-11 | 军事科学院系统工程研究院网络信息研究所 | Electro-optical double-carrier free space quantum encryption communication method |
| CN114172636A (en) * | 2020-09-11 | 2022-03-11 | 军事科学院系统工程研究院网络信息研究所 | Hybrid secure communication method for encrypting critical data quanta |
| CN114172636B (en) * | 2020-09-11 | 2024-02-20 | 军事科学院系统工程研究院网络信息研究所 | Hybrid safety communication method for key data quantum encryption |
| CN112769558A (en) * | 2020-12-31 | 2021-05-07 | 华南师范大学 | Code rate self-adaptive QKD post-processing method and system |
| CN113395158A (en) * | 2021-08-18 | 2021-09-14 | 北京中创为南京量子通信技术有限公司 | Message authentication key generation method and device and message authentication system |
| CN113395158B (en) * | 2021-08-18 | 2022-01-18 | 北京中创为南京量子通信技术有限公司 | Message authentication key generation method and device and message authentication system |
| CN113708928A (en) * | 2021-08-25 | 2021-11-26 | 济南浪潮数据技术有限公司 | Edge cloud communication method and related device |
| CN113645619A (en) * | 2021-09-16 | 2021-11-12 | 四川灵通电讯有限公司 | One-to-many key distribution method and device |
| CN113645619B (en) * | 2021-09-16 | 2023-09-19 | 四川灵通电讯有限公司 | One-to-many key distribution method and device |
| CN114285547A (en) * | 2021-11-29 | 2022-04-05 | 中国联合网络通信集团有限公司 | Processing method, device, equipment and medium for quantum key distribution |
| CN114285547B (en) * | 2021-11-29 | 2023-10-20 | 中国联合网络通信集团有限公司 | Quantum key distribution processing method, device, equipment and medium |
| CN115022059A (en) * | 2022-06-13 | 2022-09-06 | 中国银行股份有限公司 | Quantum communication method and device |
| CN117176346A (en) * | 2023-11-01 | 2023-12-05 | 中电信量子科技有限公司 | Distributed quantum key link control method and key management system |
| CN117176346B (en) * | 2023-11-01 | 2024-03-08 | 中电信量子科技有限公司 | Distributed quantum key link control method and key management system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110247765B (en) | 2021-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110247765A (en) | A kind of quantum secure data link communications system | |
| US10903984B2 (en) | Device and method for resonant cryptography | |
| CN103475464B (en) | A kind of power special quantum encryption gateway system | |
| GB2491896A (en) | Secret key generation | |
| CN109951513A (en) | Anti- quantum calculation wired home quantum cloud storage method and system based on quantum key card | |
| Niemiec et al. | Management of security in quantum cryptography | |
| Bhatia et al. | Framework for wireless network security using quantum cryptography | |
| Liu et al. | SEDEA: State estimation-based dynamic encryption and authentication in smart grid | |
| CN110391905A (en) | A kind of internet behavior auditing system and method based on quantum key encryption technology | |
| KR101993885B1 (en) | The PUF-QRANG quantum system with security chips | |
| CN109889329A (en) | Anti- quantum calculation wired home quantum communications method and system based on quantum key card | |
| CN111953487B (en) | Key management system | |
| Wang et al. | Authentication of quantum key distribution with post-quantum cryptography and replay attacks | |
| Singhrova | Quantum key distribution-based techniques in IoT | |
| Pourbabak et al. | Emerging data encryption methods applicable to Energy Internet | |
| CN110048920A (en) | Anti- quantum calculation wired home short distance energy-saving communication method and system based on key card | |
| Singamaneni et al. | A Novel Multi-Qubit Quantum Key Distribution Ciphertext-Policy Attribute-Based Encryption Model to Improve Cloud Security for Consumers | |
| Elboukhari et al. | Integration of quantum key distribution in the TLS protocol | |
| Alshowkan et al. | Quantum key distribution-bootstrapped authentication for secure communication of distributed energy resources | |
| CN116684091B (en) | Relay multi-level data blockchain sharing method and system based on quantum key distribution | |
| CN101552667A (en) | Method for synchronously realizing encryption and authentication | |
| Ding et al. | Design and Implementation of Microservice Secure Communication Framework based on National Secret Algorithm and Dynamic Key | |
| Arnold et al. | Quantum cryptography: security for the post-quantum world | |
| CN110061895A (en) | Anti- quantum calculation application system short distance energy-saving communication method and system based on key card | |
| Alhasnawy et al. | Improving Wireless Sensor Network Security Using Quantum Key Distribution |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |