CN110289952A - A kind of quantal data chain secrecy terminal and secret communication network - Google Patents
A kind of quantal data chain secrecy terminal and secret communication network Download PDFInfo
- Publication number
- CN110289952A CN110289952A CN201910553870.4A CN201910553870A CN110289952A CN 110289952 A CN110289952 A CN 110289952A CN 201910553870 A CN201910553870 A CN 201910553870A CN 110289952 A CN110289952 A CN 110289952A
- Authority
- CN
- China
- Prior art keywords
- secrecy
- data
- terminal
- quantal
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854 communication Effects 0.000 title claims abstract description 88
- 238000004891 communication Methods 0.000 title claims abstract description 86
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 21
- 238000003860 storage Methods 0.000 claims abstract description 11
- 238000004364 calculation method Methods 0.000 claims abstract description 8
- 238000009826 distribution Methods 0.000 claims description 26
- 238000000034 method Methods 0.000 claims description 25
- 230000005540 biological transmission Effects 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 3
- 241001269238 Data Species 0.000 claims 2
- 230000005611 electricity Effects 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 230000006872 improvement Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000002093 peripheral effect Effects 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000002146 bilateral effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000004992 fission Effects 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0855—Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Optical Communication System (AREA)
Abstract
A kind of quantal data chain secrecy terminal and secret communication network.The invention discloses a kind of quantal data chain secrecy terminal, the secrecy terminal includes: MCU main control module, quantum key control module, data encrypting and deciphering module, communication module and authentication module;The quantum key manages module, for providing required quantum key for data encrypting and deciphering module;The data encrypting and deciphering module is used to obtain quantum key from the designated position of quantum key control module, and the Encryption Algorithm specified according to MCU main control module carries out cryptographic calculation to the business datum that business device is sent;It is also used to that operation is decrypted according to specified decipherment algorithm to the encryption data that other quantal data chain secrecy terminals are sent;The communication module is used to the encrypted data of data encrypting and deciphering module being sent to other quantal data chain secrecy terminals, or for receiving the encryption data from other quantal data chain secrecy terminals, is subsequently forwarded to data encrypting and deciphering module;The authentication module, for authentication key needed for encrypting storage authentication.
Description
Technical field
The invention belongs to secret communication fields, and in particular to a kind of quantal data chain secrecy terminal and secret communication network.
Background technique
The basic process of data encryption is handled with certain algorithm original text and encryption key, to obtain one section
Unreadable code, as ciphertext, this is ciphering process.When ciphertext via network transmission to destination, destination can pass through solution
The inverse operation of key and Encryption Algorithm, decipherment algorithm make ciphertext be transformed into the clear content of script, this is decrypting process.Nothing
By being encryption or decrypting process, wherein being directed to largely calculate work.
Currently, cipher system is divided into symmetrical and two class of asymmetric.It is pair if encryption key is identical with decruption key
Claim cipher system.The characteristics of technology be algorithm disclose, encryption efficiency it is high, but safety is low.If encryption key and decruption key
Difference is then asymmetric cryptosystem.In transmission process, encryption key can be disclosed, and decruption key is then by destination's list
Solely hold.
Nowadays, widely used password, which is substantially by mathematic calculation, realizes: using complicated numeric string
Information is encrypted.No matter how Fu Za mathematical key can also find rule, and cracking complicated teaching aid puzzle becomes meter
Calculate the important hidden danger of network security.
Random number can be divided into two classes: pseudo random number and true random number.So-called pseudo random number, which just refers to, seems random essence
Upper and nonrandom random number.The random number usually used on a computer program is all pseudo random number, they are with specific
What algorithm generated, substantially it is expected that being therefore pseudo random number.
In general the algorithm of pseudo random number is all to have periodically, but this period is sometimes very huge,
But by the calculation of supercomputer, the regularity for finding out pseudo random number is not any difficult thing.
Therefore, although pseudo random number is fully able to meet daily life needs, but the application for bank, military affairs etc.
It is not just very safe.In addition, the encryption of information is more if the algorithm for generating pseudo random number has been obtained by enemy if in advance
It is not know where to begin.
True random number refers to that the sample of random number is not reproducible, unpredictable, has real randomness.Because classical
Macrocosm be substantially it is foreseeable, the generation of true random number can only be realized by quantum physics, such as nuclear fission,
Single photon random number etc..
Why quantum physics can generate real random number, be to work as measurement because the additivity of quantum state is utilized in it
When, quantum state can collapse to a determining state at random.This collapse is that one kind is really random, and any theory all can not
Prediction, therefore be true random number by the random number that quantum physics generate.At present, it has been demonstrated that generated by the quantum state of superposition
Random number can never be repeated.On Vehicles Collected from Market common secret communication terminal be based on conventional cryptography mode, and
Quantum true random number is not used, encryption safe performance is low, and key has the risk being decrypted.
Current quantum secret communication network is mainly based upon the cable network of optical fiber, and application layer is closed wired guarantor
Subnet is protected, ease for use is by larger limitation, and there is presently no the pratical and feasible schemes that quantum key is used in secrecy terminal.
But with the development of science and technology, portable terminal demand is growing, therefore it provides a kind of can carry the mobile quantal data used
Chain secrecy terminal be very it is necessary to.
Summary of the invention
It is an object of the invention to overcome above-mentioned technological deficiency, a kind of quantal data chain secrecy terminal is proposed.
The present invention adopts the following technical scheme:
A kind of quantal data chain secrecy terminal connects more business devices by the network switch;The secrecy terminal packet
It includes: MCU main control module, quantum key control module, data encrypting and deciphering module, communication module and authentication module;
The MCU main control module also provides for user configuration interface for controlling and detecting the operation of other modules;
The quantum key manages module, for providing required quantum key for data encrypting and deciphering module;
The data encrypting and deciphering module, for obtaining quantum key from the designated position of quantum key control module, according to
The specified Encryption Algorithm of MCU main control module carries out cryptographic calculation to the business datum that business device is sent;It is also used to other amounts
Operation is decrypted according to specified decipherment algorithm in the encryption data that subdata chain secrecy terminal is sent;
The communication module maintains secrecy for the encrypted data of data encrypting and deciphering module to be sent to other quantal data chains
Terminal, or for receiving the encryption data from other quantal data chain secrecy terminals, it is subsequently forwarded to data encrypting and deciphering module;
The authentication module, for authentication key needed for encrypting storage authentication, which is each
The unique identities of terminal authenticate mark.
As a kind of improvement of above-mentioned apparatus, the secrecy terminal further include: power management module, in power supply electrifying
After each module normal working voltage is provided.
As a kind of improvement of above-mentioned apparatus, the business device includes but is not limited to computer, video camera and server;Institute
Business datum is stated to include but be not limited to voice, text, picture, video and file.
It is held as a kind of improvement of above-mentioned apparatus when carrying out secret communication between the business device of two secrecy terminals
Row following step:
Two quantal data chain secrecy terminals are respectively set to source quantal data chain secrecy terminal and destination quantum
Data-link secrecy terminal;Secret communication tunnel is established between the two;
The source quantal data chain secrecy terminal obtains the business datum of connected business device, the source quantum
It is described after the data encrypting and deciphering module of data-link secrecy terminal encrypts data using quantum key and specified encryption calculation
The communication module of source quantal data chain secrecy terminal is by encrypted data transmission to destination quantal data chain secrecy terminal;
The communication module of the destination quantal data chain secrecy terminal receives encryption data, the destination quantal data
The data encrypting and deciphering module of chain secrecy terminal is decrypted encryption data using symmetrical quantum key, by the data after decryption
It is sent to the business device of destination quantal data chain secrecy terminal connection.
It is described that two quantal data chain secrecy terminals are respectively set to source quantum as a kind of improvement of above-mentioned apparatus
Data-link secrecy terminal and destination quantal data chain secrecy terminal;Secret communication tunnel is established between the two, is specifically included:
Two quantal data chain secrecy terminals are respectively set to source quantal data chain secrecy terminal and destination quantum
Data-link secrecy terminal;
Connection is established by authentication key between the source quantum secure terminal and destination quantum secure terminal;
The source quantum secure terminal sends synchronizing information, the synchronizing information packet to destination quantum secure terminal
Include: bilateral agreement synchronizes the quantum true random number cipher key sections used, Encryption Algorithm selection and verification mode selection.
As a kind of improvement of above-mentioned apparatus, the quantum key in the key control module is encryption storage, is being needed
Shi Xiemi is used;The quantum key stored in the key control module is carried out according to the parameter configuration timing of MCU main control module
Operation updates.
As a kind of improvement of above-mentioned apparatus, the acquisition process of the quantum key are as follows: the quantal data chain maintains secrecy
Terminal and quantum key management server are bound, and quantum key management server gives quantum key distribution to secrecy terminal.
As a kind of improvement of above-mentioned apparatus, the acquisition process of the quantum key are as follows: the quantal data chain maintains secrecy
Terminal accesses quantum key distribution system, and two quantum key distribution equipment in the quantum key distribution system will be symmetrical
Quantum key is issued to the quantal data chain secrecy terminal respectively connected respectively.
The present invention also provides a kind of quantal data chain secret communication networks, comprising: several are upper by network interconnection
The quantal data chain secrecy terminal stated.
Compared with prior art, present invention has an advantage that
Quantal data chain secrecy terminal of the invention is by quantum secrecy technology, the safety of General Promotion data communication,
Ensure that data are not cracked in transmission process.It can simply and quickly realize the seamless interfacing with classic network.With as follows
Performance characteristics:
1) small in size, it sets up simple
Its equipment is small and exquisite, and interface is succinct, when in use, need to only occupy the remaining space of existing rack or computer room, lead to
Crossing simple connection can be completed the erection of equipment, without significantly adjusting existing computer room framework.
2) easy to operate, seamless access
Its operation interface is simple, it is only necessary to and legacy network can be added by carrying out simple network configuration for legacy network,
It supports automatic, manual two kinds of configuration modes, the secure data link between point-to-point, multiple spot can be established according to demand.
3) compatibility is strong
It supports conventional transport protocol, such as http, https, tcp, udp, can be assisted with the network security of compatible conventional
View further reduced user suitable for most of network structure such as local area network, wide area network, ad hoc network and access threshold.Maintenance
User at low cost is during O&M, it is only necessary to guarantee its normal operation, it will not be to the security protocol in legacy network structure, net
Network control impacts, and maintenance cost is low.
4) one-time pad
Support " one-time pad " encryption technology, user's key in data transmission procedure is only used once, effectively increased
The safety reliability of data transmission.
Detailed description of the invention
Fig. 1 is the module frame schematic diagram of quantal data chain secrecy terminal of the invention;
Fig. 2 is the operation schematic diagram of quantal data chain secrecy terminal of the invention;
Fig. 3 is the schematic diagram of the service communication of simplification of the invention;
Fig. 4 is quantal data chain secrecy terminal of the invention and the schematic diagram that quantum key generator interconnects;
Fig. 5 is quantal data chain secrecy terminal of the invention and the schematic diagram that quantum key distribution system interconnects;
Fig. 6 is the communication network schematic diagram that multiple quantal data chain secrecy terminals of the invention form.
Specific embodiment
The present invention will be described in detail with reference to the accompanying drawing
The present invention provides a kind of quantal data chain secrecy terminals, and it is close that secrecy terminal encryption stores quantum true random number
Key realizes the secret communication based on Data Encryption Techniques for connecting business device;Include power management module, MCU master control mould
Block, key control module, authentication module, data encrypting and deciphering module and network communication module.Wherein, power management module control
System power supply operation processed;MCU main control module is system core control module, runs (SuSE) Linux OS, regulation terminal system fortune
Traveling journey, and other module operating modes can be configured by order;Key manages module storage and management quantum key, passes through core
Stored quantum key is read and updates in the control of heart control module;The encryption of authentication module stores the unique identity of equipment
Authentication key carries out authentication when for accessing key-distribution server, be also used for two quantal data chain secrecy eventually
End carries out the authentication before secret communication;Data encrypting and deciphering module uses quantum key, Encryption Algorithm is run, to business datum
Carry out encryption and decryption arithmetic operation;Network communication module runs ICP/IP protocol, provides the network communication interface of encryption data.
Quantal data chain secrecy terminal provided by the invention uses symmetrical quantum key, adds in conjunction with the data of " one-time pad "
Decryption method ensures that service communication both sides transmit being perfectly safe for information.
Embodiment 1
As shown in Figure 1, the embodiment of the present invention 1 provides a kind of quantal data chain secrecy terminal, which includes:
MCU main control module manages module, authentication module, data encrypting and deciphering mould with the power management module, key
Block and network communication module connection, are system core control module, and built-in (SuSE) Linux OS runs application program, regulate and control institute
There is module, detects each module operation, output state log, and provide user configuration interface.
Key manage module, connect with the MCU main control module and data encrypting and deciphering module, provide business datum encryption with
Quantum key needed for decryption.Quantum key in the key control module is encryption storage, and secret emissary is solved when needing to take
With;The quantum key stored in the key control module carries out operation update according to the parameter configuration timing of MCU main control module,
Or refresh memory field quantum key data when accessing quantum key generating device;The key control module is by MCU master control mould
Block control key takes position and key usage amount;The key control module provides quantum key and gives data encrypting and deciphering module
Carry out data encryption or data deciphering arithmetic operation.
Authentication module is connect with the MCU main control module, authentication key needed for encryption storage authentication, should
Authentication key is that the exclusive unique identities of each equipment authenticate mark, the use when receiving quantum key and carrying out secret communication,
Access permission as equipment room authenticates;The authentication key can be updated by user configuration, be controlled and received newly by MCU main control module
Identification authentication key and encrypt storage.
Data encrypting and deciphering module is connect with the MCU main control module and key control module, adds solution carrying out business datum
It is controlled and is opened by MCU main control module when close, and designated position obtains quantum key from key control module, according to MCU master control
Module assignment algorithm carries out data encrypting and deciphering arithmetic operation.
Communication module is connect with the MCU main control module and data encrypting and deciphering module, is carrying out business datum secrecy transmission
When controlled and run by MCU main control module, be used for transmission the encrypted data of data encrypting and deciphering module arithmetic, or come from for receiving
The encryption data of opposite equip. simultaneously transfers to data encrypting and deciphering module that operation is decrypted.
Power management module manages module, authentication module, data encrypting and deciphering mould with the MCU main control module, key
Block and network communication module connection, provide each module normal working voltage after power supply electrifying, can control weight by MCU main control module
Open or check power supply state.
As shown in Fig. 2, every quantal data chain secrecy terminal can be connected more business and be set by network interface and the network switch
It is standby, pass through network interface or intelligent acess local area network or wide area network, the business of two heterodoxies between more quantal data chain secrecy terminals
When needing to carry out secret communication between equipment, source quantal data chain secrecy terminal obtains the business datum of business device, usage amount
After sub-key and a variety of encryptions calculation encrypt data, it is transmitted through the network to destination quantal data chain secrecy terminal, mesh
The sub- quantal data chain secrecy terminal of looking somebody up and down encryption data is decrypted using symmetrical quantum key, finally by destination
Business device reception processing.
The business device includes but is not limited to computer, video camera, server etc., and the business datum includes but is not limited to
Voice, text, picture, video, file etc..
One simplified service communication is as shown in Figure 3:
Business device A is connected with quantal data chain secrecy terminal A, business device B and quantal data chain secrecy terminal B phase
Connection carries out data communication by cable LAN or public network between quantal data chain secrecy terminal A and B.Communication process
Following steps:
1) prepare: business device connects quantal data chain secrecy terminal, is ready to that the data of secrecy transmission need to be carried out;
2) secret communication tunnel is established: source quantal data chain secrecy terminal initiates synchronizing information and gives destination quantal data
Chain secrecy terminal completes authentication, and quantum true random number cipher key sections, Encryption Algorithm that protocol synchronization uses select, verification
Mode selects, and after destination reception has handled synchronizing information, replys source, completes secret communication tunnel and establishes, both sides enter guarantor
Close communications status;
3) the secret communication stage: communicating pair foundation common communication fidonetFido, while uplink and downlink data or Dan Shanghang or list
Downlink data transmits encrypted business datum, if communicating pair any end is hung up, secret communication terminates.
Business datum encryption during secret communication combines the data ciphering method of " one-time pad ", or uses fixed length
Key block encryption technology can make shared symmetric key both sides transmit being kept absolutely secret for information.
Quantal data chain secrecy terminal can be by configuring using multiple encryption algorithms, and can configure periodically to the amount stored
Sub-key carries out operation update.
Quantal data chain secrecy terminal has AccessPort interface, can access PC machine, is carried out by proprietary upper computer software
Debugging and easy configuration, open configuration feature are as follows:
1) IP is configured
Configurable terminal traffic mouth and terminal tunnel face IP address.
2) network interface configures
Configurable network interface is service port or data port.
3) pattern configurations
Configurable communication mode is the encrypted transmission mode of switch mode or the encryption of quantum random number key without encryption.
4) node automatic synchronization
Addition communication node need to be only arranged in connected terminal at one end, can automatic synchronization node listing.
5) key management
It can carry out the Android key mirror image that key state is checked, key imports, production encrypts.
6) equipment state is checked
It can check CPU operating status, functional area and tunnel face linear speed and data traffic, automatic refreshing a device filling.
7) key is arranged
Settable key strength and key freshness time.
8) data encryption algorithm
Configurable selection uses the different Encryption Algorithm of quantum key.
Quantum secret communication is a kind of novel communication technology, it guaranteed using the physical characteristic of quantum communication without item
Part safety.Quantum secret communication is the new research field that the subjects such as quantum physics, mathematics and computer combine, and what is be related to grinds
Studying carefully content includes: quantum key distribution (Quantum Key Distribution, abbreviation QKD), quantum secret sharing
(Quantum Secret Sharing, abbreviation QSS), quantum teleportation (Quantum Teleportation) and quantum peace
Full direct communication (Quantum Secure Direct Communication, abbreviation QSDC) etc..Quantum secret communication is by measuring
Sub- state carries the communication mode of information, it realizes secret communication process using the quantum entanglement principle of the elementary particles such as photon.This
Invent the quantum secret communication type of description are as follows: quantum key distribution (QKD, Quantum Key Distribution).Quantum
The capital equipment of secret signalling includes: communication network main equipment, terminal device, further includes matched scientific instrument and is
The control of system property and application software etc..At present, quantum secret communication agreement is largely using the BB84 for inveigling state based on single photon
Agreement inveigles state agreement to have anti-beam-splitting attack and improves the advantage of transmission range.During quantum secret communication system with QKD is
The heart, it is independent to build quantum communications net and classical communication net, it is connected by QKD terminal, ultimately generates key and exported by the terminal
To classical communication net.For quantal data chain ciphering terminal in entire quantum secret communication link, the position being in is security areas
Terminal, the reception for completing key distribution is synchronous and use.
Quantal data chain secrecy terminal uses equipment as the terminal of quantum key, must set with quantum key
Standby interconnection, access quantum secret communication network could complete its all application function.When connecting key occurrence of equipment, also have
Selectable kinds of schemes, following example two schemes.The first: quantum key generator generates quantum key, passes through quantum
Key management system is distributed to multiple independent terminals.After completing distribution, the secret communication in safety zone, each quantum number
It works offline according to chain secrecy terminal, in such a way that management system defines, the secret communication between terminal is carried out, such as Fig. 4 institute
Show.Second: quantal data chain secrecy terminal access quantum key distribution system (QKD), enter net quantum communication network and
In classical IP communication network, respective business subnet is connected below each quantal data chain ciphering terminal, this application mode is real
Farther distance is showed, broadly the quantum secret communication in domain, as shown in Figure 5.
ZYNQ FPGA is a series of expansible processing platforms based on Programmable Technology matching company, Sentos and releasing, this
The platform intergration embedded ARM processor of multicore, the programmable logic resource of Peripheral Interface abundant and high speed.Wherein,
ZYNQ-7000 series is using general double ARM Cortex-A9 as processor, in conjunction with low-power consumption 28nm technology, with reality
The now flexibility of height, powerful configuration feature and high-performance.Processor completes packet by hardwired in the processor platform
Include L1, being fully integrated including L2 caching, Memory Controller and common peripheral hardware.It can not only start and run in booting
The various operating systems independently of programmable logic, but also programmable logic can be configured as needed.In realization of the invention
It in method, the high performance programmable logic of custom feature, links together with ARM, to extend the property of processing system
Energy and function.Whole system can not only start in booting in this way, and cooperate high performance logical resource, can complete data
Parallel acceleration processing.The ARM processing core of ZYNQ FPGA runs (SuSE) Linux OS in system architecture, and peripheral peripheral hardware connects
Mouth includes memory cell, and serial communication interface, gigabit ethernet interface etc., they complete system function jointly and data are handed over
Mutually.
In conjunction with ZYNQ FPGA and Quantum Secure Communication, a kind of new quantal data based on ZYNQ FPGA is produced
Chain ciphering terminal.For ZYNQ FPGA in addition to developing flexibly, parallel processing capability is powerful outer, and match company, Sentos can also be used to provide
PETALINUX tool fast it is stable by customize LINUX operating system behave on it.The operation section of operating system
The exploitation for having saved various communication interface standards has concentrated on groundwork the software definition of communication function, and it is flat to accelerate hardware
The exploitation and stability of platform.The critical function of quantal data chain ciphering terminal is the key stream of reception QKD, and with one-time pad
Form implement to complete the encryption of communication data message, and the fpga logic processing capacity of high-speed parallel ensure that encrypted work
It completes.In existing quantum secret communication terminal device, have and use ARM chip, also has and use fpga chip, also there is use
ZYNQ FPGA's, but ARM core therein only has been used, there is no use the characteristics of the high speed of FPGA is accelerated.This hair
The bright implementation method based on ZYNQ FPGA is the method for ARM+FPGA a kind of, and one kind being integrated with operation operating system and high speed
The ability integration preferred method of parallel logic processing, this method accelerate the development cycle of quantum secret communication terminal, simultaneously
Define the function of terminal device more flexible, performance parameter more efficient stable.With quantum key distribution equipment (QKD)
In connection type, some completes the logical energy of secret communication simply by storage quantum key, and not by cipher key management interface
Carry out the distribution and use of key in real time with quantum key distribution equipment.The method designed herein quantum key distribution and
It is more flexible in usage mode, both supported the negotiation of quantum key being locally stored between terminal to use, also support and quantum
Cipher key distribution system (QKD) is direct-connected, and the reception for completing quantum key in real time uses.
Implementation method based on ZYNQ FPGA is the method for ARM+FPGA a kind of, one kind be integrated with operation operating system and
The ability integration preferred method of high-speed parallel logical process, this method accelerate the development cycle of quantum secret communication terminal,
More flexible, the performance parameter more efficient stable that defines the function of terminal device simultaneously.With quantum key distribution equipment
(QKD) in connection type, some completes the logical energy of secret communication simply by storage quantum key, and not by key
Management interface and quantum key distribution equipment carry out the distribution and use of key in real time.The method designed herein is in quantum key
Distribution and usage mode on it is more flexible, both supported the negotiation that is locally stored between terminal of quantum key to use, also propped up
Hold, the in real time reception use of completion quantum key direct-connected with quantum key distribution equipment (QKD).
Embodiment 2
In practical application, multiple quantal data chain secrecy terminals constitute communication network, and each quantal data chain maintains secrecy
Terminal can connect multiple business devices by the network switch, as shown in Figure 6.
The embodiment of the present invention 2 provides a kind of quantal data chain secret communication network, comprising: several are mutual by network
The quantal data chain secrecy terminal even.
It should be noted last that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting.Although ginseng
It is described the invention in detail according to embodiment, those skilled in the art should understand that, to technical side of the invention
Case is modified or replaced equivalently, and without departure from the spirit and scope of technical solution of the present invention, should all be covered in the present invention
Scope of the claims in.
Claims (9)
1. a kind of quantal data chain secrecy terminal connects more business devices by the network switch;It is characterized in that, the guarantor
Close terminal includes: MCU main control module, quantum key control module, data encrypting and deciphering module, communication module and authentication mould
Block;
The MCU main control module also provides for user configuration interface for controlling and detecting the operation of other modules;
The quantum key manages module, for providing required quantum key for data encrypting and deciphering module;
The data encrypting and deciphering module, for obtaining quantum key from the designated position of quantum key control module, according to MCU master
The specified Encryption Algorithm of control module carries out cryptographic calculation to the business datum that business device is sent;It is also used to other quantal datas
Operation is decrypted according to specified decipherment algorithm in the encryption data that chain secrecy terminal is sent;
The communication module maintains secrecy eventually for the encrypted data of data encrypting and deciphering module to be sent to other quantal data chains
End, or for receiving the encryption data from other quantal data chain secrecy terminals, it is subsequently forwarded to data encrypting and deciphering module;
The authentication module, for authentication key needed for encrypting storage authentication, which is each terminal
Unique identities authenticate mark.
2. quantal data chain secrecy terminal according to claim 1, which is characterized in that the secrecy terminal further include: electricity
Source control module, for providing each module normal working voltage after power supply electrifying.
3. quantal data chain secrecy terminal according to claim 2, which is characterized in that the business device includes but unlimited
In computer, video camera and server;The business datum includes but is not limited to voice, text, picture, video and file.
4. quantum secure data-link communication network according to claim 3, which is characterized in that when the industry of two secrecy terminals
When carrying out secret communication between equipment of being engaged in, following step is executed:
Two quantal data chain secrecy terminals are respectively set to source quantal data chain secrecy terminal and destination quantal data
Chain secrecy terminal;Secret communication tunnel is established between the two;
The source quantal data chain secrecy terminal obtains the business datum of connected business device, the source quantal data
After the data encrypting and deciphering module of chain secrecy terminal encrypts data using quantum key and specified encryption calculation, the source
The communication module of quantal data chain secrecy terminal is by encrypted data transmission to destination quantal data chain secrecy terminal;
The communication module of the destination quantal data chain secrecy terminal receives encryption data, and the destination quantal data chain is protected
The data encrypting and deciphering module of close terminal is decrypted encryption data using symmetrical quantum key, and the data after decryption are sent
The business device connected to destination quantal data chain secrecy terminal.
5. quantum secure data-link communication network according to claim 4, which is characterized in that described by two quantal datas
Chain secrecy terminal is respectively set to source quantal data chain secrecy terminal and destination quantal data chain secrecy terminal;Between the two
Secret communication tunnel is established, is specifically included:
Two quantal data chain secrecy terminals are respectively set to source quantal data chain secrecy terminal and destination quantal data
Chain secrecy terminal;
Connection is established by authentication key between the source quantum secure terminal and destination quantum secure terminal;
The source quantum secure terminal sends synchronizing information to destination quantum secure terminal, and the synchronizing information includes: double
Quantum true random number cipher key sections, Encryption Algorithm selection and the verification mode selection that square protocol synchronization uses.
6. quantal data chain secrecy terminal according to claim 1, which is characterized in that the amount in the key control module
Sub-key is encryption storage, and decryption uses when needed;The quantum key stored in the key control module is according to MCU master control
The parameter configuration timing of module carries out operation update.
7. quantal data chain secrecy terminal according to claim 6, which is characterized in that the acquisition process of the quantum key
Are as follows: the quantal data chain secrecy terminal and quantum key management server are bound, quantum key management server is by quantum
Key is distributed to secrecy terminal.
8. quantal data chain secrecy terminal according to claim 6, which is characterized in that the acquisition process of the quantum key
Are as follows: the quantal data chain secrecy terminal is accessed into quantum key distribution system, two in the quantum key distribution system
Symmetrical quantum key is issued to the quantal data chain secrecy terminal respectively connected by quantum key distribution equipment respectively.
9. a kind of quantal data chain secret communication network characterized by comprising several pass through the claim of network interconnection
Quantal data chain secrecy terminal described in 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910553870.4A CN110289952B (en) | 2019-06-25 | 2019-06-25 | Quantum data link security terminal and security communication network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910553870.4A CN110289952B (en) | 2019-06-25 | 2019-06-25 | Quantum data link security terminal and security communication network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110289952A true CN110289952A (en) | 2019-09-27 |
| CN110289952B CN110289952B (en) | 2021-12-28 |
Family
ID=68005503
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910553870.4A Expired - Fee Related CN110289952B (en) | 2019-06-25 | 2019-06-25 | Quantum data link security terminal and security communication network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110289952B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111314083A (en) * | 2020-01-21 | 2020-06-19 | 南京如般量子科技有限公司 | Quantum secret communication system and method based on secret sharing and asymmetric cryptography |
| CN111786782A (en) * | 2020-06-30 | 2020-10-16 | 全球能源互联网研究院有限公司 | Power-dedicated 2M link terminal equipment and encryption and decryption method of 2M link data |
| CN111934867A (en) * | 2020-08-14 | 2020-11-13 | 国科量子通信网络有限公司 | Safety networking structure and method of quantum communication network |
| CN112804009A (en) * | 2021-03-05 | 2021-05-14 | 苏州大学 | Joint quantum remote state acceleration preparation method based on terminal uncertainty |
| CN114070579A (en) * | 2021-09-26 | 2022-02-18 | 国网浙江省电力有限公司绍兴供电公司 | Industrial control service authentication method and system based on quantum key |
| CN114124385A (en) * | 2022-01-26 | 2022-03-01 | 国网浙江省电力有限公司金华供电公司 | Backup link system applied to quantum secret communication |
| CN114244506A (en) * | 2021-12-10 | 2022-03-25 | 问天鼎讯量子科技(无锡)有限公司 | Method and system for quickly synchronizing quantum key |
| CN115242785A (en) * | 2022-09-22 | 2022-10-25 | 长江量子(武汉)科技有限公司 | Secure communication method between desktop cloud server and terminal |
| EP3934158A4 (en) * | 2019-12-27 | 2022-12-07 | Joint Stock Company "Infotecs" | System for the secure transfer of data within a digital network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243143A (en) * | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | Mobile secret communication method based on quantum key distribution network |
| CN108134672A (en) * | 2018-03-16 | 2018-06-08 | 安徽问天量子科技股份有限公司 | Data transmission system and its transmission method based on quantum cryptography exchange apparatus |
| CN109561056A (en) * | 2017-09-27 | 2019-04-02 | 山东量子科学技术研究院有限公司 | A kind of secret communication method, system, mobile terminal and wearable device |
-
2019
- 2019-06-25 CN CN201910553870.4A patent/CN110289952B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243143A (en) * | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | Mobile secret communication method based on quantum key distribution network |
| CN106972922A (en) * | 2013-06-08 | 2017-07-21 | 科大国盾量子技术股份有限公司 | A kind of mobile secret communication method based on quantum key distribution network |
| CN109561056A (en) * | 2017-09-27 | 2019-04-02 | 山东量子科学技术研究院有限公司 | A kind of secret communication method, system, mobile terminal and wearable device |
| CN108134672A (en) * | 2018-03-16 | 2018-06-08 | 安徽问天量子科技股份有限公司 | Data transmission system and its transmission method based on quantum cryptography exchange apparatus |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3934158A4 (en) * | 2019-12-27 | 2022-12-07 | Joint Stock Company "Infotecs" | System for the secure transfer of data within a digital network |
| CN111314083A (en) * | 2020-01-21 | 2020-06-19 | 南京如般量子科技有限公司 | Quantum secret communication system and method based on secret sharing and asymmetric cryptography |
| CN111314083B (en) * | 2020-01-21 | 2023-04-07 | 南京如般量子科技有限公司 | Quantum secret communication system and method based on secret sharing and asymmetric cryptography |
| CN111786782A (en) * | 2020-06-30 | 2020-10-16 | 全球能源互联网研究院有限公司 | Power-dedicated 2M link terminal equipment and encryption and decryption method of 2M link data |
| CN111934867A (en) * | 2020-08-14 | 2020-11-13 | 国科量子通信网络有限公司 | Safety networking structure and method of quantum communication network |
| CN111934867B (en) * | 2020-08-14 | 2022-12-20 | 国科量子通信网络有限公司 | Safety networking structure and method of quantum communication network |
| CN112804009A (en) * | 2021-03-05 | 2021-05-14 | 苏州大学 | Joint quantum remote state acceleration preparation method based on terminal uncertainty |
| CN114070579A (en) * | 2021-09-26 | 2022-02-18 | 国网浙江省电力有限公司绍兴供电公司 | Industrial control service authentication method and system based on quantum key |
| CN114244506A (en) * | 2021-12-10 | 2022-03-25 | 问天鼎讯量子科技(无锡)有限公司 | Method and system for quickly synchronizing quantum key |
| CN114244506B (en) * | 2021-12-10 | 2024-04-02 | 问天鼎讯量子科技(无锡)有限公司 | Method and system for quickly synchronizing quantum keys |
| CN114124385B (en) * | 2022-01-26 | 2022-04-22 | 国网浙江省电力有限公司金华供电公司 | Backup link system applied to quantum secret communication |
| CN114124385A (en) * | 2022-01-26 | 2022-03-01 | 国网浙江省电力有限公司金华供电公司 | Backup link system applied to quantum secret communication |
| CN115242785A (en) * | 2022-09-22 | 2022-10-25 | 长江量子(武汉)科技有限公司 | Secure communication method between desktop cloud server and terminal |
| CN115242785B (en) * | 2022-09-22 | 2022-12-16 | 长江量子(武汉)科技有限公司 | Secure communication method between desktop cloud server and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110289952B (en) | 2021-12-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110289952A (en) | A kind of quantal data chain secrecy terminal and secret communication network | |
| CN102983965B (en) | Transformer station's quantum communications model, quantum key distribution center and model implementation method | |
| Raza et al. | S3K: Scalable security with symmetric keys—DTLS key establishment for the Internet of Things | |
| CN103475464B (en) | A kind of power special quantum encryption gateway system | |
| CN104660602A (en) | Quantum key transmission control method and system | |
| CN104660603A (en) | Method and system for extended use of quantum keys in IPSec VPN (internet protocol security-virtual private network) | |
| Tang et al. | Quantum-secure microgrid | |
| Mustafa et al. | A review of data security and cryptographic techniques in IoT based devices | |
| CN110289953A (en) | A kind of quantum secret communication system | |
| CN102461063A (en) | Hardware based cryptography | |
| CN109787761A (en) | A kind of equipment certification and key distribution system and method based on physics unclonable function | |
| CN106031120B (en) | Key management | |
| CN110401530A (en) | A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium | |
| CN103501224A (en) | Asymmetric image encryption and decryption method based on quantum cell neural network system | |
| Hou et al. | Design and prototype implementation of a blockchain-enabled LoRa system with edge computing | |
| CN110391905A (en) | A kind of internet behavior auditing system and method based on quantum key encryption technology | |
| CN108306853A (en) | A kind of intelligent data acquisition unit that supporting block chain and IOT wireless telecommunications and encryption communication method | |
| Xu et al. | Software defined intelligent building | |
| Liu et al. | Study on network security based on PCA and BP neural network under green communication | |
| CN110611572A (en) | Asymmetric password terminal based on quantum random number, communication system and method | |
| CN110489987A (en) | A kind of quantum secure storage system | |
| CN109756325A (en) | A method of mobile office system safety is promoted using quantum key | |
| CN114070579A (en) | Industrial control service authentication method and system based on quantum key | |
| CN107950003A (en) | Dual user certification | |
| KR20180136641A (en) | How to certify the claude quantum security with transferring technology of one-side quantum random number codes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20211228 |