CN110493177A - Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system - Google Patents
Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system Download PDFInfo
- Publication number
- CN110493177A CN110493177A CN201910591305.7A CN201910591305A CN110493177A CN 110493177 A CN110493177 A CN 110493177A CN 201910591305 A CN201910591305 A CN 201910591305A CN 110493177 A CN110493177 A CN 110493177A
- Authority
- CN
- China
- Prior art keywords
- key
- customer end
- service station
- message
- sequence number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Abstract
This application involves it is a kind of based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system, in the application, customer end A, service station and customer end B are equipped with key card, key is stored using key card, a possibility that key card is independent hardware device, steals key by Malware or malicious operation substantially reduces.
Description
Technical field
This application involves safety communication technology field, more particularly to based on unsymmetrical key pond to and sequence number quantum
Communication service station AKA cryptographic key negotiation method and system.
Background technique
The Internet of rapid development brings huge convenience to people's lives, work, and people can be sitting in family
It sent and received e-mail, made a phone call by Internet, carrying out the activities such as shopping online, bank transfer.Internet message safety simultaneously
It is increasingly becoming a potential huge problem.In general internet message is faced with following several security risks: internet message
It is stolen, message is tampered, attacker palms off message, malicious sabotage etc..
Wherein authentication is a kind of means of one of protection people's internet message.Authentication is also referred to as " identity
Verifying " or " identity identification ", refer to the process of confirmation operation person's identity in computer and computer network system, so that it is determined that
Whether the user has access and access right to certain resource, and then enables the access strategy of computer and networks system
It reliably and efficiently executes, prevents attacker from palming off the access authority that legitimate user obtains resource, guarantee the peace of system and data
Entirely, and authorization visitor legitimate interests.
And currently ensure that authentication successfully mainly relies on cryptographic technique, and in field of cryptography of today, it is main
Will there are two types of cryptographic system, first is that symmetric key cryptosystem, i.e. encryption key and decruption key use it is same.The other is
Public key cryptosystem, i.e. encryption key and decruption key difference, one of them can be disclosed.Current most identity is recognized
Card relies primarily on public key cryptography system using algorithm.
The encryption key pair (public key) and decryption key (private key) that Public Key Cryptographic Systems uses are different.Due to encryption
Key be it is disclosed, the distribution of key and management are just very simple, and Public Key Cryptographic Systems can also be easily carried out number
Signature.
Since public key encryption comes out, scholars propose many kinds of public key encryption methods, their safety is all base
In complicated difficult math question.Classified according to the difficult math question being based on, have following three classes system be presently believed to be safety and
It is effective: big integer factorization system (representative to have RSA), Discrete log systems (representative to have DSA) and ellipse from
It dissipates Logarithmic system (ECC).
But with the development of quantum computer, classical asymmetric-key encryption algorithm will be no longer safe, no matter encryption and decryption
Or private key can be calculated in key exchange method, quantum computer by public key, therefore currently used asymmetric close
Key will become cannot withstand a single blow in the quantum epoch.Quantum key distribution equipment QKD can ensure that the key of negotiation can not be acquired at present.
But QKD is mainly used for quantum main line, ustomer premises access equipment to quantum communications service station is still classic network, therefore by non-right
Claim algorithm it is difficult to ensure that authentication procedures safety.
At present in the AKA mechanism (full name " Authentication of one of the more commonly used method for authenticating of mobile communication field
And Key Agreement ", i.e. authentication and key agreement.) can be achieved symmetric key negotiation and distribution.But recognize in calculating
Key on syndrome vector is fixed, and there are certain risks, but if using a large amount of pool of symmetric keys again to quantum communications service
There is biggish storage burden at station.
Problem of the existing technology:
1. using pool of symmetric keys between quantum communications service station and quantum key card, capacity is huge, to quantum communications
The key storage in service station brings pressure;
2. quantum communications service station, which has to encrypt key, to be stored in commonly since pool of symmetric keys key capacity is huge
In storage medium such as hard disk, and it can not be stored in the key card in quantum communications service station;
3. causing trouble to cipher key backup since pool of symmetric keys key capacity is huge.
Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide based on unsymmetrical key pond to and sequence number quantum it is logical
Telecommunications services station AKA cryptographic key negotiation method and system.
This application discloses based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA
Method is implemented in customer end A, and the quantum communications service station AKA cryptographic key negotiation method includes:
The first random parameter, the first intermediate parameters and first key are generated, the first key utilizes customer end A first
Private key and the first public key of service station are generated according to DH agreement, send first message to customer end B, the first message includes client
Hold the device parameter of A, the device parameter in service station, the first random parameter, the sequence number of the first intermediate parameters and customer end A;
Described first message at least part is encrypted by the first key;
The 4th message comprising network authentication token from customer end B is obtained, the network authentication token is by the clothes
Business station is obtained using vector cipher key calculation, and the vector key is raw using first intermediate parameters and the first private key of service station
At;It generates the vector key and the message authentication code in Ciphering Key is calculated, authenticate response, confidentiality key and complete
Whole property key;After comparing message authentication code and the network authentication token and passing through, by the sequence number of the customer end A of itself storage
Default operation is carried out to update and store;Generate the 5th message, the certification that the 5th message is encrypted including the use of confidentiality key
Response sends the 5th message to customer end B;
The 6th message from customer end B is obtained, the 6th message encrypts comparing result including the use of confidentiality key;
The comparing result be the response of customer end B comparative certification and customer end B storage certification response after generate, decrypt and read pair
Than as a result, trust Integrity Key is authentication key if comparing result is that very, trusting confidentiality key is session key.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA
Method is implemented in service station, and the quantum communications service station AKA cryptographic key negotiation method includes:
The second message from customer end B is obtained, the device parameter including customer end B, the second random parameter, first disappears
Breath, the sequence number of the second intermediate parameters and customer end B;The first message includes the device parameter of customer end A, service station
Device parameter, the first random parameter, the sequence number of the first intermediate parameters and customer end A;Wherein, first random parameter,
First intermediate parameters are generated by the customer end A, and second random parameter and the second intermediate parameters are given birth to by the customer end B
At;
After decrypting and verifying the second message, compare itself storage customer end B sequence number and the second message
In customer end B sequence number, the sequence number of the customer end B of itself storage carries out default operation after passing through and updates and deposit by comparison
Storage;The sequence number of the customer end A of itself storage default operation is carried out after verifying first message to update and store;It is close to generate vector
Key and the first cryptographic Hash, the vector key are generated using the first intermediate parameters and the first private key of service station according to DH agreement, institute
It states the first cryptographic Hash and Hash operation generation is carried out by the sequence number and service station third public key of customer end A;Utilize the vector
Key generate Ciphering Key, the Ciphering Key include message authentication code, authenticate response, confidentiality key, Integrity Key with
And network authentication token;Third key and the second cryptographic Hash are generated, the third key utilizes the second intermediate parameters and service station
Second private key is generated according to DH agreement, and second cryptographic Hash is carried out by the sequence number and the 4th public key of service station of customer end B
Hash operation generates;Third message is generated, the third message includes Ciphering Key and the second cryptographic Hash;The third message
In it is at least a part of using the third key encrypt;The third message is sent to the customer end B;
The Ciphering Key is used to complete AKA authentication for the customer end A and customer end B.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA
Method is implemented in customer end B, and the quantum communications service station AKA cryptographic key negotiation method includes:
The first message from the customer end A is obtained, the first message includes the device parameter of customer end A, service
The device parameter stood, the first random parameter, the sequence number of the first intermediate parameters and customer end A;The first message at least one
Part is encrypted by first key;Generate the second intermediate parameters, the second random parameter and the second key after decryption, described second
Key is generated using the first private key of customer end B and the second public key of service station according to DH agreement, sends second message, institute to service station
State the device parameter that second message includes customer end B, the second random parameter, the first message, the device parameter of customer end B,
The sequence number of second intermediate parameters and customer end B;Described second message at least part is encrypted by second key;
The third message from service station is obtained, the third message includes Ciphering Key and the second cryptographic Hash;It is described
It is at least a part of in third message to be encrypted using third key;The Ciphering Key is raw using vector key by the service station
At and include message authentication code, authenticate response, confidentiality key, Integrity Key and network authentication token;The vector is close
Key is generated using first intermediate parameters and the first private key of service station;The third key utilizes service station by the service station
Second private key and second intermediate parameters are generated according to DH agreement, by the sequence of the customer end B of itself storage after decrypting and verifying
Row number carries out default operation and updates and store;The Ciphering Key is parsed and stores, generating includes the 4th of network authentication token
4th message is simultaneously sent to customer end A by message;
The 5th message from customer end A is obtained, the 5th message is answered including the use of the certification that confidentiality key encrypts
It answers, wherein authenticating response, confidentiality key is generated by customer end A using vector key;Comparative certification response and storage after decryption
Certification response and generate comparing result, if certification response and storage certification response it is equal if trust confidentiality key be session
Key, trust Integrity Key are authentication key;The 6th message is generated, the 6th message is encrypted including the use of confidentiality key
Comparing result, the 6th message is sent to customer end A.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA
Method, the quantum communications service station AKA cryptographic key negotiation method include:
Customer end A generates the first random parameter, the first intermediate parameters and first key, and the first key utilizes client
It holds the first private key of A and the first public key of service station to be generated according to DH agreement, sends first message, the first message to customer end B
Device parameter including customer end A, the device parameter in service station, the first random parameter, the first intermediate parameters and customer end A
Sequence number;Described first message at least part is encrypted by the first key;
Customer end B obtains, generates the second intermediate parameters, the second random parameter and the second key after decryption, and described second
Key is generated using the first private key of customer end B and the second public key of service station according to DH agreement, sends second message, institute to service station
State the device parameter that second message includes customer end B, the second random parameter, the first message, the device parameter of customer end B,
The sequence number of second intermediate parameters and customer end B;Described second message at least part is encrypted by second key;
After service station obtains, decrypts and verify the second message, sequence number and the institute of the customer end B of itself storage are compared
The sequence number of the customer end B in second message is stated, comparison carries out the sequence number of the customer end B of itself storage to preset fortune after passing through
It calculates and updates and store;The sequence number of the customer end A of itself storage default operation is carried out after verifying first message to update and store;
Vector key and the first cryptographic Hash are generated, the vector key is assisted using the first intermediate parameters and the first private key of service station according to DH
View generates, and first cryptographic Hash carries out Hash operation generation by the sequence number and service station third public key of customer end A;It utilizes
The vector key generates Ciphering Key, and the Ciphering Key includes message authentication code, authenticates response, confidentiality key, completely
Property key and network authentication token;Third key and the second cryptographic Hash are generated, the third key utilizes the second intermediate parameters
It is generated with the second private key of service station according to DH agreement, second cryptographic Hash passes through the sequence number and service station third of customer end B
Private key carries out Hash operation generation;Third message is generated, the third message includes Ciphering Key and the second cryptographic Hash;It is described
It is at least a part of in third message to be encrypted using the third key;The third message is sent to the customer end B;
The sequence number of the customer end B of itself storage is carried out default operation after obtaining, decrypting and verify and updated simultaneously by customer end B
Storage;The Ciphering Key is parsed and stored, the 4th message comprising network authentication token is generated and sends out the 4th message
Give customer end A;
Customer end A compares message authentication code and the network authentication token and passes through after obtaining after, by the visitor of itself storage
The sequence number of family end A carries out default operation and updates and store;The 5th message is generated, the 5th message is close including the use of confidentiality
The certification response of key encryption sends the 5th message to customer end B;
Customer end B obtains, the certification response of comparative certification response and storage and generates comparing result after decryption, if certification is answered
The certification response answered and stored is equal, and trusting confidentiality key is session key, and trust Integrity Key is authentication key;It is raw
At the 6th message, the 6th message is sent to by the comparing result that the 6th message is encrypted including the use of confidentiality key
Customer end A;
Customer end A obtains, decrypts and read comparing result, if comparing result is that very, trusting confidentiality key is session
Key, trust Integrity Key are authentication key.
Preferably, the service station includes service station QA and service station QB, and the customer end A is the son of the service station QA
Equipment, the customer end B are the sub- equipment of the service station QB;
The service station QB obtains the second message from customer end B, by the customer end B of itself storage after decrypting and verifying
Sequence number carry out default operation and update and store, obtain key between first stop the service station QA coded communication, generation the
Message between one station, message includes the device parameter and first message of service station QB between the first stop;By message benefit between first stop
Service station QA is sent to key encryption between first stop;
After service station QA is obtained, decrypted and verify, the sequence number of the customer end A of itself storage is subjected to default operation and is updated
And it stores;Vector key is generated using the first intermediate parameters and the first private key of service station QA, the vector key is for generating
The Ciphering Key obtains key between second station with the service station QB coded communication, generates the comprising the Ciphering Key
Message between the second station is sent to the service station QB using key encryption between second station by message between two stations;
After service station QB is obtained, decrypted and verify, using the second intermediate parameters, it is close that QB the first private key in service station generates the 5th
The sequence number of customer end B and the 4th public key of service station service station are carried out Hash operation and obtain the second cryptographic Hash by key;To client
B sends the 7th message, and the 7th message includes the second cryptographic Hash, Ciphering Key;7th message at least part is close by the 5th
Key encryption;
7th message is used to complete AKA authentication for the customer end A and customer end B.
Preferably, the customer end A and customer end B are configured with client key card, storage in the client key card
There is service station public key pond, itself client public key and client private key;The service station is configured with service station key card, described
Client public key pond, service station private key pond and service station public key including each client public key are stored in the key card of service station
Pond.
Disclosed herein as well is a kind of client device, including memory and processor, the memory is stored with calculating
Machine program, the processor realize quantum communications service station AKA described in above-mentioned technical proposal when executing the computer program
The step of cryptographic key negotiation method.
Disclosed herein as well is a kind of service station equipment, including memory and processor, the memory is stored with calculating
Machine program, the processor realized when executing the computer program in above-mentioned technical proposal described in quantum communications service station
The step of AKA cryptographic key negotiation method.
Disclosed herein as well is a kind of client device, including memory and processor, the memory is stored with calculating
Machine program, the processor realize quantum communications service station AKA described in above-mentioned technical proposal when executing the computer program
The step of cryptographic key negotiation method.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number quantum communications service station AKA key agreement system
System, including memory and processor, the memory are stored with computer program, and the processor executes the computer program
The step of quantum communications service station AKA cryptographic key negotiation method described in Shi Shixian above-mentioned technical proposal;The customer end A and client
Hold B to be configured with client key card, be stored with service station public key pond in the client key card, the client public key of itself and
Client private key;The service station is configured with service station key card, is stored in the service station key card including each client
Client public key pond, service station private key pond and the service station public key pond of public key.
This application discloses based on unsymmetrical key pond to and sequence number quantum communications service station AKA key agreement system
System, including memory and processor, memory are stored with computer program, and processor is realized above-mentioned when executing computer program
In technical solution the step of the AKA cryptographic key negotiation method of quantum communications service station;Customer end A and customer end B are close configured with client
Key card is stored with service station public key pond in client key card, itself client public key and client private key;Service station Q matches
It is equipped with service station key card, it is private that client public key pond, service station including each client public key are stored in the key card of service station
Key pond and service station public key pond.
Key card in the application is combined with cryptological technique, hardware security isolation technology, quantum physics technology and (takes
Carry quantum random number generator in the case where) authentication and encryption and decryption product.The embedded chip and operating system of key card
The functions such as secure storage and the cryptographic algorithm of key can be provided.Since it is with independent data-handling capacity and good peace
Quan Xing, key card become the safety barrier of private key and pool of keys.Each key card can have hardware PIN code protection, PIN code and
Hardware constitutes two necessary factors that user uses key card, i.e., so-called " double factor authentication ", and user only has while obtaining guarantor
The key card and user's PIN code for having deposited relevant authentication information, just can be with login system.Even if the PIN code of user is leaked, as long as
The key card that user holds is not stolen, and the identity of legitimate user would not be counterfeit;If the key card of user is lost, pick up
Person also cannot counterfeit the identity of legitimate user due to not knowing user's PIN code.In short, key card makes the top-secret information such as key
It is not appeared in the disk and memory of host with plaintext version, so as to which the safety of top-secret information is effectively ensured.
Each member is equipped with key card, stores key using key card, and key card is independent hardware device, by malice
A possibility that software or malicious operation steal key substantially reduces.Meanwhile each member utilizes random number in conjunction with described non-right
The public key of each member needed for claiming pool of keys to extract, and the public key of each member is stored in key card, guarantees that quantum computer can not
Client public key is obtained, and then is unable to get corresponding private key, therefore reduces and risk is cracked by quantum computer.
Quantum communications service station as message center is without storing multiple large capacity pool of symmetric keys, it is only necessary to store client
Public key pond is held, the memory space in quantum communications service station is greatly saved, is also provided convenience for cipher key backup.
Detailed description of the invention
Fig. 1 is the pool of keys distribution schematic diagram of service station key card in the application;
Fig. 2 is the pool of keys distribution schematic diagram of client key card in the application;
Fig. 3 is that customer end A and customer end B are located at the AKA authorizing procedure figure under the same service station Q in embodiment 1;
Fig. 4 is that customer end A and customer end B are located at the authentication stream of the AKA under service station QA and service station QB in embodiment 2
Cheng Tu.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not
For limiting the application.Wherein the service station in the application is quantum communications service station in the case where not doing specified otherwise,
Each title in the application is subject to letter and number and is combined, such as device parameter IDA, facility information IDA, identification parameters IDA,
IDA indicates same meaning, i.e. device parameter IDA below;Such as authentication key AK2, message authentication key AK2, information are recognized again
Key A K2 is demonstrate,proved, AK2 hereinafter indicates same meaning, and authentication authorization and accounting key A K2, remaining title is similarly.
This application discloses based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA
Method is implemented in customer end A, and quantum communications service station AKA cryptographic key negotiation method includes:
The first random parameter, the first intermediate parameters and first key are generated, first key utilizes the first private key of customer end A
It is generated with the first public key of service station according to DH agreement, sends first message to customer end B, first message includes setting for customer end A
Standby parameter, the device parameter in service station, the first random parameter, the sequence number of the first intermediate parameters and customer end A;First message
At least part is encrypted by first key;
The 4th message comprising network authentication token from customer end B is obtained, network authentication token is utilized by service station
Vector cipher key calculation obtains, and vector key is generated using the first intermediate parameters and the first private key of service station;Generate vector key simultaneously
The message authentication code in Ciphering Key is calculated, authenticates response, confidentiality key and Integrity Key;Compare message authentication
The sequence number of the customer end A of itself storage is carried out default operation and updates and store by code with network authentication token and after passing through;It is raw
At the 5th message, the certification response that the 5th message is encrypted including the use of confidentiality key sends the 5th message to customer end B;
The 6th message from customer end B is obtained, the 6th message encrypts comparing result including the use of confidentiality key;Comparison
The result is that generating after the certification response of the response of customer end B comparative certification and customer end B storage, comparing result is decrypted and reads,
If comparing result is that very, trusting confidentiality key is session key, trust Integrity Key is authentication key.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA
Method is implemented in service station, and quantum communications service station AKA cryptographic key negotiation method includes:
The second message from customer end B is obtained, the device parameter including customer end B, the second random parameter, first disappears
Breath, the sequence number of the second intermediate parameters and customer end B;First message includes the device parameter of customer end A, the equipment in service station
Parameter, the first random parameter, the sequence number of the first intermediate parameters and customer end A;Wherein, the first random parameter, among first
Parameter is generated by customer end A, and the second random parameter and the second intermediate parameters are generated by customer end B;
After decrypting and verifying second message, the client in the sequence number and second message of the customer end B of itself storage is compared
The sequence number for the customer end B for storing itself after holding the sequence number of B, comparison to pass through carries out default operation and updates and store;Verifying
The sequence number for the customer end A for storing itself after first message carries out default operation and updates and store;Generate vector key and the
One cryptographic Hash, vector key are generated using the first intermediate parameters and the first private key of service station according to DH agreement, and the first cryptographic Hash is logical
The sequence number and service station third public key for crossing customer end A carry out Hash operation generation;Ciphering Key is generated using vector key, is recognized
Syndrome vector includes message authentication code, authenticates response, confidentiality key, Integrity Key and network authentication token;Generate third
Key and the second cryptographic Hash, third key are generated using the second intermediate parameters and the second private key of service station according to DH agreement, and second
Cryptographic Hash carries out Hash operation generation by the sequence number and the 4th public key of service station of customer end B;Third message is generated, third disappears
Breath includes Ciphering Key and the second cryptographic Hash;It is at least a part of in third message to be encrypted using third key;To customer end B
Send third message;
Ciphering Key is used to complete AKA authentication for customer end A and customer end B.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA
Method is implemented in customer end B, and quantum communications service station AKA cryptographic key negotiation method includes:
The first message from customer end A is obtained, first message includes the device parameter of customer end A, the equipment in service station
Parameter, the first random parameter, the sequence number of the first intermediate parameters and customer end A;First message at least part is close by first
Key encryption;Generate the second intermediate parameters, the second random parameter and the second key after decryption, the second key utilizes customer end B the
One private key and the second public key of service station are generated according to DH agreement, send second message to service station, second message includes customer end B
Device parameter, the second random parameter, first message, the device parameter of customer end B, the second intermediate parameters and customer end B
Sequence number;Second message at least part is encrypted by the second key;
The third message from service station is obtained, third message includes Ciphering Key and the second cryptographic Hash;Third message
In it is at least a part of using third key encrypt;Ciphering Key is generated using vector key by service station and includes message authentication
Code authenticates response, confidentiality key, Integrity Key and network authentication token;Vector key using the first intermediate parameters and
The first private key of service station generates;Third key is by service station using the second private key of service station and the second intermediate parameters according to DH agreement
It generates, the sequence number for the customer end B for storing itself after decrypting and verifying carries out default operation and updates and store;It parses and stores
Ciphering Key generates the 4th message comprising network authentication token and the 4th message is sent to customer end A;
Fiveth message of the acquisition from customer end A, the certification response that the 5th message is encrypted including the use of confidentiality key,
Middle certification response, confidentiality key are generated by customer end A using vector key;The certification of comparative certification response and storage after decryption
Response simultaneously generates comparing result, and it is session key that confidentiality key is trusted if the certification response of certification response and storage is equal,
Trust Integrity Key is authentication key;Generate the 6th message, the comparison knot that the 6th message is encrypted including the use of confidentiality key
6th message is sent to customer end A by fruit.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA
Method, quantum communications service station AKA cryptographic key negotiation method include:
Customer end A generates the first random parameter, the first intermediate parameters and first key, and first key utilizes customer end A
First private key and the first public key of service station are generated according to DH agreement, send first message to customer end B, first message includes client
Hold the device parameter of A, the device parameter in service station, the first random parameter, the sequence number of the first intermediate parameters and customer end A;
First message at least part is encrypted by first key;
Customer end B obtains, generates the second intermediate parameters, the second random parameter and the second key, the second key after decryption
It is generated using the first private key of customer end B and the second public key of service station according to DH agreement, sends second message to service station, second disappears
Breath includes the device parameter of customer end B, the second random parameter, first message, the device parameter of customer end B, the second intermediate parameters
And the sequence number of customer end B;Second message at least part is encrypted by the second key;
After service station obtains, decrypts and verify second message, the sequence number for comparing the customer end B of itself storage disappears with second
The sequence number of the customer end B of itself storage is carried out default operation after passing through and updated simultaneously by the sequence number of the customer end B in breath, comparison
Storage;The sequence number of the customer end A of itself storage default operation is carried out after verifying first message to update and store;Generate vector
Key and the first cryptographic Hash, vector key are generated using the first intermediate parameters and the first private key of service station according to DH agreement, and first
Cryptographic Hash carries out Hash operation generation by the sequence number and service station third public key of customer end A;Recognized using the generation of vector key
Syndrome vector, Ciphering Key include message authentication code, authenticate response, confidentiality key, Integrity Key and network authentication token;
Third key and the second cryptographic Hash are generated, third key is raw according to DH agreement using the second intermediate parameters and the second private key of service station
At the second cryptographic Hash carries out Hash operation generation by the sequence number and service station third private key of customer end B;Third is generated to disappear
Breath, third message includes Ciphering Key and the second cryptographic Hash;It is at least a part of in third message to be encrypted using third key;
Third message is sent to customer end B;
The sequence number of the customer end B of itself storage is carried out default operation after obtaining, decrypting and verify and updated simultaneously by customer end B
Storage;It parses and the 4th message is simultaneously sent to client by authentication storage vector, fourth message of the generation comprising network authentication token
Hold A;
Customer end A compares message authentication code and network authentication token and passes through after obtaining after, by the customer end A of itself storage
Sequence number carry out default operation and update and store;The 5th message is generated, what the 5th message was encrypted including the use of confidentiality key
Response is authenticated, sends the 5th message to customer end B;
Customer end B obtains, the certification response of comparative certification response and storage and generates comparing result after decryption, if certification is answered
The certification response answered and stored is equal, and trusting confidentiality key is session key, and trust Integrity Key is authentication key;It is raw
At the 6th message, the 6th message is sent to customer end A by the comparing result that the 6th message is encrypted including the use of confidentiality key;
Customer end A obtains, decrypts and read comparing result, if comparing result is that very, trusting confidentiality key is session
Key, trust Integrity Key are authentication key.
In one embodiment, service station includes service station QA and service station QB, and customer end A is the sub- equipment of service station QA,
Customer end B is the sub- equipment of service station QB;
Service station QB obtains the second message from customer end B, by the sequence of the customer end B of itself storage after decrypting and verifying
Row number carries out default operation and updates and store, the key between service station QA coded communication acquisition first stop, disappears between generation first stop
It ceases, message includes the device parameter and first message of service station QB between first stop;By message between first stop using close between first stop
Key encryption is sent to service station QA;
After service station QA is obtained, decrypted and verify, the sequence number of the customer end A of itself storage is subjected to default operation and is updated
And it stores;Vector key is generated using the first intermediate parameters and the first private key of service station QA, vector key is for generating certification
Key between vector, with service station QB coded communication acquisition second station, generates message between the second station comprising Ciphering Key, by second
Message is sent to service station QB using key encryption between second station between standing;
After service station QB is obtained, decrypted and verify, using the second intermediate parameters, it is close that QB the first private key in service station generates the 5th
The sequence number of customer end B and the 4th public key of service station service station are carried out Hash operation and obtain the second cryptographic Hash by key;To client
B sends the 7th message, and the 7th message includes the second cryptographic Hash, Ciphering Key;7th message at least part is added by the 5th key
It is close;
7th message is used to complete AKA authentication for customer end A and customer end B.
In one embodiment, customer end A and customer end B are configured with client key card, are stored in client key card
Service station public key pond, itself client public key and client private key;Service station is configured with service station key card, service station key
Client public key pond, service station private key pond and service station public key pond including each client public key are stored in card.
Disclosed herein as well is a kind of client device, including memory and processor, memory is stored with computer journey
Sequence, processor realize the step of quantum communications service station AKA cryptographic key negotiation method in above-mentioned technical proposal when executing computer program
Suddenly.
Disclosed herein as well is a kind of service station equipment, including memory and processor, memory is stored with computer journey
Sequence, processor realize middle quantum communications service station AKA cryptographic key negotiation method in above-mentioned technical proposal when executing computer program
Step.The ability that there is service station Q equipment quantum key to negotiate simultaneously, i.e. service station possesses QKD equipment.
Disclosed herein as well is a kind of client device, including memory and processor, memory is stored with computer journey
Sequence, processor realize the step of quantum communications service station AKA cryptographic key negotiation method in above-mentioned technical proposal when executing computer program
Suddenly.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number quantum communications service station AKA key agreement system
System, including memory and processor, memory are stored with computer program, and processor realizes above-mentioned skill when executing computer program
In art scheme the step of the AKA cryptographic key negotiation method of quantum communications service station;Customer end A and customer end B are configured with client key
Block, is stored with service station public key pond in client key card, itself client public key and client private key;Service station is configured with
Service station key card is stored with client public key pond, service station private key pond including each client public key in the key card of service station
And service station public key pond.
In the specific implementation scenario, each parameter has various actual expression ways.Such as first random parameter can be expressed as
True random number R0, the second random parameter can be expressed as true random number R1, and so on;First intermediate parameters can be expressed as truly random
Number xa, the second conscientious parameter can be expressed as true random number xb;First key can be expressed as key K1, and the second key can be expressed as close
Key K2, analogized with secondary;Parameters are substantially the character string that equipment generates, and different works are only played during AKA
With being distinguish in order to facilitate understanding.
Specific implementation process is as follows in usage scenario:
1 customer end A of embodiment and customer end B are located under the same service station Q
System explanation
The scene of the present embodiment is as shown in figure 4, in this figure, including customer end A, customer end B and quantum communications service station Q,
Referred to as service station Q.Customer end A and customer end B are equipped with client key card, and quantum communications service station Q is close equipped with service station
Key card.Above-mentioned key card is same a batch of key card that the same Key Management server is issued.If the ID of customer end A is
IDA, corresponding public key are PKA, and corresponding private key is SKA;If the ID of customer end B is IDB, corresponding public key is PKB, corresponding
Private key is SKB.
Client and the process of quantum communications service station arranging key are as follows:
Client or quantum communications service station combine specific unsymmetrical key pointer according to key indicator random number rand
Function Fp obtains corresponding unsymmetrical key pointer P, by unsymmetrical key pond pointer P from the service station public key pond in key card
Or it is extracted in the private key pond of service station and obtains corresponding public and private key.
Step 1: customer end A initiates the authentication request with customer end B
Customer end A generates two true random numbers xa and R1 according to the randomizer in local key card, wherein xa
Size is in range [1, p-1].Xa=g is obtained by calculation in customer end Axamod p.Customer end A passes through R1 from local key card
Service station public key pond in take out public key PKQ1, this process please refers to cipher key agreement process above.Customer end A takes out own private key
SKA and public key PKQ1 carry out that K1=PKQ1 is calculatedSKAmod p.K1 is split as encryption key EK1 to customer end A and message is recognized
Demonstrate,prove key A K1.If M1_0=IDA | | Xa, customer end A takes out own sequence SQNA, and utilizes AK1 pairs of message authentication key
M1_0 | | SQNA carries out message authentication and MAC (M1_0 | | SQNA, AK1) is calculated.MAC (m, k) is indicated using m
The message authentication code of key.Customer end A is using encryption key EK1 to M1_0 | | MAC (M1_0 | | SQNA, AK1) encryption obtains
{M1_0||MAC(M1_0||SQNA,AK1)}EK1。
Customer end A is packaged message and obtains M1, is represented by M1=IDA | | IDQ | | R1 | | M1_0 | | MAC (M1_0 | |
SQNA,AK1)}EK1.M1 is sent to customer end B by customer end A.
Step 2: customer end B requests Ciphering Key to quantum communication service station Q
Customer end B receive after message to message parse to obtain IDA, IDQ, R1 and M1_0 | | MAC (M1_0 | | SQNA,
AK1)}EK1.Customer end B generates two true random numbers xb and R2 according to the randomizer in local key card, wherein xb
Size is in range [1, p-1].Customer end B takes out public key PKQ2 by R2 from the service station public key pond of local key card, this
Process please refers to cipher key agreement process above.Customer end B takes out own private key SKB and public key PKQ2 carries out that K2=is calculated
PKQ2SKBmod p.K2 is split as encryption key EK2 and message authentication key AK2 by customer end B.Xb is calculated in customer end B
=gxbmod p.If M2_0=M1 | | IDB | | Xb, customer end B takes out own sequence SQNB, and utilizes message authentication key
AK2 is to M2_0 | | SQNB carries out message authentication and MAC (M2_0 | | SQNB, AK2) is calculated.Customer end B utilizes encryption key EK2
To M2_0 | | MAC (M2_0 | | SQNB, AK2) encryption obtains { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2.
Customer end B is packaged message and obtains M2, is represented by M2=IDB | | R2 | | M2_0 | | MAC (M2_0 | | SQNB,
AK2)}EK2.Ciphering Key request M2 is sent to quantum service station Q by customer end B.
Step 3: quantum communications service station Q return authentication vector
Service station Q receives parsing after message and obtains IDB, R2 and { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2.Service
The Q that stands according to R2 takes out private key SKQ2 from local key card service station private key pond, this process please refers to cipher key agreement process above.
Service station Q takes out the corresponding public key PKB of customer end B according to IDB from client public key pond.K2=is calculated in service station Q
PKBSKQ2mod p.K2 is split as encryption key EK2 and message authentication key AK2 by service station Q.
Service station Q using encryption key EK2 to { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2 decrypt to obtain M2_0 and
MAC(M2_0||SQNB,AK2).Service station Q takes out the corresponding sequence number SQNB of customer end B according to IDB.Service station Q utilizes message
Authentication key is to M2_0 | | SQNB carries out message authentication.If the verification passes, updating the SQNB in client public key pond is SQNB+
1 and carry out in next step, otherwise, to M2_0 | | (SQNB-1) carry out message authentication, if it succeeds, carry out in next step, otherwise,
AKA failed authentication.After being verified, service station Q parsing M2_0 obtain IDB, Xb, IDA, IDQA, R1 and M1_0 | | MAC (M1_0
||SQNA,AK1)}EK1。
Service station Q takes out private key SKQ1 according to R1 from local key card service station private key pond, this process please refers to above
Cipher key agreement process, and the corresponding public key PKA of customer end A is taken out from local key card client public key pond according to IDA.Service
K1=PKA is calculated in the Q that standsSKQ1mod p.K1 is split as encryption key EK1 and message authentication key AK1 by service station Q.
Service station Q using EK1 to { M1_0 | | MAC (M1_0 | | SQNA, AK1) } EK1 decrypt to obtain M1_0 and MAC (M1_0 |
| SQNA, AK1), service station Q takes out the corresponding sequence number SQNA of customer end A according to IDA.Service station Q is utilized using AK1 to MAC
(M1_0 | | SQNA, AK1) carry out information authentication.If the verification passes, update client public key pond in SQNA be SQNA+1 simultaneously
Carry out in next step, otherwise, to M1_0 | | (SQNA-1) carries out message authentication, if it succeeds, carry out in next step, otherwise, AKA mirror
Power failure.
After being verified, service station Q is according to SQNA respectively from local key card service station private key pond and service station public key pond
Middle taking-up private key SKQa and public key PKQa.This process please refers to cipher key agreement process above, and it is random that SQNA is equivalent to key indicator
Number and herein SQNA are newest value in client public key pond.Key K=Xa is calculated in service station QSKQaMod p and one
Cryptographic Hash HASHa=HASH (SQNA | | PKQa).Key K is calculated for vector below.The calculating of following Ciphering Key refers to
AKA authentication techniques.
Calculate message authentication code (MAC): MAC=F1K(HASHa||Xa||AMF);
Calculate desired certification response (XRES): XRES=F2K(HASHa||Xa);
Computational security key (CK): CK=F3K(HASHa||Xa);
Calculation of integrity key (IK): IK=F4K(HASHa||Xa);
Network authentication token (AUTN): AUTN=AMF | | MAC;
Integration obtains Ciphering Key AV=XRES | | CK | | IK | | AUTN.
Service station Q generates a true random number R3 according to the randomizer in local key card.Service station Q is according to R3
Private key SKQ3 and public key PKQ3 is taken out from local key card service station private key pond and service station public key pond respectively, this process please join
It is admitted to literary cipher key agreement process.K3=Xb is obtained by calculation in service station QSKQ3A mod p and cryptographic Hash HASHb=HASH
(SQNB | | PKQ3), SQNB herein is newest value in client public key pond.K3 is split as encryption key EK3 by service station QB
With message authentication key AK3.
Service station Q carries out message authentication algorithm to AV and obtains message authentication code MAC (AV | | HASHb, AK3).Service station Q benefit
With encryption key EK3 to AV | | MAC (AV | | HASHb, AK3) encryption obtains { AV | | MAC (AV | | HASHb, AK3) } EK3 and will
M3=R3 | | { AV | | MAC (AV | | HASHb, AK3) } EK3 is sent to customer end B.
Step 4: customer end B initiates authentication challenge
After customer end B receives, public key PKQ3 is taken out from local key card service station public key pond according to R3, this process please join
It is admitted to literary cipher key agreement process.K3=PKQ3 is obtained by calculation in customer end BxbA mod p and cryptographic Hash HASHb=HASH
(SQNB+1||PKQ3).K3 is split as encryption key EK3 and message authentication key AK3 by customer end B.Customer end B utilizes EK3 pairs
{ AV | | MAC (AV | | HASHb, AK3) } EK3 decrypts to obtain AV | | MAC (AV | | HASHb, AK3), and using AK3 to message authentication
Code MAC (AV | | HASHb, AK3) it is verified.After being verified, it is SQNB+1 that customer end B, which updates local sequence number SQNB,.Visitor
Family end B parsing AV obtains XRES | | CK | | IK | | AUTN, and by XRES | | CK | | IK is retained in local secure storage region.If M4
=IDB | | AUTN, and customer end A is sent by M4.
Step 5: customer end A return authentication response
After customer end A receives, public key PKQa, this process are taken out from local key card service station public key pond according to SQNA+1
Please refer to cipher key agreement process above.K=PKQa is calculated in customer end AxaA mod p and cryptographic Hash HASHa=HASH
(SQNA+1||PKQa).Customer end A carries out calculating below using K.
XMAC=F1K(HASHa||Xa||AMF);
RES=F2K(HASHa||Xa);
CK=F3K(HASHa||Xa);
IK=F4K(HASHa||Xa);
Customer end A compares the MAC in XMAC and AUTN, if identical, carries out in next step;Otherwise, authentication is lost
It loses.After verification passes through, it is SQNA+1 that customer end A, which updates local sequence number SQNA,.Customer end A carries out message to RES using IK and recognizes
Card algorithm obtain message authentication code MAC (RES, IK), and using CK to RES | | MAC (RES, IK) encryption obtain RES | | MAC
(RES, IK) } CK.If M5=IDA | | and RES | | MAC (RES, IK) } CK.M5 is sent to customer end B by customer end A.
Step 8: the certification response of customer end B verifying customer end A
After customer end B receives, RES is obtained using CK decryption M5 | | MAC (RES, IK), and using IK to message authentication code
MAC (RES, IK) is verified.If the verification passes, whether customer end B verifying RES and local XRES are equal.If verifying
Pass through, then REP=OK;Conversely, then REP=FAIL.
Customer end B carries out message authentication algorithm to REP using IK and obtains message authentication code MAC (REP, IK), and utilizes CK
To REP | | MAC (REP, IK) encryption obtains M6, is represented by M6=IDB | | REP | | and MAC (REP, IK) } CK.Customer end B will
M6 is sent to customer end A.Customer end A parses authenticating result REP after decrypting and authenticate using CK and IK.
Authentication terminates, and customer end A and customer end B obtain session key i.e. encryption key CK and message authentication key IK.
2 customer end A of embodiment and customer end B are located under service station QA and service station QB
System explanation
The scene of the present embodiment as shown in figure 3, in this figure, including customer end A, customer end B, quantum communications service station QA and
Quantum communications service station QB, referred to as service station QA and service station QB.Customer end A and customer end B are equipped with client key card,
Quantum communications service station QA and quantum communications service station QB is furnished with service station key card.Above-mentioned customer end A belongs to quantum communications
Service station QA, customer end B belong to quantum communications service station QB.If the ID of customer end A is IDA, Serial No. SQNA, corresponding
Public key is PKA, and corresponding private key is SKA;If the ID of customer end B is IDB, Serial No. SQNB, corresponding public key is PKB, right
The private key answered is SKB.
Client and the process of quantum communications service station arranging key are as follows:
Client or quantum communications service station combine specific unsymmetrical key pointer according to key indicator random number rand
Function Fp obtains corresponding unsymmetrical key pointer P, by unsymmetrical key pond pointer P from the service station public key pond in key card
Or it is extracted in the private key pond of service station and obtains corresponding public key or private key.
Step 1: customer end A initiates the authentication request with customer end B
Customer end A generates two true random numbers xa and R1 according to the randomizer in local key card, wherein xa
Size is in range [1, p-1].Xa=g is obtained by calculation in customer end Axamod p.Customer end A passes through R1 from local key card
Service station public key pond in take out public key PKQA1, this process please refers to cipher key agreement process above.Customer end A takes out itself private
Key SKA and public key PKQA1 carry out that K1=PKQA1 is calculatedSKAmod p.K1 is split as encryption key EK1 and disappeared by customer end A
Cease authentication key AK1.If M1_0=IDA | | Xa, customer end A takes out own sequence SQNA, and utilizes message authentication key AK1
To M1_0 | | SQNA carries out message authentication and MAC (M1_0 | | SQNA, AK1) is calculated.MAC (m, k) is indicated using m as message, with k
For the message authentication code of key.Customer end A is using encryption key EK1 to M1_0 | | MAC (M1_0 | | SQNA, AK1) encryption obtains
{M1_0||MAC(M1_0||SQNA,AK1)}EK1。
Customer end A is packaged message and obtains M1, is represented by M1=IDA | | IDQA | | R1 | | M1_0 | | MAC (M1_0 | |
SQNA,AK1)}EK1.M1 is sent to customer end B by customer end A.
Step 2: customer end B requests Ciphering Key to quantum communication service station QB
Customer end B receive after message to message parse to obtain IDA, IDQA, R1 and M1_0 | | MAC (M1_0 | | SQNA,
AK1)}EK1.Customer end B generates two true random numbers xb and R2 according to the randomizer in local key card, wherein xb
Size is in range [1, p-1].Customer end B takes out public key PKQB2 by R2 from the service station public key pond of local key card, this
Process please refers to cipher key agreement process above.Customer end B takes out own private key SKB and public key PKQB2 carries out that K2=is calculated
PKQB2SKBmod p.K2 is split as encryption key EK2 and message authentication key AK2 by customer end B.Xb is calculated in customer end B
=gxbmod p.If M2_0=M1 | | IDB | | Xb, customer end B takes out own sequence SQNB, and utilizes message authentication key
AK2 is to M2_0 | | SQNB carries out message authentication and MAC (M2_0 | | SQNB, AK2) is calculated.Customer end B utilizes encryption key EK2
To M2_0 | | MAC (M2_0 | | SQNB, AK2) encryption obtains { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2.
Customer end B is packaged message and obtains M2, is represented by M2=IDB | | R2 | | M2_0 | | MAC (M2_0 | | SQNB,
AK2)}EK2.Ciphering Key request M2 is sent to quantum service station QB by customer end B.
Step 3: quantum communications service station QB requests quantum communication service station QA
Service station QB receives parsing after message and obtains IDB, R2 and { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2.Service
The QB that stands according to R2 takes out private key SKQB2 from local key card service station private key pond, this process please refers to key agreement mistake above
Journey.Service station QB takes out the corresponding public key PKB of customer end B according to IDB from client public key pond.K2 is calculated in service station QB
=PKBSKQB2mod p.K2 is split as encryption key EK2 and message authentication key AK2 by service station QB.
Service station QB using encryption key EK2 to { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2 decrypt to obtain M2_0 and
MAC(M2_0||SQNB,AK2).Service station QB takes out the corresponding sequence number SQNB of customer end B according to IDB.Service station QB, which is utilized, to disappear
Authentication key is ceased to M2_0 | | SQNB carries out message authentication.If the verification passes, the SQNB in update client public key pond is
SQNB+1 is simultaneously carried out in next step, otherwise, to M2_0 | | (SQNB-1) carries out message authentication, if it succeeds, carry out in next step, it is no
Then, AKA failed authentication.
After being verified, service station QB parsing M2_0 obtains M1 | | IDB | | Xb.Service station QB and service station QA pass through quantum
Key distribution is negotiated to obtain encryption key EK3 ' and message authentication key AK3 '.If M3 '=IDQB | | M1, service station QB are utilized
AK3 ' carries out message authentication to M3 ' and MAC (M3 ', AK3 ') is calculated.Service station QB is using encryption key EK3 ' to M3 ' | | MAC
(M3 ', AK3 ') encryption obtains { M3 ' | | MAC (M3 ', AK3 ') } EK3 '.
{ M3 ' | | MAC (M3 ', AK3 ') } EK3 ' is sent to service station QA according to the IDQA information in M1 by service station QB.
Step 4: quantum communications service station QA return authentication vector
After service station QA is received, { M3 ' | | MAC (M3 ', AK3 ') } EK3 ' decryption is obtained using obtained EK3 ' is negotiated
M3 ' | | MAC (M3 ', AK3 '), and utilize AK3 ' verifying message authentication code MAC (M3 ', AK3 ').After being verified, service station QA
Parsing M3 ' obtains IDQB, IDA, IDQA, R1 and { M1_0 | | MAC (M1_0 | | SQNA, AK1) } EK1.Service station QA according to R1 from
Private key SKQA1 is taken out in local key card service station private key pond, this process please refers to cipher key agreement process above, and according to IDA
The corresponding public key PKA of customer end A is taken out from local key card client public key pond.K1=is calculated in service station QA
PKASKQA1mod p.K1 is split as encryption key EK1 and message authentication key AK1 by service station QA.
Service station QA decrypts to obtain M1_0 and MAC (M1_0 using EK1 to { M1_0 | | MAC (M1_0 | | SQNA, AK1) } EK1
| | SQNA, AK1), service station QA takes out the corresponding sequence number SQNA of customer end A according to IDA.Service station QA utilizes AK1 pairs
MAC (M1_0 | | SQNA, AK1) carry out information authentication.If the verification passes, updating the SQNA in client public key pond is SQNA+1
And carry out in next step, otherwise, to M1_0 | | (SQNA-1) carries out message authentication, if it succeeds, carry out in next step, otherwise, AKA
Failed authentication.
After being verified, service station QA is according to SQNA respectively from local key card service station private key pond and service station public key pond
Middle taking-up private key SKQAa and public key PKQAa.This process please refers to cipher key agreement process above, SQNA be equivalent to key indicator with
Machine number and herein SQNA are newest value in client public key pond.Key K=Xa is calculated in service station QASKQAaMod p and one
A cryptographic Hash HASHa=HASH (SQNA | | PKQAa).Key K is calculated for vector below.The calculating of following Ciphering Key is joined
Examine AKA authentication techniques.
Calculate message authentication code (MAC): MAC=F1K(HASHa||Xa||AMF);
Calculate desired certification response (XRES): XRES=F2K(HASHa||Xa);
Computational security key (CK): CK=F3K(HASHa||Xa);
Calculation of integrity key (IK): IK=F4K(HASHa||Xa);
Network authentication token (AUTN): AUTN=AMF | | MAC;
Integration obtains Ciphering Key AV=M4 '=XRES | | CK | | IK | | AUTN.Service station QA and service station QB negotiate
To encryption key EK4 ' and message authentication key AK4 '.Service station QA carries out message authentication algorithm to M4 ' and obtains message authentication code
MAC (M4 ', AK4 ').Service station QA is using encryption key EK4 ' to M4 ' | | MAC (M4 ', AK4 ') encryption obtain M4 ' | | MAC
(M4 ', AK4 ') } EK4 ' and it is sent to service station QB.
Step 5: quantum communications service station QB forwards Ciphering Key
After service station QB is received, EK4 ' is utilized to obtain M4 ' to { M4 ' | | MAC (M4 ', AK4 ') } EK4 ' decryption | | MAC
(M4 ', AK4 '), and message authentication code MAC (M4 ', AK4 ') is verified using AK4 '.After being verified, service station QB root
A true random number R3 is generated according to the randomizer in local key card.Service station QB is according to R3 respectively from local key card
Private key SKQB3 and public key PKQB3 is taken out in service station private key pond and service station public key pond, this process please refers to key agreement above
Process.K5=Xb is obtained by calculation in service station QBSKQB3Mod p and cryptographic Hash HASHb=HASH (SQNB | | PKQB3),
SQNB herein is newest value in client public key pond.K5 is split as encryption key EK5 to service station QB and message authentication is close
Key AK5.
Service station QB carries out message authentication algorithm to M4 ' and obtains message authentication code MAC (M4 ' | | HASHb, AK5).Service station
QB is using encryption key EK5 to M4 ' | | MAC (M4 ' | | HASHb, AK5) encryption obtains { M4 ' | | MAC (M4 ' | | HASHb, AK5) }
EK5 and by M5 '=R3 | | { M4 ' | | MAC (M4 ' | | HASHb, AK5) } EK5 is sent to customer end B.
Step 6: customer end B initiates authentication challenge
After customer end B receives, public key PKQB3 is taken out from local key card service station public key pond according to R3, this process is asked
With reference to cipher key agreement process above.K5=PKQB3 is obtained by calculation in customer end BxbA mod p and cryptographic Hash HASHb=
HASH(SQNB+1||PKQB3).K5 is split as encryption key EK5 and message authentication key AK5 by customer end B.Customer end B utilizes
EK5 decrypts to obtain M4 ' to { M4 ' | | MAC (M4 ' | | HASHb, AK5) } EK5 | | MAC (M4 ' | | HASHb, AK5), and utilize AK5
Message authentication code MAC (M4 ' | | HASHb, AK5) is verified.After being verified, customer end B updates local sequence number SQNB
For SQNB+1.Customer end B parsing M4 ' obtains XRES | | CK | | IK | | AUTN, and by XRES | | CK | | IK is retained in local security
Storage region.If M6=IDB | | AUTN, and customer end A is sent by M6.
Step 7: customer end A return authentication response
After customer end A receives, public key PKQAa, this mistake are taken out from local key card service station public key pond according to SQNA+1
Journey please refers to cipher key agreement process above.K=PKQAa is calculated in customer end AxaA mod p and cryptographic Hash HASHa=
HASH(SQNA+1||PKQAa).Customer end A carries out calculating below using K.
XMAC=F1K(HASHa||Xa||AMF);
RES=F2K(HASHa||Xa);
CK=F3K(HASHa||Xa);
IK=F4K(HASHa||Xa);
Customer end A compares the MAC in XMAC and AUTN, if identical, carries out in next step;Otherwise, authentication is lost
It loses.After verification passes through, it is SQNA+1 that customer end A, which updates local sequence number SQNA,.Customer end A carries out message to RES using IK and recognizes
Card algorithm obtain message authentication code MAC (RES, IK), and using CK to RES | | MAC (RES, IK) encryption obtain RES | | MAC
(RES, IK) } CK.If M7=IDA | | and RES | | MAC (RES, IK) } CK.M7 is sent to customer end B by customer end A.
Step 8: the certification response of customer end B verifying customer end A
After customer end B receives, RES is obtained using CK decryption M7 | | MAC (RES, IK), and using IK to message authentication code
MAC (RES, IK) is verified.If the verification passes, whether customer end B verifying RES and local XRES are equal.If verifying
Pass through, then REP=OK;Conversely, then REP=FAIL.
Customer end B carries out message authentication algorithm to REP using IK and obtains message authentication code MAC (REP, IK), and utilizes CK
To REP | | MAC (REP, IK) encryption obtains M8, is represented by M8=IDB | | REP | | and MAC (REP, IK) } CK.Customer end B will
M8 is sent to customer end A.Customer end A parses authenticating result REP after decrypting and authenticate using CK and IK.
Authentication terminates, and customer end A and customer end B obtain session key i.e. encryption key CK and message authentication key IK.
Specific restriction about customer end A equipment, customer end B equipment, service station Q equipment and system may refer to above
In restriction for quantum communications service station authentication method, details are not described herein.Modules in above-mentioned each equipment can be complete
Portion or part are realized by software, hardware and combinations thereof.Above-mentioned each module can be embedded in the form of hardware or independently of calculating
In processor in machine equipment, it can also be stored in a software form in the memory in computer equipment, in order to processor
It calls and executes the corresponding operation of the above modules.
In one embodiment, a kind of computer equipment is provided, which can be service station Q, inside
Structure chart can be as shown in Figure 1.The computer equipment includes processor, the memory, network interface connected by system bus
And database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory of the computer equipment
Including non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program sum number
According to library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The meter
The database for calculating machine equipment is used to store the related data of authentication.The network interface of the computer equipment is used for and outside
Terminal passes through network connection communication.When the computer program is executed by processor with realize it is a kind of based on unsymmetrical key pond to
The quantum communications service station AKA cryptographic key negotiation method of sequence number.
Wherein implement according in the available claim of conclusion of the specific steps of technical solution disclosed above in visitor
Family end A based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, implement in service station
Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and implement in customer end B
Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, therefore repeat no more.
It will be understood by those skilled in the art that structure shown in Fig. 1, only part relevant to application scheme is tied
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment
It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance
Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application
Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.
Claims (10)
1. based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, implement in client
A, which is characterized in that the quantum communications service station AKA cryptographic key negotiation method includes:
The first random parameter, the first intermediate parameters and first key are generated, the first key utilizes the first private key of customer end A
It is generated with the first public key of service station according to DH agreement, sends first message to customer end B, the first message includes customer end A
Device parameter, the device parameter in service station, the first random parameter, the sequence number of the first intermediate parameters and customer end A;It is described
First message at least part is encrypted by the first key;
The 4th message comprising network authentication token from customer end B is obtained, the network authentication token is by the service station
It is obtained using vector cipher key calculation, the vector key is generated using first intermediate parameters and the first private key of service station;It is raw
At the vector key and the message authentication code in Ciphering Key is calculated, authenticates response, confidentiality key and integrality
Key;After comparing message authentication code and the network authentication token and passing through, the sequence number of the customer end A of itself storage is carried out
Default operation is updated and is stored;Generate the 5th message, the certification response that the 5th message is encrypted including the use of confidentiality key,
The 5th message is sent to customer end B;
The 6th message from customer end B is obtained, the 6th message encrypts comparing result including the use of confidentiality key;It is described
Comparing result is the certification response generation later of the response of customer end B comparative certification and customer end B storage, decrypts and reads comparison knot
Fruit, if comparing result is that very, trusting confidentiality key is session key, trust Integrity Key is authentication key.
2. based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, implement in service station,
It is characterized in that, the quantum communications service station AKA cryptographic key negotiation method includes:
Second message of the acquisition from customer end B, the device parameter including customer end B, the second random parameter, first message, the
The sequence number of two intermediate parameters and customer end B;The first message includes the device parameter of customer end A, the equipment in service station
Parameter, the first random parameter, the sequence number of the first intermediate parameters and customer end A;Wherein, first random parameter, first
Intermediate parameters are generated by the customer end A, and second random parameter and the second intermediate parameters are generated by the customer end B;
After decrypting and verifying the second message, compare in sequence number and the second message for the customer end B that itself is stored
The sequence number of customer end B, the sequence number for comparing the customer end B for storing itself after passing through carry out default operation and update and store;
The sequence number of the customer end A of itself storage default operation is carried out after verifying first message to update and store;Generate vector key
With the first cryptographic Hash, the vector key is generated using the first intermediate parameters and the first private key of service station according to DH agreement, described
First cryptographic Hash carries out Hash operation generation by the sequence number and service station third public key of customer end A;It is close using the vector
Key generate Ciphering Key, the Ciphering Key include message authentication code, authenticate response, confidentiality key, Integrity Key and
Network authentication token;Generate third key and the second cryptographic Hash, the third key utilizes the second intermediate parameters and service station the
Two private keys are generated according to DH agreement, and second cryptographic Hash is breathed out by the sequence number and the 4th public key of service station of customer end B
Uncommon operation generates;Third message is generated, the third message includes Ciphering Key and the second cryptographic Hash;In the third message
It is at least a part of to be encrypted using the third key;The third message is sent to the customer end B;
The Ciphering Key is used to complete AKA authentication for the customer end A and customer end B.
3. based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, implement in client
B, which is characterized in that the quantum communications service station AKA cryptographic key negotiation method includes:
The first message from the customer end A is obtained, the first message includes the device parameter of customer end A, service station
Device parameter, the first random parameter, the sequence number of the first intermediate parameters and customer end A;Described first message at least part
It is encrypted by first key;The second intermediate parameters, the second random parameter and the second key, second key are generated after decryption
It is generated using the first private key of customer end B and the second public key of service station according to DH agreement, sends second message to service station, described the
Two message include the device parameter of customer end B, the second random parameter, the first message, the device parameter of customer end B, and second
The sequence number of intermediate parameters and customer end B;Described second message at least part is encrypted by second key;
The third message from service station is obtained, the third message includes Ciphering Key and the second cryptographic Hash;The third
It is at least a part of in message to be encrypted using third key;The Ciphering Key by the service station using vector key generate and
Comprising message authentication code, response, confidentiality key, Integrity Key and network authentication token are authenticated;The vector key benefit
It is generated with first intermediate parameters and the first private key of service station;The third key utilizes service station second by the service station
Private key and second intermediate parameters are generated according to DH agreement, by the sequence number of the customer end B of itself storage after decrypting and verifying
Default operation is carried out to update and store;The Ciphering Key is parsed and stored, the 4th message comprising network authentication token is generated
And the 4th message is sent to customer end A;
Fiveth message of the acquisition from customer end A, the certification response that the 5th message is encrypted including the use of confidentiality key,
Middle certification response, confidentiality key are generated by customer end A using vector key;The certification of comparative certification response and storage after decryption
Response simultaneously generates comparing result, and it is session key that confidentiality key is trusted if the certification response of certification response and storage is equal,
Trust Integrity Key is authentication key;Generate the 6th message, pair that the 6th message is encrypted including the use of confidentiality key
Than as a result, the 6th message is sent to customer end A.
4. based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, which is characterized in that institute
Stating quantum communications service station AKA cryptographic key negotiation method includes:
Customer end A generates the first random parameter, the first intermediate parameters and first key, and the first key utilizes customer end A
First private key and the first public key of service station are generated according to DH agreement, send first message to customer end B, the first message includes
The device parameter of customer end A, the device parameter in service station, the first random parameter, the sequence of the first intermediate parameters and customer end A
Number;Described first message at least part is encrypted by the first key;
Customer end B obtains, generates the second intermediate parameters, the second random parameter and the second key, second key after decryption
It is generated using the first private key of customer end B and the second public key of service station according to DH agreement, sends second message to service station, described the
Two message include the device parameter of customer end B, the second random parameter, the first message, the device parameter of customer end B, and second
The sequence number of intermediate parameters and customer end B;Described second message at least part is encrypted by second key;
After service station obtains, decrypts and verify the second message, the sequence number and described the of the customer end B of itself storage is compared
The sequence number of customer end B in two message, comparison carry out the sequence number of the customer end B of itself storage to preset operation more after passing through
Newly and store;The sequence number of the customer end A of itself storage default operation is carried out after verifying first message to update and store;It generates
Vector key and the first cryptographic Hash, the vector key are raw according to DH agreement using the first intermediate parameters and the first private key of service station
At first cryptographic Hash carries out Hash operation generation by the sequence number and service station third public key of customer end A;Using described
Vector key generates Ciphering Key, and the Ciphering Key includes message authentication code, authenticates response, confidentiality key, integrality is close
Key and network authentication token;Third key and the second cryptographic Hash are generated, the third key utilizes the second intermediate parameters kimonos
Business the second private key of station is generated according to DH agreement, and second cryptographic Hash passes through the sequence number and service station third private key of customer end B
Carry out Hash operation generation;Third message is generated, the third message includes Ciphering Key and the second cryptographic Hash;The third
It is at least a part of in message to be encrypted using the third key;The third message is sent to the customer end B;
The sequence number of the customer end B of itself storage is carried out default operation after obtaining, decrypting and verify and updates and deposit by customer end B
Storage;The Ciphering Key is parsed and stored, the 4th message comprising network authentication token is generated and sends the 4th message
To customer end A;
Customer end A compares message authentication code and the network authentication token and passes through after obtaining after, by the customer end A of itself storage
Sequence number carry out default operation and update and store;The 5th message is generated, the 5th message adds including the use of confidentiality key
Close certification response sends the 5th message to customer end B;
Customer end B obtains, the certification response of comparative certification response and storage and generates comparing result after decryption, if certification response and
The certification response of storage is equal, and trusting confidentiality key is session key, and trust Integrity Key is authentication key;Generate the
6th message is sent to client by six message, the comparing result that the 6th message is encrypted including the use of confidentiality key
Hold A;
Customer end A obtains, decrypts and read comparing result, if comparing result is that very, trusting confidentiality key is session key,
Trust Integrity Key is authentication key.
5. such as the described in any item quantum communications service station AKA cryptographic key negotiation methods of Claims 1-4, which is characterized in that described
Service station includes service station QA and service station QB, and the customer end A is the sub- equipment of the service station QA, and the customer end B is
The sub- equipment of the service station QB;
The service station QB obtains the second message from customer end B, by the sequence of the customer end B of itself storage after decrypting and verifying
Row number carries out default operation and updates and store, and the key between service station QA coded communication acquisition first stop generates first stop
Between message, message includes the device parameter and first message of service station QB between the first stop;Message between first stop is utilized the
Key encryption is sent to service station QA between one station;
After service station QA is obtained, decrypted and verify, the sequence number of the customer end A of itself storage is subjected to default operation and updates and deposits
Storage;Vector key is generated using the first intermediate parameters and the first private key of service station QA, the vector key is described for generating
Key between Ciphering Key, with service station QB coded communication acquisition second station, generates the second station comprising the Ciphering Key
Between message, by message between the second station using between second station key encryption be sent to the service station QB;
After service station QB is obtained, decrypted and verify, using the second intermediate parameters, QB the first private key in service station generates the 5th key,
The sequence number of customer end B and the 4th public key of service station service station are subjected to Hash operation and obtain the second cryptographic Hash;It is sent out to customer end B
The 7th message is sent, the 7th message includes the second cryptographic Hash, Ciphering Key;7th message at least part is added by the 5th key
It is close;
7th message is used to complete AKA authentication for the customer end A and customer end B.
6. such as the described in any item quantum communications service station AKA cryptographic key negotiation methods of Claims 1-4, which is characterized in that described
Customer end A and customer end B are configured with client key card, are stored with service station public key pond in the client key card, itself
Client public key and client private key;The service station is configured with service station key card, storage in the service station key card
There are client public key pond, service station private key pond and service station public key pond including each client public key.
7. a kind of client device, including memory and processor, the memory are stored with computer program, feature exists
In the processor realizes quantum communications service station AKA key agreement described in claim 1 when executing the computer program
The step of method.
8. a kind of service station equipment, including memory and processor, the memory are stored with computer program, feature exists
In the processor realizes quantum communications service station AKA key agreement described in claim 2 when executing the computer program
The step of method.
9. a kind of client device, including memory and processor, the memory are stored with computer program, feature exists
In the processor realizes quantum communications service station AKA key agreement described in claim 3 when executing the computer program
The step of method.
10. based on unsymmetrical key pond to and sequence number quantum communications service station AKA key agreement system, including memory and
Processor, the memory are stored with computer program, which is characterized in that the processor executes real when the computer program
The step of quantum communications service station AKA cryptographic key negotiation method described in existing claim 4;The customer end A and customer end B configuration
There is client key card, service station public key pond is stored in the client key card, itself client public key and client
Private key;The service station is configured with service station key card, is stored in the service station key card including each client public key
Client public key pond, service station private key pond and service station public key pond.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910591305.7A CN110493177B (en) | 2019-07-02 | 2019-07-02 | Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910591305.7A CN110493177B (en) | 2019-07-02 | 2019-07-02 | Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110493177A true CN110493177A (en) | 2019-11-22 |
CN110493177B CN110493177B (en) | 2021-08-31 |
Family
ID=68546480
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910591305.7A Active CN110493177B (en) | 2019-07-02 | 2019-07-02 | Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110493177B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113114460A (en) * | 2021-06-15 | 2021-07-13 | 国网浙江省电力有限公司杭州供电公司 | Quantum encryption-based power distribution network information secure transmission method |
CN113452687A (en) * | 2021-06-24 | 2021-09-28 | 中电信量子科技有限公司 | Method and system for encrypting sent mail based on quantum security key |
CN114095183A (en) * | 2022-01-23 | 2022-02-25 | 杭州字节信息技术有限公司 | Client dual authentication method, terminal equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170237558A1 (en) * | 2016-02-15 | 2017-08-17 | Alibaba Group Holding Limited | System and method for quantum key distribution |
US20170338951A1 (en) * | 2016-05-19 | 2017-11-23 | Alibaba Group Holding Limited | Method and system for secure data transmission |
CN108574569A (en) * | 2017-03-08 | 2018-09-25 | 中国移动通信有限公司研究院 | A kind of authentication method and authentication device based on quantum key |
CN109151053A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method and system based on public asymmetric key pond |
CN109756329A (en) * | 2019-01-15 | 2019-05-14 | 如般量子科技有限公司 | Anti- quantum calculation shared key machinery of consultation and system based on private key pond |
CN109921905A (en) * | 2019-01-18 | 2019-06-21 | 如般量子科技有限公司 | Anti- quantum calculation cryptographic key negotiation method and system based on private key pond |
-
2019
- 2019-07-02 CN CN201910591305.7A patent/CN110493177B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170237558A1 (en) * | 2016-02-15 | 2017-08-17 | Alibaba Group Holding Limited | System and method for quantum key distribution |
US20170338951A1 (en) * | 2016-05-19 | 2017-11-23 | Alibaba Group Holding Limited | Method and system for secure data transmission |
CN108574569A (en) * | 2017-03-08 | 2018-09-25 | 中国移动通信有限公司研究院 | A kind of authentication method and authentication device based on quantum key |
CN109151053A (en) * | 2018-09-20 | 2019-01-04 | 如般量子科技有限公司 | Anti- quantum calculation cloud storage method and system based on public asymmetric key pond |
CN109756329A (en) * | 2019-01-15 | 2019-05-14 | 如般量子科技有限公司 | Anti- quantum calculation shared key machinery of consultation and system based on private key pond |
CN109921905A (en) * | 2019-01-18 | 2019-06-21 | 如般量子科技有限公司 | Anti- quantum calculation cryptographic key negotiation method and system based on private key pond |
Non-Patent Citations (1)
Title |
---|
王聪: "量子密钥分发网络路由与资源分配研究", 《中国优秀硕士学位论文全文数据库(电子期刊)》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113114460A (en) * | 2021-06-15 | 2021-07-13 | 国网浙江省电力有限公司杭州供电公司 | Quantum encryption-based power distribution network information secure transmission method |
CN113114460B (en) * | 2021-06-15 | 2021-08-24 | 国网浙江省电力有限公司杭州供电公司 | Quantum encryption-based power distribution network information secure transmission method |
CN113452687A (en) * | 2021-06-24 | 2021-09-28 | 中电信量子科技有限公司 | Method and system for encrypting sent mail based on quantum security key |
CN114095183A (en) * | 2022-01-23 | 2022-02-25 | 杭州字节信息技术有限公司 | Client dual authentication method, terminal equipment and storage medium |
CN114095183B (en) * | 2022-01-23 | 2022-05-03 | 杭州字节信息技术有限公司 | Client dual authentication method, terminal equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110493177B (en) | 2021-08-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10516527B1 (en) | Split-key based cryptography system for data protection and synchronization across multiple computing devices | |
US7793340B2 (en) | Cryptographic binding of authentication schemes | |
US8724819B2 (en) | Credential provisioning | |
CN109361668A (en) | A kind of data trusted transmission method | |
CN109379387B (en) | Safety certification and data communication system between Internet of things equipment | |
CN108494551A (en) | Processing method, system, computer equipment and storage medium based on collaboration key | |
CN108418691A (en) | Dynamic network identity identifying method based on SGX | |
CN108471352A (en) | Processing method, system, computer equipment based on distributed private key and storage medium | |
CN106416123A (en) | Password-based authentication | |
CN108809633B (en) | Identity authentication method, device and system | |
CN107920052B (en) | Encryption method and intelligent device | |
CN110519046A (en) | Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD | |
CN109981255A (en) | The update method and system of pool of keys | |
CN110380859B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol | |
CN110138548A (en) | Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system | |
CN110493177A (en) | Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system | |
CN108599926A (en) | A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys | |
CN108632042A (en) | A kind of class AKA identity authorization systems and method based on pool of symmetric keys | |
Khan et al. | Offline OTP based solution for secure internet banking access | |
CN110098925A (en) | Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system | |
US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
CN110176989A (en) | Quantum communications service station identity identifying method and system based on unsymmetrical key pond | |
CN114765543A (en) | Encryption communication method and system of quantum cryptography network expansion equipment | |
CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
Aiash | A formal analysis of authentication protocols for mobile devices in next generation networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |