CN110493177A - Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system - Google Patents

Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system Download PDF

Info

Publication number
CN110493177A
CN110493177A CN201910591305.7A CN201910591305A CN110493177A CN 110493177 A CN110493177 A CN 110493177A CN 201910591305 A CN201910591305 A CN 201910591305A CN 110493177 A CN110493177 A CN 110493177A
Authority
CN
China
Prior art keywords
key
customer end
service station
message
sequence number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910591305.7A
Other languages
Chinese (zh)
Other versions
CN110493177B (en
Inventor
富尧
钟一民
余秋炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201910591305.7A priority Critical patent/CN110493177B/en
Publication of CN110493177A publication Critical patent/CN110493177A/en
Application granted granted Critical
Publication of CN110493177B publication Critical patent/CN110493177B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Abstract

This application involves it is a kind of based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system, in the application, customer end A, service station and customer end B are equipped with key card, key is stored using key card, a possibility that key card is independent hardware device, steals key by Malware or malicious operation substantially reduces.

Description

Based on unsymmetrical key pond to and sequence number quantum communications service station AKA key assist Quotient's method and system
Technical field
This application involves safety communication technology field, more particularly to based on unsymmetrical key pond to and sequence number quantum Communication service station AKA cryptographic key negotiation method and system.
Background technique
The Internet of rapid development brings huge convenience to people's lives, work, and people can be sitting in family It sent and received e-mail, made a phone call by Internet, carrying out the activities such as shopping online, bank transfer.Internet message safety simultaneously It is increasingly becoming a potential huge problem.In general internet message is faced with following several security risks: internet message It is stolen, message is tampered, attacker palms off message, malicious sabotage etc..
Wherein authentication is a kind of means of one of protection people's internet message.Authentication is also referred to as " identity Verifying " or " identity identification ", refer to the process of confirmation operation person's identity in computer and computer network system, so that it is determined that Whether the user has access and access right to certain resource, and then enables the access strategy of computer and networks system It reliably and efficiently executes, prevents attacker from palming off the access authority that legitimate user obtains resource, guarantee the peace of system and data Entirely, and authorization visitor legitimate interests.
And currently ensure that authentication successfully mainly relies on cryptographic technique, and in field of cryptography of today, it is main Will there are two types of cryptographic system, first is that symmetric key cryptosystem, i.e. encryption key and decruption key use it is same.The other is Public key cryptosystem, i.e. encryption key and decruption key difference, one of them can be disclosed.Current most identity is recognized Card relies primarily on public key cryptography system using algorithm.
The encryption key pair (public key) and decryption key (private key) that Public Key Cryptographic Systems uses are different.Due to encryption Key be it is disclosed, the distribution of key and management are just very simple, and Public Key Cryptographic Systems can also be easily carried out number Signature.
Since public key encryption comes out, scholars propose many kinds of public key encryption methods, their safety is all base In complicated difficult math question.Classified according to the difficult math question being based on, have following three classes system be presently believed to be safety and It is effective: big integer factorization system (representative to have RSA), Discrete log systems (representative to have DSA) and ellipse from It dissipates Logarithmic system (ECC).
But with the development of quantum computer, classical asymmetric-key encryption algorithm will be no longer safe, no matter encryption and decryption Or private key can be calculated in key exchange method, quantum computer by public key, therefore currently used asymmetric close Key will become cannot withstand a single blow in the quantum epoch.Quantum key distribution equipment QKD can ensure that the key of negotiation can not be acquired at present. But QKD is mainly used for quantum main line, ustomer premises access equipment to quantum communications service station is still classic network, therefore by non-right Claim algorithm it is difficult to ensure that authentication procedures safety.
At present in the AKA mechanism (full name " Authentication of one of the more commonly used method for authenticating of mobile communication field And Key Agreement ", i.e. authentication and key agreement.) can be achieved symmetric key negotiation and distribution.But recognize in calculating Key on syndrome vector is fixed, and there are certain risks, but if using a large amount of pool of symmetric keys again to quantum communications service There is biggish storage burden at station.
Problem of the existing technology:
1. using pool of symmetric keys between quantum communications service station and quantum key card, capacity is huge, to quantum communications The key storage in service station brings pressure;
2. quantum communications service station, which has to encrypt key, to be stored in commonly since pool of symmetric keys key capacity is huge In storage medium such as hard disk, and it can not be stored in the key card in quantum communications service station;
3. causing trouble to cipher key backup since pool of symmetric keys key capacity is huge.
Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide based on unsymmetrical key pond to and sequence number quantum it is logical Telecommunications services station AKA cryptographic key negotiation method and system.
This application discloses based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA Method is implemented in customer end A, and the quantum communications service station AKA cryptographic key negotiation method includes:
The first random parameter, the first intermediate parameters and first key are generated, the first key utilizes customer end A first Private key and the first public key of service station are generated according to DH agreement, send first message to customer end B, the first message includes client Hold the device parameter of A, the device parameter in service station, the first random parameter, the sequence number of the first intermediate parameters and customer end A; Described first message at least part is encrypted by the first key;
The 4th message comprising network authentication token from customer end B is obtained, the network authentication token is by the clothes Business station is obtained using vector cipher key calculation, and the vector key is raw using first intermediate parameters and the first private key of service station At;It generates the vector key and the message authentication code in Ciphering Key is calculated, authenticate response, confidentiality key and complete Whole property key;After comparing message authentication code and the network authentication token and passing through, by the sequence number of the customer end A of itself storage Default operation is carried out to update and store;Generate the 5th message, the certification that the 5th message is encrypted including the use of confidentiality key Response sends the 5th message to customer end B;
The 6th message from customer end B is obtained, the 6th message encrypts comparing result including the use of confidentiality key; The comparing result be the response of customer end B comparative certification and customer end B storage certification response after generate, decrypt and read pair Than as a result, trust Integrity Key is authentication key if comparing result is that very, trusting confidentiality key is session key.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA Method is implemented in service station, and the quantum communications service station AKA cryptographic key negotiation method includes:
The second message from customer end B is obtained, the device parameter including customer end B, the second random parameter, first disappears Breath, the sequence number of the second intermediate parameters and customer end B;The first message includes the device parameter of customer end A, service station Device parameter, the first random parameter, the sequence number of the first intermediate parameters and customer end A;Wherein, first random parameter, First intermediate parameters are generated by the customer end A, and second random parameter and the second intermediate parameters are given birth to by the customer end B At;
After decrypting and verifying the second message, compare itself storage customer end B sequence number and the second message In customer end B sequence number, the sequence number of the customer end B of itself storage carries out default operation after passing through and updates and deposit by comparison Storage;The sequence number of the customer end A of itself storage default operation is carried out after verifying first message to update and store;It is close to generate vector Key and the first cryptographic Hash, the vector key are generated using the first intermediate parameters and the first private key of service station according to DH agreement, institute It states the first cryptographic Hash and Hash operation generation is carried out by the sequence number and service station third public key of customer end A;Utilize the vector Key generate Ciphering Key, the Ciphering Key include message authentication code, authenticate response, confidentiality key, Integrity Key with And network authentication token;Third key and the second cryptographic Hash are generated, the third key utilizes the second intermediate parameters and service station Second private key is generated according to DH agreement, and second cryptographic Hash is carried out by the sequence number and the 4th public key of service station of customer end B Hash operation generates;Third message is generated, the third message includes Ciphering Key and the second cryptographic Hash;The third message In it is at least a part of using the third key encrypt;The third message is sent to the customer end B;
The Ciphering Key is used to complete AKA authentication for the customer end A and customer end B.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA Method is implemented in customer end B, and the quantum communications service station AKA cryptographic key negotiation method includes:
The first message from the customer end A is obtained, the first message includes the device parameter of customer end A, service The device parameter stood, the first random parameter, the sequence number of the first intermediate parameters and customer end A;The first message at least one Part is encrypted by first key;Generate the second intermediate parameters, the second random parameter and the second key after decryption, described second Key is generated using the first private key of customer end B and the second public key of service station according to DH agreement, sends second message, institute to service station State the device parameter that second message includes customer end B, the second random parameter, the first message, the device parameter of customer end B, The sequence number of second intermediate parameters and customer end B;Described second message at least part is encrypted by second key;
The third message from service station is obtained, the third message includes Ciphering Key and the second cryptographic Hash;It is described It is at least a part of in third message to be encrypted using third key;The Ciphering Key is raw using vector key by the service station At and include message authentication code, authenticate response, confidentiality key, Integrity Key and network authentication token;The vector is close Key is generated using first intermediate parameters and the first private key of service station;The third key utilizes service station by the service station Second private key and second intermediate parameters are generated according to DH agreement, by the sequence of the customer end B of itself storage after decrypting and verifying Row number carries out default operation and updates and store;The Ciphering Key is parsed and stores, generating includes the 4th of network authentication token 4th message is simultaneously sent to customer end A by message;
The 5th message from customer end A is obtained, the 5th message is answered including the use of the certification that confidentiality key encrypts It answers, wherein authenticating response, confidentiality key is generated by customer end A using vector key;Comparative certification response and storage after decryption Certification response and generate comparing result, if certification response and storage certification response it is equal if trust confidentiality key be session Key, trust Integrity Key are authentication key;The 6th message is generated, the 6th message is encrypted including the use of confidentiality key Comparing result, the 6th message is sent to customer end A.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA Method, the quantum communications service station AKA cryptographic key negotiation method include:
Customer end A generates the first random parameter, the first intermediate parameters and first key, and the first key utilizes client It holds the first private key of A and the first public key of service station to be generated according to DH agreement, sends first message, the first message to customer end B Device parameter including customer end A, the device parameter in service station, the first random parameter, the first intermediate parameters and customer end A Sequence number;Described first message at least part is encrypted by the first key;
Customer end B obtains, generates the second intermediate parameters, the second random parameter and the second key after decryption, and described second Key is generated using the first private key of customer end B and the second public key of service station according to DH agreement, sends second message, institute to service station State the device parameter that second message includes customer end B, the second random parameter, the first message, the device parameter of customer end B, The sequence number of second intermediate parameters and customer end B;Described second message at least part is encrypted by second key;
After service station obtains, decrypts and verify the second message, sequence number and the institute of the customer end B of itself storage are compared The sequence number of the customer end B in second message is stated, comparison carries out the sequence number of the customer end B of itself storage to preset fortune after passing through It calculates and updates and store;The sequence number of the customer end A of itself storage default operation is carried out after verifying first message to update and store; Vector key and the first cryptographic Hash are generated, the vector key is assisted using the first intermediate parameters and the first private key of service station according to DH View generates, and first cryptographic Hash carries out Hash operation generation by the sequence number and service station third public key of customer end A;It utilizes The vector key generates Ciphering Key, and the Ciphering Key includes message authentication code, authenticates response, confidentiality key, completely Property key and network authentication token;Third key and the second cryptographic Hash are generated, the third key utilizes the second intermediate parameters It is generated with the second private key of service station according to DH agreement, second cryptographic Hash passes through the sequence number and service station third of customer end B Private key carries out Hash operation generation;Third message is generated, the third message includes Ciphering Key and the second cryptographic Hash;It is described It is at least a part of in third message to be encrypted using the third key;The third message is sent to the customer end B;
The sequence number of the customer end B of itself storage is carried out default operation after obtaining, decrypting and verify and updated simultaneously by customer end B Storage;The Ciphering Key is parsed and stored, the 4th message comprising network authentication token is generated and sends out the 4th message Give customer end A;
Customer end A compares message authentication code and the network authentication token and passes through after obtaining after, by the visitor of itself storage The sequence number of family end A carries out default operation and updates and store;The 5th message is generated, the 5th message is close including the use of confidentiality The certification response of key encryption sends the 5th message to customer end B;
Customer end B obtains, the certification response of comparative certification response and storage and generates comparing result after decryption, if certification is answered The certification response answered and stored is equal, and trusting confidentiality key is session key, and trust Integrity Key is authentication key;It is raw At the 6th message, the 6th message is sent to by the comparing result that the 6th message is encrypted including the use of confidentiality key Customer end A;
Customer end A obtains, decrypts and read comparing result, if comparing result is that very, trusting confidentiality key is session Key, trust Integrity Key are authentication key.
Preferably, the service station includes service station QA and service station QB, and the customer end A is the son of the service station QA Equipment, the customer end B are the sub- equipment of the service station QB;
The service station QB obtains the second message from customer end B, by the customer end B of itself storage after decrypting and verifying Sequence number carry out default operation and update and store, obtain key between first stop the service station QA coded communication, generation the Message between one station, message includes the device parameter and first message of service station QB between the first stop;By message benefit between first stop Service station QA is sent to key encryption between first stop;
After service station QA is obtained, decrypted and verify, the sequence number of the customer end A of itself storage is subjected to default operation and is updated And it stores;Vector key is generated using the first intermediate parameters and the first private key of service station QA, the vector key is for generating The Ciphering Key obtains key between second station with the service station QB coded communication, generates the comprising the Ciphering Key Message between the second station is sent to the service station QB using key encryption between second station by message between two stations;
After service station QB is obtained, decrypted and verify, using the second intermediate parameters, it is close that QB the first private key in service station generates the 5th The sequence number of customer end B and the 4th public key of service station service station are carried out Hash operation and obtain the second cryptographic Hash by key;To client B sends the 7th message, and the 7th message includes the second cryptographic Hash, Ciphering Key;7th message at least part is close by the 5th Key encryption;
7th message is used to complete AKA authentication for the customer end A and customer end B.
Preferably, the customer end A and customer end B are configured with client key card, storage in the client key card There is service station public key pond, itself client public key and client private key;The service station is configured with service station key card, described Client public key pond, service station private key pond and service station public key including each client public key are stored in the key card of service station Pond.
Disclosed herein as well is a kind of client device, including memory and processor, the memory is stored with calculating Machine program, the processor realize quantum communications service station AKA described in above-mentioned technical proposal when executing the computer program The step of cryptographic key negotiation method.
Disclosed herein as well is a kind of service station equipment, including memory and processor, the memory is stored with calculating Machine program, the processor realized when executing the computer program in above-mentioned technical proposal described in quantum communications service station The step of AKA cryptographic key negotiation method.
Disclosed herein as well is a kind of client device, including memory and processor, the memory is stored with calculating Machine program, the processor realize quantum communications service station AKA described in above-mentioned technical proposal when executing the computer program The step of cryptographic key negotiation method.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number quantum communications service station AKA key agreement system System, including memory and processor, the memory are stored with computer program, and the processor executes the computer program The step of quantum communications service station AKA cryptographic key negotiation method described in Shi Shixian above-mentioned technical proposal;The customer end A and client Hold B to be configured with client key card, be stored with service station public key pond in the client key card, the client public key of itself and Client private key;The service station is configured with service station key card, is stored in the service station key card including each client Client public key pond, service station private key pond and the service station public key pond of public key.
This application discloses based on unsymmetrical key pond to and sequence number quantum communications service station AKA key agreement system System, including memory and processor, memory are stored with computer program, and processor is realized above-mentioned when executing computer program In technical solution the step of the AKA cryptographic key negotiation method of quantum communications service station;Customer end A and customer end B are close configured with client Key card is stored with service station public key pond in client key card, itself client public key and client private key;Service station Q matches It is equipped with service station key card, it is private that client public key pond, service station including each client public key are stored in the key card of service station Key pond and service station public key pond.
Key card in the application is combined with cryptological technique, hardware security isolation technology, quantum physics technology and (takes Carry quantum random number generator in the case where) authentication and encryption and decryption product.The embedded chip and operating system of key card The functions such as secure storage and the cryptographic algorithm of key can be provided.Since it is with independent data-handling capacity and good peace Quan Xing, key card become the safety barrier of private key and pool of keys.Each key card can have hardware PIN code protection, PIN code and Hardware constitutes two necessary factors that user uses key card, i.e., so-called " double factor authentication ", and user only has while obtaining guarantor The key card and user's PIN code for having deposited relevant authentication information, just can be with login system.Even if the PIN code of user is leaked, as long as The key card that user holds is not stolen, and the identity of legitimate user would not be counterfeit;If the key card of user is lost, pick up Person also cannot counterfeit the identity of legitimate user due to not knowing user's PIN code.In short, key card makes the top-secret information such as key It is not appeared in the disk and memory of host with plaintext version, so as to which the safety of top-secret information is effectively ensured.
Each member is equipped with key card, stores key using key card, and key card is independent hardware device, by malice A possibility that software or malicious operation steal key substantially reduces.Meanwhile each member utilizes random number in conjunction with described non-right The public key of each member needed for claiming pool of keys to extract, and the public key of each member is stored in key card, guarantees that quantum computer can not Client public key is obtained, and then is unable to get corresponding private key, therefore reduces and risk is cracked by quantum computer.
Quantum communications service station as message center is without storing multiple large capacity pool of symmetric keys, it is only necessary to store client Public key pond is held, the memory space in quantum communications service station is greatly saved, is also provided convenience for cipher key backup.
Detailed description of the invention
Fig. 1 is the pool of keys distribution schematic diagram of service station key card in the application;
Fig. 2 is the pool of keys distribution schematic diagram of client key card in the application;
Fig. 3 is that customer end A and customer end B are located at the AKA authorizing procedure figure under the same service station Q in embodiment 1;
Fig. 4 is that customer end A and customer end B are located at the authentication stream of the AKA under service station QA and service station QB in embodiment 2 Cheng Tu.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not For limiting the application.Wherein the service station in the application is quantum communications service station in the case where not doing specified otherwise, Each title in the application is subject to letter and number and is combined, such as device parameter IDA, facility information IDA, identification parameters IDA, IDA indicates same meaning, i.e. device parameter IDA below;Such as authentication key AK2, message authentication key AK2, information are recognized again Key A K2 is demonstrate,proved, AK2 hereinafter indicates same meaning, and authentication authorization and accounting key A K2, remaining title is similarly.
This application discloses based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA Method is implemented in customer end A, and quantum communications service station AKA cryptographic key negotiation method includes:
The first random parameter, the first intermediate parameters and first key are generated, first key utilizes the first private key of customer end A It is generated with the first public key of service station according to DH agreement, sends first message to customer end B, first message includes setting for customer end A Standby parameter, the device parameter in service station, the first random parameter, the sequence number of the first intermediate parameters and customer end A;First message At least part is encrypted by first key;
The 4th message comprising network authentication token from customer end B is obtained, network authentication token is utilized by service station Vector cipher key calculation obtains, and vector key is generated using the first intermediate parameters and the first private key of service station;Generate vector key simultaneously The message authentication code in Ciphering Key is calculated, authenticates response, confidentiality key and Integrity Key;Compare message authentication The sequence number of the customer end A of itself storage is carried out default operation and updates and store by code with network authentication token and after passing through;It is raw At the 5th message, the certification response that the 5th message is encrypted including the use of confidentiality key sends the 5th message to customer end B;
The 6th message from customer end B is obtained, the 6th message encrypts comparing result including the use of confidentiality key;Comparison The result is that generating after the certification response of the response of customer end B comparative certification and customer end B storage, comparing result is decrypted and reads, If comparing result is that very, trusting confidentiality key is session key, trust Integrity Key is authentication key.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA Method is implemented in service station, and quantum communications service station AKA cryptographic key negotiation method includes:
The second message from customer end B is obtained, the device parameter including customer end B, the second random parameter, first disappears Breath, the sequence number of the second intermediate parameters and customer end B;First message includes the device parameter of customer end A, the equipment in service station Parameter, the first random parameter, the sequence number of the first intermediate parameters and customer end A;Wherein, the first random parameter, among first Parameter is generated by customer end A, and the second random parameter and the second intermediate parameters are generated by customer end B;
After decrypting and verifying second message, the client in the sequence number and second message of the customer end B of itself storage is compared The sequence number for the customer end B for storing itself after holding the sequence number of B, comparison to pass through carries out default operation and updates and store;Verifying The sequence number for the customer end A for storing itself after first message carries out default operation and updates and store;Generate vector key and the One cryptographic Hash, vector key are generated using the first intermediate parameters and the first private key of service station according to DH agreement, and the first cryptographic Hash is logical The sequence number and service station third public key for crossing customer end A carry out Hash operation generation;Ciphering Key is generated using vector key, is recognized Syndrome vector includes message authentication code, authenticates response, confidentiality key, Integrity Key and network authentication token;Generate third Key and the second cryptographic Hash, third key are generated using the second intermediate parameters and the second private key of service station according to DH agreement, and second Cryptographic Hash carries out Hash operation generation by the sequence number and the 4th public key of service station of customer end B;Third message is generated, third disappears Breath includes Ciphering Key and the second cryptographic Hash;It is at least a part of in third message to be encrypted using third key;To customer end B Send third message;
Ciphering Key is used to complete AKA authentication for customer end A and customer end B.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA Method is implemented in customer end B, and quantum communications service station AKA cryptographic key negotiation method includes:
The first message from customer end A is obtained, first message includes the device parameter of customer end A, the equipment in service station Parameter, the first random parameter, the sequence number of the first intermediate parameters and customer end A;First message at least part is close by first Key encryption;Generate the second intermediate parameters, the second random parameter and the second key after decryption, the second key utilizes customer end B the One private key and the second public key of service station are generated according to DH agreement, send second message to service station, second message includes customer end B Device parameter, the second random parameter, first message, the device parameter of customer end B, the second intermediate parameters and customer end B Sequence number;Second message at least part is encrypted by the second key;
The third message from service station is obtained, third message includes Ciphering Key and the second cryptographic Hash;Third message In it is at least a part of using third key encrypt;Ciphering Key is generated using vector key by service station and includes message authentication Code authenticates response, confidentiality key, Integrity Key and network authentication token;Vector key using the first intermediate parameters and The first private key of service station generates;Third key is by service station using the second private key of service station and the second intermediate parameters according to DH agreement It generates, the sequence number for the customer end B for storing itself after decrypting and verifying carries out default operation and updates and store;It parses and stores Ciphering Key generates the 4th message comprising network authentication token and the 4th message is sent to customer end A;
Fiveth message of the acquisition from customer end A, the certification response that the 5th message is encrypted including the use of confidentiality key, Middle certification response, confidentiality key are generated by customer end A using vector key;The certification of comparative certification response and storage after decryption Response simultaneously generates comparing result, and it is session key that confidentiality key is trusted if the certification response of certification response and storage is equal, Trust Integrity Key is authentication key;Generate the 6th message, the comparison knot that the 6th message is encrypted including the use of confidentiality key 6th message is sent to customer end A by fruit.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number the quantum communications service station key agreement side AKA Method, quantum communications service station AKA cryptographic key negotiation method include:
Customer end A generates the first random parameter, the first intermediate parameters and first key, and first key utilizes customer end A First private key and the first public key of service station are generated according to DH agreement, send first message to customer end B, first message includes client Hold the device parameter of A, the device parameter in service station, the first random parameter, the sequence number of the first intermediate parameters and customer end A; First message at least part is encrypted by first key;
Customer end B obtains, generates the second intermediate parameters, the second random parameter and the second key, the second key after decryption It is generated using the first private key of customer end B and the second public key of service station according to DH agreement, sends second message to service station, second disappears Breath includes the device parameter of customer end B, the second random parameter, first message, the device parameter of customer end B, the second intermediate parameters And the sequence number of customer end B;Second message at least part is encrypted by the second key;
After service station obtains, decrypts and verify second message, the sequence number for comparing the customer end B of itself storage disappears with second The sequence number of the customer end B of itself storage is carried out default operation after passing through and updated simultaneously by the sequence number of the customer end B in breath, comparison Storage;The sequence number of the customer end A of itself storage default operation is carried out after verifying first message to update and store;Generate vector Key and the first cryptographic Hash, vector key are generated using the first intermediate parameters and the first private key of service station according to DH agreement, and first Cryptographic Hash carries out Hash operation generation by the sequence number and service station third public key of customer end A;Recognized using the generation of vector key Syndrome vector, Ciphering Key include message authentication code, authenticate response, confidentiality key, Integrity Key and network authentication token; Third key and the second cryptographic Hash are generated, third key is raw according to DH agreement using the second intermediate parameters and the second private key of service station At the second cryptographic Hash carries out Hash operation generation by the sequence number and service station third private key of customer end B;Third is generated to disappear Breath, third message includes Ciphering Key and the second cryptographic Hash;It is at least a part of in third message to be encrypted using third key; Third message is sent to customer end B;
The sequence number of the customer end B of itself storage is carried out default operation after obtaining, decrypting and verify and updated simultaneously by customer end B Storage;It parses and the 4th message is simultaneously sent to client by authentication storage vector, fourth message of the generation comprising network authentication token Hold A;
Customer end A compares message authentication code and network authentication token and passes through after obtaining after, by the customer end A of itself storage Sequence number carry out default operation and update and store;The 5th message is generated, what the 5th message was encrypted including the use of confidentiality key Response is authenticated, sends the 5th message to customer end B;
Customer end B obtains, the certification response of comparative certification response and storage and generates comparing result after decryption, if certification is answered The certification response answered and stored is equal, and trusting confidentiality key is session key, and trust Integrity Key is authentication key;It is raw At the 6th message, the 6th message is sent to customer end A by the comparing result that the 6th message is encrypted including the use of confidentiality key;
Customer end A obtains, decrypts and read comparing result, if comparing result is that very, trusting confidentiality key is session Key, trust Integrity Key are authentication key.
In one embodiment, service station includes service station QA and service station QB, and customer end A is the sub- equipment of service station QA, Customer end B is the sub- equipment of service station QB;
Service station QB obtains the second message from customer end B, by the sequence of the customer end B of itself storage after decrypting and verifying Row number carries out default operation and updates and store, the key between service station QA coded communication acquisition first stop, disappears between generation first stop It ceases, message includes the device parameter and first message of service station QB between first stop;By message between first stop using close between first stop Key encryption is sent to service station QA;
After service station QA is obtained, decrypted and verify, the sequence number of the customer end A of itself storage is subjected to default operation and is updated And it stores;Vector key is generated using the first intermediate parameters and the first private key of service station QA, vector key is for generating certification Key between vector, with service station QB coded communication acquisition second station, generates message between the second station comprising Ciphering Key, by second Message is sent to service station QB using key encryption between second station between standing;
After service station QB is obtained, decrypted and verify, using the second intermediate parameters, it is close that QB the first private key in service station generates the 5th The sequence number of customer end B and the 4th public key of service station service station are carried out Hash operation and obtain the second cryptographic Hash by key;To client B sends the 7th message, and the 7th message includes the second cryptographic Hash, Ciphering Key;7th message at least part is added by the 5th key It is close;
7th message is used to complete AKA authentication for customer end A and customer end B.
In one embodiment, customer end A and customer end B are configured with client key card, are stored in client key card Service station public key pond, itself client public key and client private key;Service station is configured with service station key card, service station key Client public key pond, service station private key pond and service station public key pond including each client public key are stored in card.
Disclosed herein as well is a kind of client device, including memory and processor, memory is stored with computer journey Sequence, processor realize the step of quantum communications service station AKA cryptographic key negotiation method in above-mentioned technical proposal when executing computer program Suddenly.
Disclosed herein as well is a kind of service station equipment, including memory and processor, memory is stored with computer journey Sequence, processor realize middle quantum communications service station AKA cryptographic key negotiation method in above-mentioned technical proposal when executing computer program Step.The ability that there is service station Q equipment quantum key to negotiate simultaneously, i.e. service station possesses QKD equipment.
Disclosed herein as well is a kind of client device, including memory and processor, memory is stored with computer journey Sequence, processor realize the step of quantum communications service station AKA cryptographic key negotiation method in above-mentioned technical proposal when executing computer program Suddenly.
Disclosed herein as well is based on unsymmetrical key pond to and sequence number quantum communications service station AKA key agreement system System, including memory and processor, memory are stored with computer program, and processor realizes above-mentioned skill when executing computer program In art scheme the step of the AKA cryptographic key negotiation method of quantum communications service station;Customer end A and customer end B are configured with client key Block, is stored with service station public key pond in client key card, itself client public key and client private key;Service station is configured with Service station key card is stored with client public key pond, service station private key pond including each client public key in the key card of service station And service station public key pond.
In the specific implementation scenario, each parameter has various actual expression ways.Such as first random parameter can be expressed as True random number R0, the second random parameter can be expressed as true random number R1, and so on;First intermediate parameters can be expressed as truly random Number xa, the second conscientious parameter can be expressed as true random number xb;First key can be expressed as key K1, and the second key can be expressed as close Key K2, analogized with secondary;Parameters are substantially the character string that equipment generates, and different works are only played during AKA With being distinguish in order to facilitate understanding.
Specific implementation process is as follows in usage scenario:
1 customer end A of embodiment and customer end B are located under the same service station Q
System explanation
The scene of the present embodiment is as shown in figure 4, in this figure, including customer end A, customer end B and quantum communications service station Q, Referred to as service station Q.Customer end A and customer end B are equipped with client key card, and quantum communications service station Q is close equipped with service station Key card.Above-mentioned key card is same a batch of key card that the same Key Management server is issued.If the ID of customer end A is IDA, corresponding public key are PKA, and corresponding private key is SKA;If the ID of customer end B is IDB, corresponding public key is PKB, corresponding Private key is SKB.
Client and the process of quantum communications service station arranging key are as follows:
Client or quantum communications service station combine specific unsymmetrical key pointer according to key indicator random number rand Function Fp obtains corresponding unsymmetrical key pointer P, by unsymmetrical key pond pointer P from the service station public key pond in key card Or it is extracted in the private key pond of service station and obtains corresponding public and private key.
Step 1: customer end A initiates the authentication request with customer end B
Customer end A generates two true random numbers xa and R1 according to the randomizer in local key card, wherein xa Size is in range [1, p-1].Xa=g is obtained by calculation in customer end Axamod p.Customer end A passes through R1 from local key card Service station public key pond in take out public key PKQ1, this process please refers to cipher key agreement process above.Customer end A takes out own private key SKA and public key PKQ1 carry out that K1=PKQ1 is calculatedSKAmod p.K1 is split as encryption key EK1 to customer end A and message is recognized Demonstrate,prove key A K1.If M1_0=IDA | | Xa, customer end A takes out own sequence SQNA, and utilizes AK1 pairs of message authentication key M1_0 | | SQNA carries out message authentication and MAC (M1_0 | | SQNA, AK1) is calculated.MAC (m, k) is indicated using m The message authentication code of key.Customer end A is using encryption key EK1 to M1_0 | | MAC (M1_0 | | SQNA, AK1) encryption obtains {M1_0||MAC(M1_0||SQNA,AK1)}EK1。
Customer end A is packaged message and obtains M1, is represented by M1=IDA | | IDQ | | R1 | | M1_0 | | MAC (M1_0 | | SQNA,AK1)}EK1.M1 is sent to customer end B by customer end A.
Step 2: customer end B requests Ciphering Key to quantum communication service station Q
Customer end B receive after message to message parse to obtain IDA, IDQ, R1 and M1_0 | | MAC (M1_0 | | SQNA, AK1)}EK1.Customer end B generates two true random numbers xb and R2 according to the randomizer in local key card, wherein xb Size is in range [1, p-1].Customer end B takes out public key PKQ2 by R2 from the service station public key pond of local key card, this Process please refers to cipher key agreement process above.Customer end B takes out own private key SKB and public key PKQ2 carries out that K2=is calculated PKQ2SKBmod p.K2 is split as encryption key EK2 and message authentication key AK2 by customer end B.Xb is calculated in customer end B =gxbmod p.If M2_0=M1 | | IDB | | Xb, customer end B takes out own sequence SQNB, and utilizes message authentication key AK2 is to M2_0 | | SQNB carries out message authentication and MAC (M2_0 | | SQNB, AK2) is calculated.Customer end B utilizes encryption key EK2 To M2_0 | | MAC (M2_0 | | SQNB, AK2) encryption obtains { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2.
Customer end B is packaged message and obtains M2, is represented by M2=IDB | | R2 | | M2_0 | | MAC (M2_0 | | SQNB, AK2)}EK2.Ciphering Key request M2 is sent to quantum service station Q by customer end B.
Step 3: quantum communications service station Q return authentication vector
Service station Q receives parsing after message and obtains IDB, R2 and { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2.Service The Q that stands according to R2 takes out private key SKQ2 from local key card service station private key pond, this process please refers to cipher key agreement process above. Service station Q takes out the corresponding public key PKB of customer end B according to IDB from client public key pond.K2=is calculated in service station Q PKBSKQ2mod p.K2 is split as encryption key EK2 and message authentication key AK2 by service station Q.
Service station Q using encryption key EK2 to { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2 decrypt to obtain M2_0 and MAC(M2_0||SQNB,AK2).Service station Q takes out the corresponding sequence number SQNB of customer end B according to IDB.Service station Q utilizes message Authentication key is to M2_0 | | SQNB carries out message authentication.If the verification passes, updating the SQNB in client public key pond is SQNB+ 1 and carry out in next step, otherwise, to M2_0 | | (SQNB-1) carry out message authentication, if it succeeds, carry out in next step, otherwise, AKA failed authentication.After being verified, service station Q parsing M2_0 obtain IDB, Xb, IDA, IDQA, R1 and M1_0 | | MAC (M1_0 ||SQNA,AK1)}EK1。
Service station Q takes out private key SKQ1 according to R1 from local key card service station private key pond, this process please refers to above Cipher key agreement process, and the corresponding public key PKA of customer end A is taken out from local key card client public key pond according to IDA.Service K1=PKA is calculated in the Q that standsSKQ1mod p.K1 is split as encryption key EK1 and message authentication key AK1 by service station Q.
Service station Q using EK1 to { M1_0 | | MAC (M1_0 | | SQNA, AK1) } EK1 decrypt to obtain M1_0 and MAC (M1_0 | | SQNA, AK1), service station Q takes out the corresponding sequence number SQNA of customer end A according to IDA.Service station Q is utilized using AK1 to MAC (M1_0 | | SQNA, AK1) carry out information authentication.If the verification passes, update client public key pond in SQNA be SQNA+1 simultaneously Carry out in next step, otherwise, to M1_0 | | (SQNA-1) carries out message authentication, if it succeeds, carry out in next step, otherwise, AKA mirror Power failure.
After being verified, service station Q is according to SQNA respectively from local key card service station private key pond and service station public key pond Middle taking-up private key SKQa and public key PKQa.This process please refers to cipher key agreement process above, and it is random that SQNA is equivalent to key indicator Number and herein SQNA are newest value in client public key pond.Key K=Xa is calculated in service station QSKQaMod p and one Cryptographic Hash HASHa=HASH (SQNA | | PKQa).Key K is calculated for vector below.The calculating of following Ciphering Key refers to AKA authentication techniques.
Calculate message authentication code (MAC): MAC=F1K(HASHa||Xa||AMF);
Calculate desired certification response (XRES): XRES=F2K(HASHa||Xa);
Computational security key (CK): CK=F3K(HASHa||Xa);
Calculation of integrity key (IK): IK=F4K(HASHa||Xa);
Network authentication token (AUTN): AUTN=AMF | | MAC;
Integration obtains Ciphering Key AV=XRES | | CK | | IK | | AUTN.
Service station Q generates a true random number R3 according to the randomizer in local key card.Service station Q is according to R3 Private key SKQ3 and public key PKQ3 is taken out from local key card service station private key pond and service station public key pond respectively, this process please join It is admitted to literary cipher key agreement process.K3=Xb is obtained by calculation in service station QSKQ3A mod p and cryptographic Hash HASHb=HASH (SQNB | | PKQ3), SQNB herein is newest value in client public key pond.K3 is split as encryption key EK3 by service station QB With message authentication key AK3.
Service station Q carries out message authentication algorithm to AV and obtains message authentication code MAC (AV | | HASHb, AK3).Service station Q benefit With encryption key EK3 to AV | | MAC (AV | | HASHb, AK3) encryption obtains { AV | | MAC (AV | | HASHb, AK3) } EK3 and will M3=R3 | | { AV | | MAC (AV | | HASHb, AK3) } EK3 is sent to customer end B.
Step 4: customer end B initiates authentication challenge
After customer end B receives, public key PKQ3 is taken out from local key card service station public key pond according to R3, this process please join It is admitted to literary cipher key agreement process.K3=PKQ3 is obtained by calculation in customer end BxbA mod p and cryptographic Hash HASHb=HASH (SQNB+1||PKQ3).K3 is split as encryption key EK3 and message authentication key AK3 by customer end B.Customer end B utilizes EK3 pairs { AV | | MAC (AV | | HASHb, AK3) } EK3 decrypts to obtain AV | | MAC (AV | | HASHb, AK3), and using AK3 to message authentication Code MAC (AV | | HASHb, AK3) it is verified.After being verified, it is SQNB+1 that customer end B, which updates local sequence number SQNB,.Visitor Family end B parsing AV obtains XRES | | CK | | IK | | AUTN, and by XRES | | CK | | IK is retained in local secure storage region.If M4 =IDB | | AUTN, and customer end A is sent by M4.
Step 5: customer end A return authentication response
After customer end A receives, public key PKQa, this process are taken out from local key card service station public key pond according to SQNA+1 Please refer to cipher key agreement process above.K=PKQa is calculated in customer end AxaA mod p and cryptographic Hash HASHa=HASH (SQNA+1||PKQa).Customer end A carries out calculating below using K.
XMAC=F1K(HASHa||Xa||AMF);
RES=F2K(HASHa||Xa);
CK=F3K(HASHa||Xa);
IK=F4K(HASHa||Xa);
Customer end A compares the MAC in XMAC and AUTN, if identical, carries out in next step;Otherwise, authentication is lost It loses.After verification passes through, it is SQNA+1 that customer end A, which updates local sequence number SQNA,.Customer end A carries out message to RES using IK and recognizes Card algorithm obtain message authentication code MAC (RES, IK), and using CK to RES | | MAC (RES, IK) encryption obtain RES | | MAC (RES, IK) } CK.If M5=IDA | | and RES | | MAC (RES, IK) } CK.M5 is sent to customer end B by customer end A.
Step 8: the certification response of customer end B verifying customer end A
After customer end B receives, RES is obtained using CK decryption M5 | | MAC (RES, IK), and using IK to message authentication code MAC (RES, IK) is verified.If the verification passes, whether customer end B verifying RES and local XRES are equal.If verifying Pass through, then REP=OK;Conversely, then REP=FAIL.
Customer end B carries out message authentication algorithm to REP using IK and obtains message authentication code MAC (REP, IK), and utilizes CK To REP | | MAC (REP, IK) encryption obtains M6, is represented by M6=IDB | | REP | | and MAC (REP, IK) } CK.Customer end B will M6 is sent to customer end A.Customer end A parses authenticating result REP after decrypting and authenticate using CK and IK.
Authentication terminates, and customer end A and customer end B obtain session key i.e. encryption key CK and message authentication key IK.
2 customer end A of embodiment and customer end B are located under service station QA and service station QB
System explanation
The scene of the present embodiment as shown in figure 3, in this figure, including customer end A, customer end B, quantum communications service station QA and Quantum communications service station QB, referred to as service station QA and service station QB.Customer end A and customer end B are equipped with client key card, Quantum communications service station QA and quantum communications service station QB is furnished with service station key card.Above-mentioned customer end A belongs to quantum communications Service station QA, customer end B belong to quantum communications service station QB.If the ID of customer end A is IDA, Serial No. SQNA, corresponding Public key is PKA, and corresponding private key is SKA;If the ID of customer end B is IDB, Serial No. SQNB, corresponding public key is PKB, right The private key answered is SKB.
Client and the process of quantum communications service station arranging key are as follows:
Client or quantum communications service station combine specific unsymmetrical key pointer according to key indicator random number rand Function Fp obtains corresponding unsymmetrical key pointer P, by unsymmetrical key pond pointer P from the service station public key pond in key card Or it is extracted in the private key pond of service station and obtains corresponding public key or private key.
Step 1: customer end A initiates the authentication request with customer end B
Customer end A generates two true random numbers xa and R1 according to the randomizer in local key card, wherein xa Size is in range [1, p-1].Xa=g is obtained by calculation in customer end Axamod p.Customer end A passes through R1 from local key card Service station public key pond in take out public key PKQA1, this process please refers to cipher key agreement process above.Customer end A takes out itself private Key SKA and public key PKQA1 carry out that K1=PKQA1 is calculatedSKAmod p.K1 is split as encryption key EK1 and disappeared by customer end A Cease authentication key AK1.If M1_0=IDA | | Xa, customer end A takes out own sequence SQNA, and utilizes message authentication key AK1 To M1_0 | | SQNA carries out message authentication and MAC (M1_0 | | SQNA, AK1) is calculated.MAC (m, k) is indicated using m as message, with k For the message authentication code of key.Customer end A is using encryption key EK1 to M1_0 | | MAC (M1_0 | | SQNA, AK1) encryption obtains {M1_0||MAC(M1_0||SQNA,AK1)}EK1。
Customer end A is packaged message and obtains M1, is represented by M1=IDA | | IDQA | | R1 | | M1_0 | | MAC (M1_0 | | SQNA,AK1)}EK1.M1 is sent to customer end B by customer end A.
Step 2: customer end B requests Ciphering Key to quantum communication service station QB
Customer end B receive after message to message parse to obtain IDA, IDQA, R1 and M1_0 | | MAC (M1_0 | | SQNA, AK1)}EK1.Customer end B generates two true random numbers xb and R2 according to the randomizer in local key card, wherein xb Size is in range [1, p-1].Customer end B takes out public key PKQB2 by R2 from the service station public key pond of local key card, this Process please refers to cipher key agreement process above.Customer end B takes out own private key SKB and public key PKQB2 carries out that K2=is calculated PKQB2SKBmod p.K2 is split as encryption key EK2 and message authentication key AK2 by customer end B.Xb is calculated in customer end B =gxbmod p.If M2_0=M1 | | IDB | | Xb, customer end B takes out own sequence SQNB, and utilizes message authentication key AK2 is to M2_0 | | SQNB carries out message authentication and MAC (M2_0 | | SQNB, AK2) is calculated.Customer end B utilizes encryption key EK2 To M2_0 | | MAC (M2_0 | | SQNB, AK2) encryption obtains { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2.
Customer end B is packaged message and obtains M2, is represented by M2=IDB | | R2 | | M2_0 | | MAC (M2_0 | | SQNB, AK2)}EK2.Ciphering Key request M2 is sent to quantum service station QB by customer end B.
Step 3: quantum communications service station QB requests quantum communication service station QA
Service station QB receives parsing after message and obtains IDB, R2 and { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2.Service The QB that stands according to R2 takes out private key SKQB2 from local key card service station private key pond, this process please refers to key agreement mistake above Journey.Service station QB takes out the corresponding public key PKB of customer end B according to IDB from client public key pond.K2 is calculated in service station QB =PKBSKQB2mod p.K2 is split as encryption key EK2 and message authentication key AK2 by service station QB.
Service station QB using encryption key EK2 to { M2_0 | | MAC (M2_0 | | SQNB, AK2) } EK2 decrypt to obtain M2_0 and MAC(M2_0||SQNB,AK2).Service station QB takes out the corresponding sequence number SQNB of customer end B according to IDB.Service station QB, which is utilized, to disappear Authentication key is ceased to M2_0 | | SQNB carries out message authentication.If the verification passes, the SQNB in update client public key pond is SQNB+1 is simultaneously carried out in next step, otherwise, to M2_0 | | (SQNB-1) carries out message authentication, if it succeeds, carry out in next step, it is no Then, AKA failed authentication.
After being verified, service station QB parsing M2_0 obtains M1 | | IDB | | Xb.Service station QB and service station QA pass through quantum Key distribution is negotiated to obtain encryption key EK3 ' and message authentication key AK3 '.If M3 '=IDQB | | M1, service station QB are utilized AK3 ' carries out message authentication to M3 ' and MAC (M3 ', AK3 ') is calculated.Service station QB is using encryption key EK3 ' to M3 ' | | MAC (M3 ', AK3 ') encryption obtains { M3 ' | | MAC (M3 ', AK3 ') } EK3 '.
{ M3 ' | | MAC (M3 ', AK3 ') } EK3 ' is sent to service station QA according to the IDQA information in M1 by service station QB.
Step 4: quantum communications service station QA return authentication vector
After service station QA is received, { M3 ' | | MAC (M3 ', AK3 ') } EK3 ' decryption is obtained using obtained EK3 ' is negotiated M3 ' | | MAC (M3 ', AK3 '), and utilize AK3 ' verifying message authentication code MAC (M3 ', AK3 ').After being verified, service station QA Parsing M3 ' obtains IDQB, IDA, IDQA, R1 and { M1_0 | | MAC (M1_0 | | SQNA, AK1) } EK1.Service station QA according to R1 from Private key SKQA1 is taken out in local key card service station private key pond, this process please refers to cipher key agreement process above, and according to IDA The corresponding public key PKA of customer end A is taken out from local key card client public key pond.K1=is calculated in service station QA PKASKQA1mod p.K1 is split as encryption key EK1 and message authentication key AK1 by service station QA.
Service station QA decrypts to obtain M1_0 and MAC (M1_0 using EK1 to { M1_0 | | MAC (M1_0 | | SQNA, AK1) } EK1 | | SQNA, AK1), service station QA takes out the corresponding sequence number SQNA of customer end A according to IDA.Service station QA utilizes AK1 pairs MAC (M1_0 | | SQNA, AK1) carry out information authentication.If the verification passes, updating the SQNA in client public key pond is SQNA+1 And carry out in next step, otherwise, to M1_0 | | (SQNA-1) carries out message authentication, if it succeeds, carry out in next step, otherwise, AKA Failed authentication.
After being verified, service station QA is according to SQNA respectively from local key card service station private key pond and service station public key pond Middle taking-up private key SKQAa and public key PKQAa.This process please refers to cipher key agreement process above, SQNA be equivalent to key indicator with Machine number and herein SQNA are newest value in client public key pond.Key K=Xa is calculated in service station QASKQAaMod p and one A cryptographic Hash HASHa=HASH (SQNA | | PKQAa).Key K is calculated for vector below.The calculating of following Ciphering Key is joined Examine AKA authentication techniques.
Calculate message authentication code (MAC): MAC=F1K(HASHa||Xa||AMF);
Calculate desired certification response (XRES): XRES=F2K(HASHa||Xa);
Computational security key (CK): CK=F3K(HASHa||Xa);
Calculation of integrity key (IK): IK=F4K(HASHa||Xa);
Network authentication token (AUTN): AUTN=AMF | | MAC;
Integration obtains Ciphering Key AV=M4 '=XRES | | CK | | IK | | AUTN.Service station QA and service station QB negotiate To encryption key EK4 ' and message authentication key AK4 '.Service station QA carries out message authentication algorithm to M4 ' and obtains message authentication code MAC (M4 ', AK4 ').Service station QA is using encryption key EK4 ' to M4 ' | | MAC (M4 ', AK4 ') encryption obtain M4 ' | | MAC (M4 ', AK4 ') } EK4 ' and it is sent to service station QB.
Step 5: quantum communications service station QB forwards Ciphering Key
After service station QB is received, EK4 ' is utilized to obtain M4 ' to { M4 ' | | MAC (M4 ', AK4 ') } EK4 ' decryption | | MAC (M4 ', AK4 '), and message authentication code MAC (M4 ', AK4 ') is verified using AK4 '.After being verified, service station QB root A true random number R3 is generated according to the randomizer in local key card.Service station QB is according to R3 respectively from local key card Private key SKQB3 and public key PKQB3 is taken out in service station private key pond and service station public key pond, this process please refers to key agreement above Process.K5=Xb is obtained by calculation in service station QBSKQB3Mod p and cryptographic Hash HASHb=HASH (SQNB | | PKQB3), SQNB herein is newest value in client public key pond.K5 is split as encryption key EK5 to service station QB and message authentication is close Key AK5.
Service station QB carries out message authentication algorithm to M4 ' and obtains message authentication code MAC (M4 ' | | HASHb, AK5).Service station QB is using encryption key EK5 to M4 ' | | MAC (M4 ' | | HASHb, AK5) encryption obtains { M4 ' | | MAC (M4 ' | | HASHb, AK5) } EK5 and by M5 '=R3 | | { M4 ' | | MAC (M4 ' | | HASHb, AK5) } EK5 is sent to customer end B.
Step 6: customer end B initiates authentication challenge
After customer end B receives, public key PKQB3 is taken out from local key card service station public key pond according to R3, this process is asked With reference to cipher key agreement process above.K5=PKQB3 is obtained by calculation in customer end BxbA mod p and cryptographic Hash HASHb= HASH(SQNB+1||PKQB3).K5 is split as encryption key EK5 and message authentication key AK5 by customer end B.Customer end B utilizes EK5 decrypts to obtain M4 ' to { M4 ' | | MAC (M4 ' | | HASHb, AK5) } EK5 | | MAC (M4 ' | | HASHb, AK5), and utilize AK5 Message authentication code MAC (M4 ' | | HASHb, AK5) is verified.After being verified, customer end B updates local sequence number SQNB For SQNB+1.Customer end B parsing M4 ' obtains XRES | | CK | | IK | | AUTN, and by XRES | | CK | | IK is retained in local security Storage region.If M6=IDB | | AUTN, and customer end A is sent by M6.
Step 7: customer end A return authentication response
After customer end A receives, public key PKQAa, this mistake are taken out from local key card service station public key pond according to SQNA+1 Journey please refers to cipher key agreement process above.K=PKQAa is calculated in customer end AxaA mod p and cryptographic Hash HASHa= HASH(SQNA+1||PKQAa).Customer end A carries out calculating below using K.
XMAC=F1K(HASHa||Xa||AMF);
RES=F2K(HASHa||Xa);
CK=F3K(HASHa||Xa);
IK=F4K(HASHa||Xa);
Customer end A compares the MAC in XMAC and AUTN, if identical, carries out in next step;Otherwise, authentication is lost It loses.After verification passes through, it is SQNA+1 that customer end A, which updates local sequence number SQNA,.Customer end A carries out message to RES using IK and recognizes Card algorithm obtain message authentication code MAC (RES, IK), and using CK to RES | | MAC (RES, IK) encryption obtain RES | | MAC (RES, IK) } CK.If M7=IDA | | and RES | | MAC (RES, IK) } CK.M7 is sent to customer end B by customer end A.
Step 8: the certification response of customer end B verifying customer end A
After customer end B receives, RES is obtained using CK decryption M7 | | MAC (RES, IK), and using IK to message authentication code MAC (RES, IK) is verified.If the verification passes, whether customer end B verifying RES and local XRES are equal.If verifying Pass through, then REP=OK;Conversely, then REP=FAIL.
Customer end B carries out message authentication algorithm to REP using IK and obtains message authentication code MAC (REP, IK), and utilizes CK To REP | | MAC (REP, IK) encryption obtains M8, is represented by M8=IDB | | REP | | and MAC (REP, IK) } CK.Customer end B will M8 is sent to customer end A.Customer end A parses authenticating result REP after decrypting and authenticate using CK and IK.
Authentication terminates, and customer end A and customer end B obtain session key i.e. encryption key CK and message authentication key IK.
Specific restriction about customer end A equipment, customer end B equipment, service station Q equipment and system may refer to above In restriction for quantum communications service station authentication method, details are not described herein.Modules in above-mentioned each equipment can be complete Portion or part are realized by software, hardware and combinations thereof.Above-mentioned each module can be embedded in the form of hardware or independently of calculating In processor in machine equipment, it can also be stored in a software form in the memory in computer equipment, in order to processor It calls and executes the corresponding operation of the above modules.
In one embodiment, a kind of computer equipment is provided, which can be service station Q, inside Structure chart can be as shown in Figure 1.The computer equipment includes processor, the memory, network interface connected by system bus And database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory of the computer equipment Including non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program sum number According to library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The meter The database for calculating machine equipment is used to store the related data of authentication.The network interface of the computer equipment is used for and outside Terminal passes through network connection communication.When the computer program is executed by processor with realize it is a kind of based on unsymmetrical key pond to The quantum communications service station AKA cryptographic key negotiation method of sequence number.
Wherein implement according in the available claim of conclusion of the specific steps of technical solution disclosed above in visitor Family end A based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, implement in service station Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and implement in customer end B Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, therefore repeat no more.
It will be understood by those skilled in the art that structure shown in Fig. 1, only part relevant to application scheme is tied The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, To any reference of memory, storage, database or other media used in each embodiment provided herein, Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms, Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.

Claims (10)

1. based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, implement in client A, which is characterized in that the quantum communications service station AKA cryptographic key negotiation method includes:
The first random parameter, the first intermediate parameters and first key are generated, the first key utilizes the first private key of customer end A It is generated with the first public key of service station according to DH agreement, sends first message to customer end B, the first message includes customer end A Device parameter, the device parameter in service station, the first random parameter, the sequence number of the first intermediate parameters and customer end A;It is described First message at least part is encrypted by the first key;
The 4th message comprising network authentication token from customer end B is obtained, the network authentication token is by the service station It is obtained using vector cipher key calculation, the vector key is generated using first intermediate parameters and the first private key of service station;It is raw At the vector key and the message authentication code in Ciphering Key is calculated, authenticates response, confidentiality key and integrality Key;After comparing message authentication code and the network authentication token and passing through, the sequence number of the customer end A of itself storage is carried out Default operation is updated and is stored;Generate the 5th message, the certification response that the 5th message is encrypted including the use of confidentiality key, The 5th message is sent to customer end B;
The 6th message from customer end B is obtained, the 6th message encrypts comparing result including the use of confidentiality key;It is described Comparing result is the certification response generation later of the response of customer end B comparative certification and customer end B storage, decrypts and reads comparison knot Fruit, if comparing result is that very, trusting confidentiality key is session key, trust Integrity Key is authentication key.
2. based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, implement in service station, It is characterized in that, the quantum communications service station AKA cryptographic key negotiation method includes:
Second message of the acquisition from customer end B, the device parameter including customer end B, the second random parameter, first message, the The sequence number of two intermediate parameters and customer end B;The first message includes the device parameter of customer end A, the equipment in service station Parameter, the first random parameter, the sequence number of the first intermediate parameters and customer end A;Wherein, first random parameter, first Intermediate parameters are generated by the customer end A, and second random parameter and the second intermediate parameters are generated by the customer end B;
After decrypting and verifying the second message, compare in sequence number and the second message for the customer end B that itself is stored The sequence number of customer end B, the sequence number for comparing the customer end B for storing itself after passing through carry out default operation and update and store; The sequence number of the customer end A of itself storage default operation is carried out after verifying first message to update and store;Generate vector key With the first cryptographic Hash, the vector key is generated using the first intermediate parameters and the first private key of service station according to DH agreement, described First cryptographic Hash carries out Hash operation generation by the sequence number and service station third public key of customer end A;It is close using the vector Key generate Ciphering Key, the Ciphering Key include message authentication code, authenticate response, confidentiality key, Integrity Key and Network authentication token;Generate third key and the second cryptographic Hash, the third key utilizes the second intermediate parameters and service station the Two private keys are generated according to DH agreement, and second cryptographic Hash is breathed out by the sequence number and the 4th public key of service station of customer end B Uncommon operation generates;Third message is generated, the third message includes Ciphering Key and the second cryptographic Hash;In the third message It is at least a part of to be encrypted using the third key;The third message is sent to the customer end B;
The Ciphering Key is used to complete AKA authentication for the customer end A and customer end B.
3. based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, implement in client B, which is characterized in that the quantum communications service station AKA cryptographic key negotiation method includes:
The first message from the customer end A is obtained, the first message includes the device parameter of customer end A, service station Device parameter, the first random parameter, the sequence number of the first intermediate parameters and customer end A;Described first message at least part It is encrypted by first key;The second intermediate parameters, the second random parameter and the second key, second key are generated after decryption It is generated using the first private key of customer end B and the second public key of service station according to DH agreement, sends second message to service station, described the Two message include the device parameter of customer end B, the second random parameter, the first message, the device parameter of customer end B, and second The sequence number of intermediate parameters and customer end B;Described second message at least part is encrypted by second key;
The third message from service station is obtained, the third message includes Ciphering Key and the second cryptographic Hash;The third It is at least a part of in message to be encrypted using third key;The Ciphering Key by the service station using vector key generate and Comprising message authentication code, response, confidentiality key, Integrity Key and network authentication token are authenticated;The vector key benefit It is generated with first intermediate parameters and the first private key of service station;The third key utilizes service station second by the service station Private key and second intermediate parameters are generated according to DH agreement, by the sequence number of the customer end B of itself storage after decrypting and verifying Default operation is carried out to update and store;The Ciphering Key is parsed and stored, the 4th message comprising network authentication token is generated And the 4th message is sent to customer end A;
Fiveth message of the acquisition from customer end A, the certification response that the 5th message is encrypted including the use of confidentiality key, Middle certification response, confidentiality key are generated by customer end A using vector key;The certification of comparative certification response and storage after decryption Response simultaneously generates comparing result, and it is session key that confidentiality key is trusted if the certification response of certification response and storage is equal, Trust Integrity Key is authentication key;Generate the 6th message, pair that the 6th message is encrypted including the use of confidentiality key Than as a result, the 6th message is sent to customer end A.
4. based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method, which is characterized in that institute Stating quantum communications service station AKA cryptographic key negotiation method includes:
Customer end A generates the first random parameter, the first intermediate parameters and first key, and the first key utilizes customer end A First private key and the first public key of service station are generated according to DH agreement, send first message to customer end B, the first message includes The device parameter of customer end A, the device parameter in service station, the first random parameter, the sequence of the first intermediate parameters and customer end A Number;Described first message at least part is encrypted by the first key;
Customer end B obtains, generates the second intermediate parameters, the second random parameter and the second key, second key after decryption It is generated using the first private key of customer end B and the second public key of service station according to DH agreement, sends second message to service station, described the Two message include the device parameter of customer end B, the second random parameter, the first message, the device parameter of customer end B, and second The sequence number of intermediate parameters and customer end B;Described second message at least part is encrypted by second key;
After service station obtains, decrypts and verify the second message, the sequence number and described the of the customer end B of itself storage is compared The sequence number of customer end B in two message, comparison carry out the sequence number of the customer end B of itself storage to preset operation more after passing through Newly and store;The sequence number of the customer end A of itself storage default operation is carried out after verifying first message to update and store;It generates Vector key and the first cryptographic Hash, the vector key are raw according to DH agreement using the first intermediate parameters and the first private key of service station At first cryptographic Hash carries out Hash operation generation by the sequence number and service station third public key of customer end A;Using described Vector key generates Ciphering Key, and the Ciphering Key includes message authentication code, authenticates response, confidentiality key, integrality is close Key and network authentication token;Third key and the second cryptographic Hash are generated, the third key utilizes the second intermediate parameters kimonos Business the second private key of station is generated according to DH agreement, and second cryptographic Hash passes through the sequence number and service station third private key of customer end B Carry out Hash operation generation;Third message is generated, the third message includes Ciphering Key and the second cryptographic Hash;The third It is at least a part of in message to be encrypted using the third key;The third message is sent to the customer end B;
The sequence number of the customer end B of itself storage is carried out default operation after obtaining, decrypting and verify and updates and deposit by customer end B Storage;The Ciphering Key is parsed and stored, the 4th message comprising network authentication token is generated and sends the 4th message To customer end A;
Customer end A compares message authentication code and the network authentication token and passes through after obtaining after, by the customer end A of itself storage Sequence number carry out default operation and update and store;The 5th message is generated, the 5th message adds including the use of confidentiality key Close certification response sends the 5th message to customer end B;
Customer end B obtains, the certification response of comparative certification response and storage and generates comparing result after decryption, if certification response and The certification response of storage is equal, and trusting confidentiality key is session key, and trust Integrity Key is authentication key;Generate the 6th message is sent to client by six message, the comparing result that the 6th message is encrypted including the use of confidentiality key Hold A;
Customer end A obtains, decrypts and read comparing result, if comparing result is that very, trusting confidentiality key is session key, Trust Integrity Key is authentication key.
5. such as the described in any item quantum communications service station AKA cryptographic key negotiation methods of Claims 1-4, which is characterized in that described Service station includes service station QA and service station QB, and the customer end A is the sub- equipment of the service station QA, and the customer end B is The sub- equipment of the service station QB;
The service station QB obtains the second message from customer end B, by the sequence of the customer end B of itself storage after decrypting and verifying Row number carries out default operation and updates and store, and the key between service station QA coded communication acquisition first stop generates first stop Between message, message includes the device parameter and first message of service station QB between the first stop;Message between first stop is utilized the Key encryption is sent to service station QA between one station;
After service station QA is obtained, decrypted and verify, the sequence number of the customer end A of itself storage is subjected to default operation and updates and deposits Storage;Vector key is generated using the first intermediate parameters and the first private key of service station QA, the vector key is described for generating Key between Ciphering Key, with service station QB coded communication acquisition second station, generates the second station comprising the Ciphering Key Between message, by message between the second station using between second station key encryption be sent to the service station QB;
After service station QB is obtained, decrypted and verify, using the second intermediate parameters, QB the first private key in service station generates the 5th key, The sequence number of customer end B and the 4th public key of service station service station are subjected to Hash operation and obtain the second cryptographic Hash;It is sent out to customer end B The 7th message is sent, the 7th message includes the second cryptographic Hash, Ciphering Key;7th message at least part is added by the 5th key It is close;
7th message is used to complete AKA authentication for the customer end A and customer end B.
6. such as the described in any item quantum communications service station AKA cryptographic key negotiation methods of Claims 1-4, which is characterized in that described Customer end A and customer end B are configured with client key card, are stored with service station public key pond in the client key card, itself Client public key and client private key;The service station is configured with service station key card, storage in the service station key card There are client public key pond, service station private key pond and service station public key pond including each client public key.
7. a kind of client device, including memory and processor, the memory are stored with computer program, feature exists In the processor realizes quantum communications service station AKA key agreement described in claim 1 when executing the computer program The step of method.
8. a kind of service station equipment, including memory and processor, the memory are stored with computer program, feature exists In the processor realizes quantum communications service station AKA key agreement described in claim 2 when executing the computer program The step of method.
9. a kind of client device, including memory and processor, the memory are stored with computer program, feature exists In the processor realizes quantum communications service station AKA key agreement described in claim 3 when executing the computer program The step of method.
10. based on unsymmetrical key pond to and sequence number quantum communications service station AKA key agreement system, including memory and Processor, the memory are stored with computer program, which is characterized in that the processor executes real when the computer program The step of quantum communications service station AKA cryptographic key negotiation method described in existing claim 4;The customer end A and customer end B configuration There is client key card, service station public key pond is stored in the client key card, itself client public key and client Private key;The service station is configured with service station key card, is stored in the service station key card including each client public key Client public key pond, service station private key pond and service station public key pond.
CN201910591305.7A 2019-07-02 2019-07-02 Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number Active CN110493177B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910591305.7A CN110493177B (en) 2019-07-02 2019-07-02 Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910591305.7A CN110493177B (en) 2019-07-02 2019-07-02 Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number

Publications (2)

Publication Number Publication Date
CN110493177A true CN110493177A (en) 2019-11-22
CN110493177B CN110493177B (en) 2021-08-31

Family

ID=68546480

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910591305.7A Active CN110493177B (en) 2019-07-02 2019-07-02 Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number

Country Status (1)

Country Link
CN (1) CN110493177B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113114460A (en) * 2021-06-15 2021-07-13 国网浙江省电力有限公司杭州供电公司 Quantum encryption-based power distribution network information secure transmission method
CN113452687A (en) * 2021-06-24 2021-09-28 中电信量子科技有限公司 Method and system for encrypting sent mail based on quantum security key
CN114095183A (en) * 2022-01-23 2022-02-25 杭州字节信息技术有限公司 Client dual authentication method, terminal equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170237558A1 (en) * 2016-02-15 2017-08-17 Alibaba Group Holding Limited System and method for quantum key distribution
US20170338951A1 (en) * 2016-05-19 2017-11-23 Alibaba Group Holding Limited Method and system for secure data transmission
CN108574569A (en) * 2017-03-08 2018-09-25 中国移动通信有限公司研究院 A kind of authentication method and authentication device based on quantum key
CN109151053A (en) * 2018-09-20 2019-01-04 如般量子科技有限公司 Anti- quantum calculation cloud storage method and system based on public asymmetric key pond
CN109756329A (en) * 2019-01-15 2019-05-14 如般量子科技有限公司 Anti- quantum calculation shared key machinery of consultation and system based on private key pond
CN109921905A (en) * 2019-01-18 2019-06-21 如般量子科技有限公司 Anti- quantum calculation cryptographic key negotiation method and system based on private key pond

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170237558A1 (en) * 2016-02-15 2017-08-17 Alibaba Group Holding Limited System and method for quantum key distribution
US20170338951A1 (en) * 2016-05-19 2017-11-23 Alibaba Group Holding Limited Method and system for secure data transmission
CN108574569A (en) * 2017-03-08 2018-09-25 中国移动通信有限公司研究院 A kind of authentication method and authentication device based on quantum key
CN109151053A (en) * 2018-09-20 2019-01-04 如般量子科技有限公司 Anti- quantum calculation cloud storage method and system based on public asymmetric key pond
CN109756329A (en) * 2019-01-15 2019-05-14 如般量子科技有限公司 Anti- quantum calculation shared key machinery of consultation and system based on private key pond
CN109921905A (en) * 2019-01-18 2019-06-21 如般量子科技有限公司 Anti- quantum calculation cryptographic key negotiation method and system based on private key pond

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王聪: "量子密钥分发网络路由与资源分配研究", 《中国优秀硕士学位论文全文数据库(电子期刊)》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113114460A (en) * 2021-06-15 2021-07-13 国网浙江省电力有限公司杭州供电公司 Quantum encryption-based power distribution network information secure transmission method
CN113114460B (en) * 2021-06-15 2021-08-24 国网浙江省电力有限公司杭州供电公司 Quantum encryption-based power distribution network information secure transmission method
CN113452687A (en) * 2021-06-24 2021-09-28 中电信量子科技有限公司 Method and system for encrypting sent mail based on quantum security key
CN114095183A (en) * 2022-01-23 2022-02-25 杭州字节信息技术有限公司 Client dual authentication method, terminal equipment and storage medium
CN114095183B (en) * 2022-01-23 2022-05-03 杭州字节信息技术有限公司 Client dual authentication method, terminal equipment and storage medium

Also Published As

Publication number Publication date
CN110493177B (en) 2021-08-31

Similar Documents

Publication Publication Date Title
US10516527B1 (en) Split-key based cryptography system for data protection and synchronization across multiple computing devices
US7793340B2 (en) Cryptographic binding of authentication schemes
US8724819B2 (en) Credential provisioning
CN109361668A (en) A kind of data trusted transmission method
CN109379387B (en) Safety certification and data communication system between Internet of things equipment
CN108494551A (en) Processing method, system, computer equipment and storage medium based on collaboration key
CN108418691A (en) Dynamic network identity identifying method based on SGX
CN108471352A (en) Processing method, system, computer equipment based on distributed private key and storage medium
CN106416123A (en) Password-based authentication
CN108809633B (en) Identity authentication method, device and system
CN107920052B (en) Encryption method and intelligent device
CN110519046A (en) Quantum communications service station cryptographic key negotiation method and system based on disposable asymmetric key pair and QKD
CN109981255A (en) The update method and system of pool of keys
CN110380859B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol
CN110138548A (en) Based on unsymmetrical key pond to and DH agreement quantum communications service station cryptographic key negotiation method and system
CN110493177A (en) Based on unsymmetrical key pond to and sequence number quantum communications service station AKA cryptographic key negotiation method and system
CN108599926A (en) A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
Khan et al. Offline OTP based solution for secure internet banking access
CN110098925A (en) Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system
US20060053288A1 (en) Interface method and device for the on-line exchange of content data in a secure manner
CN110176989A (en) Quantum communications service station identity identifying method and system based on unsymmetrical key pond
CN114765543A (en) Encryption communication method and system of quantum cryptography network expansion equipment
CN115473655B (en) Terminal authentication method, device and storage medium for access network
Aiash A formal analysis of authentication protocols for mobile devices in next generation networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant