CN113489586B - VPN network system compatible with quantum key negotiation - Google Patents
VPN network system compatible with quantum key negotiation Download PDFInfo
- Publication number
- CN113489586B CN113489586B CN202110841198.6A CN202110841198A CN113489586B CN 113489586 B CN113489586 B CN 113489586B CN 202110841198 A CN202110841198 A CN 202110841198A CN 113489586 B CN113489586 B CN 113489586B
- Authority
- CN
- China
- Prior art keywords
- quantum
- quantum key
- service
- key
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a VPN network system compatible with quantum key negotiation, which comprises a quantum key application device (comprising an IPSec VPN gateway, an SSL VPN gateway, a cipher machine and an encryption application client), a random number service device, a virtual machine of a quantum node device, a safety isolation device, a virtual quantum link slicing service device and a quantum key service device. The quantum key application device can provide quantum service access and random number service for the quantum key application device through the user side quantum node, and the quantum key service device provides service for negotiating in real time and sharing the quantum key end to end based on the virtual quantum link slice. The system can realize real-time end-to-end quantum key negotiation and application, is a safe, efficient and flexible VPN network system compatible with quantum key negotiation, and has good scale application prospect.
Description
Technical Field
The invention relates to the technical field of quantum key service and VPN, in particular to a VPN network system compatible with quantum key negotiation.
Background
The VPN network is widely applied to e-government affairs, financial systems and the like, but an asymmetric cryptographic algorithm adopted by the VPN cannot resist quantum computing attack, and the security strength of the symmetrical cryptographic algorithm adopted by the VPN has certain vulnerability under the quantum computing attack, so that the improvement of the security of the VPN network has very important significance. At present, the improvement of the security of the VPN network by using the quantum key is an important technical direction, but since the quantum key distribution (QKD for short) network is a hardware infrastructure independent of the VPN network, the seamless adaptation between the two becomes the key of the scale application. For example, the invention of the authorization announcement No. CN 104660603B performs secure communication by processing negotiation of the quantum key and the IKE negotiation key in parallel, using the quantum key as the first session key to be preferentially used, and using the IKE negotiation key as the second session key. However, the IKE negotiation key uses an internet standard protocol, and quantum key negotiation requires quantum key distribution link network provisioning. The defects of inconvenient access of scale application, large difficulty in safety management of quantum key application and the like exist.
In order to realize the efficient adaptation of the QKD and the VPN network, the system adopts the virtual quantum link slice as a quantum key which is negotiated between gateways of the VPN network in real time and is used for enhancing the communication security of the VPN network. The invention can provide quantum service authentication access and quantum random number service for the quantum key application device through the user side quantum service node, and negotiate end-to-end quantum key sharing in real time based on the virtual quantum link slice. The system can realize real-time end-to-end quantum key negotiation and application, is a VPN network system which adopts the quantum key to improve the safety safely, efficiently and flexibly, and has good scale application prospect.
Disclosure of Invention
The invention provides a VPN network system compatible with quantum key negotiation, comprising: two or more quantum key application devices, at least one random number service device, virtual machines of two or more quantum node devices, a security isolation device, a virtual quantum link slice service device, a quantum key service device; the random number service device is used for providing random key grouping service for the quantum key application device and establishing corresponding service association; the virtual machine of the quantum node device is used for responding to the request of the quantum key application device or/and the quantum key service device, requesting service data from the quantum node device related to the virtual machine, and then sending the service data to the quantum key application device or/and the quantum key service device; the safety isolation device is used for carrying out safety detection and filtration on data flowing to or/and flowing out of the quantum node device; the virtual quantum link slice service device is used for managing the virtual quantum link slices and providing services; the quantum key service device is used for responding to a service request of the quantum key application device, selecting one or more associated exclusive-OR values in one or more virtual quantum link slices associated with the target quantum link from the virtual quantum link slice service device, acquiring parameters associated with the two target quantum key application devices, and negotiating and sharing a quantum key between the quantum key application devices based on the parameters; the quantum key application device carries out security enhancement on the shared quantum key and the session key negotiated by other methods to obtain a new session key, or preferentially adopts the shared quantum key as the session key.
Further, the above system further comprises: two or more quantum node devices; the quantum node device is used for negotiating quantum keys with adjacent quantum node devices in the target QKD network, and if the quantum node device is used as a credible relay node, the quantum node device participates in creating virtual quantum link slices, namely calculating the exclusive OR value of quantum key groups negotiated between the quantum node device and other two adjacent quantum node devices; the quantum node device is also for data communication with a virtual machine of its associated quantum node device.
The invention has the following innovations: the system negotiates a quantum key in real time based on a quantum node virtual machine and a virtual quantum link slice, and then performs security enhancement with a session key negotiated by other methods to obtain a new session key, or preferentially adopts the shared quantum key as the session key; the system can realize real-time end-to-end quantum key negotiation and application, is a VPN network system which adopts the quantum key to improve the safety safely, efficiently and flexibly, and has good scale application prospect.
Drawings
Fig. 1 is a schematic diagram of a principle of an IPSec VPN system compatible with quantum key agreement according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an IPSec VPN network system compatible with quantum key agreement according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an SSL VPN network system compatible with quantum key negotiation according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly understood, the present invention is further described below with reference to the accompanying drawings and specific embodiments.
The following describes the system composition and the working principle of the present invention with reference to the schematic diagram of the principle of a quantum key negotiation compatible VPN network system provided by the embodiment of the present invention. As shown in fig. 1, the system includes, but is not limited to: random number service devices a and B, virtual machines of logical isolation devices a and B, QKD _ a, virtual machines of QKD _ B, virtual quantum link slice service devices (a virtual quantum link slice includes an exclusive or value of quantum key packets of any two associated quantum nodes with the same slice identification), quantum key service devices, gateways A1, A2, B1, B2 (where gateways A1 and A2 are each other initiating and responding to IPSec VPN gateway, and gateways B1 and B2 are each other initiating and responding to IPSec VPN gateway); in addition, fig. 1 also includes quantum node devices QKD _ a and QKD _ B, a relay node R of a quantum relay network; the connection relationship between the above devices is shown in fig. 1.
The random number service device A is used for providing random key packet service for the gateways A1 and B1, and the random number service device B is used for providing random key packet service for the gateways A2 and B2 and respectively creating corresponding service associations (each service association is composed of a plurality of records, each record represents the association information of one registered gateway, including but not limited to the ID identification of the gateway, the ID identification of the association server and the margin information of the random number packet); the QKD _ A virtual machine is used for requesting the gateway A1 or/and B1, requesting service data from the quantum node device associated with the QKD _ A virtual machine, and then sending the service data to the gateway A1 or/and B1; the safety isolation devices A and B are respectively used for carrying out safety detection and filtration on data flowing to or/and flowing out of the quantum node devices QKD _ A and QKD _ B; the virtual quantum link slice service device is used for managing the virtual quantum link slices and providing services; the quantum key service device is used for responding to a service request of the gateway, selecting one or more associated exclusive-or value data in one or more virtual quantum link slices associated with the target quantum link from the virtual quantum link slice service device, acquiring parameters associated with two target gateways, and negotiating and sharing a quantum key between the gateways based on the parameters; the two gateways perform privacy enhancement on the shared quantum key and the session key negotiated by other methods to obtain a new session key, or preferentially adopt the shared quantum key as the session key.
The specific working principle of the system is as follows: (1) a pretreatment stage: the quantum relay network generates a virtual quantum link slice and sends the virtual quantum link slice to a virtual quantum link slice service device; a node of the quantum base station network holds a quantum key packet associated with a virtual quantum link slice. For example, QKD _ a and R have negotiated a quantum key group K1, and QKD _ B and R have negotiated a quantum key group K2, then the corresponding virtual quantum link slice data is K1 ≦ K2 (where ≦ indicates an exclusive or operation), and the plurality of exclusive or values and slice identifiers thereof form a virtual quantum link slice database and are sent to the virtual quantum link slice service device; QKD _ a and QKD _ B hold a corresponding plurality of quantum key packets K1 and K2, respectively, and their identities. The random number service apparatus a provides a random number packet injection service for the gateways A1 and B1 (for convenience of description, it is assumed hereinafter that the gateway A1 is injected with a random number packet Ra 1), and the random number service apparatus B provides a random number packet injection service for the gateways A2 and B2 (for convenience of description, it is assumed hereinafter that the gateway A2 is injected with a random number packet Ra 2). (2) Negotiating an end-to-end quantum key stage (taking gateways A1 and A2 as an example of initiating and responding to IPSec VPN gateways respectively, and assuming that a service process of a certain time uses the above virtual quantum link slice data as K1 × K2, and random number packets Ra1 and Ra 2): the gateway A1 requests a quantum key sharing service device to negotiate with the gateway A2, and the quantum key service device acquires QKD _ A and QKD _ B associated with the gateway A1 and the gateway A2 by inquiring service associated information; the quantum key service device selects a target virtual quantum link slice data (assuming that K1 ^ K2) from the slice library, transmits the slice identification of K1 ^ K2 and the ID information of the gateway A1 to the virtual machine of QKD _ A, transmits the slice identification of K1 ^ K2 and the ID information of the gateway A2 to the virtual machine of QKD _ B, and respectively transmits the information to the virtual machine of QKD _ A and the virtual machine of QKD _ B; the QKD _ A selects a random number packet (Ra 1) of the gateway A1, calculates Ra1 ^ K1, and sends the Ra1 ^ K1 to the quantum key service device through a virtual machine of the QKD _ A; the QKD _ B selects a random number packet (Ra 2) of the gateway A2, calculates Ra2 ^ K2, and sends the Ra2 ^ K2 to the quantum key service device through the virtual machine of the QKD _ B; the quantum key service device calculates (Ra 1 ≧ K1) ≦ Ra2 ≦ K1 ≦ K2 ≦ Ra1 ≦ Ra2, and sends Ra1 ≦ Ra2 to the gateways A1 and A2, respectively; the gateways A1 and A2 negotiate a shared key based on Ra1 ≦ Ra2 (for example, if the gateways A1 and A2 negotiate with Ra1 as the shared key, the gateway A2 calculates Ra1 ≦ Ra2= Ra 1). The two gateways can perform security enhancement on the shared secret key and the session secret key negotiated by other methods to obtain a new session secret key, or preferentially adopt the shared secret key as the session secret key. The gateways A1 and A2 construct a VPN network (e.g., VPN tunnel a in fig. 1) based on the above-described session key. With the same working principle, gateways B1 and B2 may also construct a VPN network (e.g., VPN tunnel B in fig. 1) based on the above working principle.
In a possible embodiment, based on the above working principle, the quantum key service device may select a plurality of target virtual quantum link slice data from the slice library at a time, and perform privacy enhancement based on the plurality of virtual quantum link slice data. For example, assuming that 3 xor values associated with QKD _ a and QKD _ B (denoted for convenience as K _ a _1 ≦ K _ B _1, K _a _2 ≦ K _ B _2, K _a _3 ≦ K _ B _3, where K _ a/B _ i is the ith quantum key grouping of quantum nodes a/B) in 3 slices are selected, one shared key may be negotiated using the above method, respectively; or may calculate an exclusive or value of the 3 exclusive or values (i.e., K _ a _1 ≦ K _ b _1 ≦ K _ a _2 ≦ K _ b _2 ≦ K _ a _3 ≦ K _ b _ 3), and send the 3 slice identifiers and the ID information of the gateway A1 to the virtual machine of QKD _ a; sending the 3 slice identifications and the ID information of the gateway A2 to a virtual machine of the QKD _ B; QKD _ a and QKD _ B calculate exclusive or values of 3 corresponding sub-key packets and 3 corresponding random number packets, namely, ra 1K _ a _ 2K _ a _3, ra 2K _ B _ 1K _ B _ 2K _ B _3, respectively, and transmit the exclusive or values to the quantum key service device; the quantum key service device obtains Ra1 ^ Ra2 through calculation, and negotiates a shared key by adopting the method. Obviously, based on the method, a plurality of security-equivalent virtual quantum link switching enhancement application methods can be obtained.
Such privacy enhancements include, but are not limited to, any one or more of the following: XOR operation, hash operation, XOR operation and Hash operation.
In a possible embodiment, the quantum node devices QKD _ a and QKD _ B, the relay node R of the quantum relay network may not be included on the basis of the above described embodiments.
In one possible embodiment, replacing the gateway in the above embodiment with other peer application terminals (including but not limited to a handset or/and application client, cryptographic engine) results in other embodiments of the invention.
In one possible embodiment, in the above embodiment, the virtual machines of the quantum node device QKD _ a, the random number service device a, and the logical isolation device A, QKD _ a are integrated hardware devices. Accordingly, the virtual machines of the quantum node device QKD _ B, the random number service device B, and the logic isolation device B, QKD _ B are integrated hardware devices.
In one possible embodiment, in the above embodiments, the quantum node device QKD _ a, the random number service device a, the virtual machine of the logical isolation device A, QKD _ a, and the virtual quantum link slicing service device are integrated hardware devices. Correspondingly, the quantum node device QKD _ B, the random number service device B, the virtual machine of the logic isolation device B, QKD _ B, and the virtual quantum link slicing service device are integrated into one hardware device.
In one possible embodiment, in the above embodiments, the quantum node device QKD _ a, the random number service device a, the virtual machine of the logical isolation device A, QKD _ a, the virtual quantum link slicing service device, and the quantum key service device are integrated hardware devices. Accordingly, the quantum node device QKD _ B, the random number service device B, the virtual machine of the logic isolation device B, QKD _ B, the virtual quantum link slicing service device, and the quantum key service device are integrated hardware devices.
In one possible embodiment, as shown in fig. 2, the virtual machines of the quantum node device QKD _ a, the random number service device a, and the logical isolation device A, QKD _ a in the above-described embodiment are integrated hardware devices (quantum base station a in fig. 2), and the virtual machines of the quantum node device QKD _ B, the random number service device B, and the logical isolation device B, QKD _ B in the above-described embodiment are integrated hardware devices (quantum base station B in fig. 2); the virtual quantum link slicing service device and the quantum key service device are integrated application devices (the quantum key service device in fig. 2 includes functions of the virtual quantum link slicing service device).
In a possible embodiment, the logical separation means in the above embodiment is also used for security detection and filtering of the data of the stream vector subkey application means.
In a possible embodiment, the gateways A1 and A2 in the above embodiments may be replaced by two cipherers or encryption application clients; the gateways A1, A2, B1, and B2 in the above embodiments may all be replaced by ciphers or encryption application clients. It should be noted that the number of cryptographic engines or cryptographic application clients and the pairing application relationship are only used to illustrate the working principle of the embodiment, and are not limited.
Fig. 3 shows an embodiment of an SSL VPN network system compatible with quantum key agreement, which is obtained by replacing gateways A1, A2, B1, and B2 in the embodiment shown in fig. 2 with SSL VPN gateways and application terminals 301, 302, and 303, respectively. Based on the working principle in the above embodiment, the application terminals may negotiate a shared quantum key, and may also negotiate a shared quantum key between the application terminal and the SSL VPN gateway.
In any of the above embodiments, the number, pairing relationship, and the like of the devices such as the gateways and the quantum nodes are only used for illustrating the operation principle of the present invention, and are not limited, and all embodiments formed based on the operation principle fall within the protection scope of the present invention.
While the invention has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the invention. Accordingly, the specification and figures are merely exemplary of the invention as defined in the appended claims and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the invention. It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (8)
1. A VPN network system compatible with quantum key agreement, comprising two or more quantum key application devices, at least one random number service device, virtual machines of two or more quantum node devices, a security isolation device, a virtual quantum link slicing service device, a quantum key service device, characterized in that:
the random number service device is used for providing random key grouping service for the quantum key application device and establishing corresponding service association;
the virtual machine of the quantum node device is used for responding to the request of the quantum key application device or/and the quantum key service device, requesting service data from the quantum node device related to the virtual machine, and then sending the service data to the quantum key application device or/and the quantum key service device;
the safety isolation device is used for carrying out safety detection and filtration on data flowing to or/and flowing out of the quantum node device;
the virtual quantum link slice service device is used for managing the virtual quantum link slices and providing services;
the quantum key service device is used for responding to a service request of the quantum key application device, selecting one or more pieces of associated data in one or more virtual quantum link slices associated with the target quantum link from the virtual quantum link slice service device, acquiring parameters associated with the two target quantum key application devices, and negotiating and sharing a quantum key between the quantum key application devices based on the parameters; the quantum key application device carries out security enhancement on the shared quantum key and the session key negotiated by other methods to obtain a new session key, or preferentially adopts the shared quantum key as the session key.
2. The quantum key agreement-compatible VPN network system according to claim 1, comprising: two or more quantum node devices, wherein a quantum node device is configured to negotiate a quantum key with an adjacent quantum node device in the target QKD network, the quantum node device participating in creating a virtual quantum link slice if the quantum node device is used as a trusted relay node.
3. The quantum key agreement-compatible VPN network system according to claim 1 or 2, wherein the random number service means and the quantum node means are integrated into one hardware system.
4. The quantum key agreement-compatible VPN network system according to claim 1 or 2, wherein the random number service device, the quantum node device and the virtual machine of the quantum node device are integrated into a hardware system, and the hardware system is provided with a logical partition for implementing the logical partition between the random number service device, the quantum node device and the virtual machine of the quantum node device.
5. The quantum key agreement-compatible VPN network system according to claim 2, wherein the quantum node device is integrated with the random number service device, the quantum key service device and the security isolation device in a hardware system, and the security isolation device is configured to implement logical isolation between the random number service device, the quantum node device and the quantum key service device.
6. The quantum key agreement-compatible VPN network system according to claim 1, wherein the virtual quantum link slicing service device and the quantum key service device are integrated into one application software or hardware device.
7. The quantum key agreement-compatible VPN network system according to claim 1, wherein the two or more quantum key application devices comprise any of: two or more IPSec VPN gateways, two or more ciphers, two or more encryption application clients, one SSL VPN gateway, and a plurality of application terminals.
8. The quantum key agreement-compatible VPN network system according to claim 1, wherein the random number service device comprises an offline service interface or/and an online service interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110841198.6A CN113489586B (en) | 2021-07-26 | 2021-07-26 | VPN network system compatible with quantum key negotiation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110841198.6A CN113489586B (en) | 2021-07-26 | 2021-07-26 | VPN network system compatible with quantum key negotiation |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113489586A CN113489586A (en) | 2021-10-08 |
CN113489586B true CN113489586B (en) | 2023-01-31 |
Family
ID=77943435
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110841198.6A Active CN113489586B (en) | 2021-07-26 | 2021-07-26 | VPN network system compatible with quantum key negotiation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113489586B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114040390B (en) * | 2021-11-17 | 2023-05-09 | 国网福建省电力有限公司 | Quantum security-based 5G virtual quotient key library distribution method |
CN114285571A (en) * | 2022-03-03 | 2022-04-05 | 成都量安区块链科技有限公司 | Method, gateway device and system for using quantum key in IPSec protocol |
CN114584298A (en) * | 2022-03-03 | 2022-06-03 | 成都量安区块链科技有限公司 | Quantum security SSL protocol application method and system |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007116216A (en) * | 2005-10-18 | 2007-05-10 | Hitachi Ltd | Quantum authentication method and system |
CN103441839A (en) * | 2013-08-15 | 2013-12-11 | 国家电网公司 | Method and system for using quantum cryptography in safe IP communication |
CN103490891A (en) * | 2013-08-23 | 2014-01-01 | 中国科学技术大学 | Method for updating and using secret key in power grid SSL VPN |
CN107147492A (en) * | 2017-06-01 | 2017-09-08 | 浙江九州量子信息技术股份有限公司 | A kind of cipher key service System and method for communicated based on multiple terminals |
CN107453868A (en) * | 2017-09-01 | 2017-12-08 | 中国电子科技集团公司第三十研究所 | A kind of safe and efficient quantum key method of servicing |
CN207490944U (en) * | 2017-07-31 | 2018-06-12 | 浙江神州量子网络科技有限公司 | A kind of safe communication system based on SIP quantum network phones |
CN108173652A (en) * | 2018-02-12 | 2018-06-15 | 武汉三江航天网络通信有限公司 | IPSec VPN cipher machines based on quantum key distribution |
CN108510270A (en) * | 2018-03-06 | 2018-09-07 | 成都零光量子科技有限公司 | A kind of move and transfer accounts method of quantum safety |
CN109194477A (en) * | 2018-11-12 | 2019-01-11 | 中共中央办公厅电子科技学院 | The access node device of quantum secret communication network system and communications network system including the device |
CN109995514A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of safe and efficient quantum key Information Mobile Service method |
CN109995519A (en) * | 2017-12-31 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key traffic service method and system |
CN109995513A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key Information Mobile Service method of low latency |
CN110661620A (en) * | 2019-09-06 | 2020-01-07 | 成都量安区块链科技有限公司 | Shared key negotiation method based on virtual quantum link |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7512242B2 (en) * | 2003-03-21 | 2009-03-31 | Bbn Technologies Corp. | Systems and methods for quantum cryptographic key transport |
MY147120A (en) * | 2008-09-10 | 2012-10-31 | Mimos Berhad | Method of integrating quantum key distribution with internet key exchange protocol |
CN101931527B (en) * | 2010-07-23 | 2011-12-07 | 北京邮电大学 | Single photon beam-splitting attack method for counter-intuitive quantum key distribution system |
CN102946313B (en) * | 2012-10-08 | 2016-04-06 | 北京邮电大学 | A kind of user authentication model for quantum key distribution network and method |
CN104486316B (en) * | 2014-12-08 | 2017-12-26 | 国家电网公司 | A kind of quantum key graduation offer method for improving electric power data transmission security |
CN107769912A (en) * | 2016-08-16 | 2018-03-06 | 广东国盾量子科技有限公司 | A kind of quantum key chip and the encipher-decipher method based on quantum key chip |
CN107809314A (en) * | 2017-12-01 | 2018-03-16 | 浙江九州量子信息技术股份有限公司 | One kind is based on quantum shared key data ciphering method |
US11394536B2 (en) * | 2020-01-22 | 2022-07-19 | Cisco Technology, Inc | Session key distribution independent of third parties |
-
2021
- 2021-07-26 CN CN202110841198.6A patent/CN113489586B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007116216A (en) * | 2005-10-18 | 2007-05-10 | Hitachi Ltd | Quantum authentication method and system |
CN103441839A (en) * | 2013-08-15 | 2013-12-11 | 国家电网公司 | Method and system for using quantum cryptography in safe IP communication |
CN103490891A (en) * | 2013-08-23 | 2014-01-01 | 中国科学技术大学 | Method for updating and using secret key in power grid SSL VPN |
CN107147492A (en) * | 2017-06-01 | 2017-09-08 | 浙江九州量子信息技术股份有限公司 | A kind of cipher key service System and method for communicated based on multiple terminals |
CN207490944U (en) * | 2017-07-31 | 2018-06-12 | 浙江神州量子网络科技有限公司 | A kind of safe communication system based on SIP quantum network phones |
CN107453868A (en) * | 2017-09-01 | 2017-12-08 | 中国电子科技集团公司第三十研究所 | A kind of safe and efficient quantum key method of servicing |
CN109995514A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of safe and efficient quantum key Information Mobile Service method |
CN109995513A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key Information Mobile Service method of low latency |
CN109995519A (en) * | 2017-12-31 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key traffic service method and system |
CN108173652A (en) * | 2018-02-12 | 2018-06-15 | 武汉三江航天网络通信有限公司 | IPSec VPN cipher machines based on quantum key distribution |
CN108510270A (en) * | 2018-03-06 | 2018-09-07 | 成都零光量子科技有限公司 | A kind of move and transfer accounts method of quantum safety |
CN109194477A (en) * | 2018-11-12 | 2019-01-11 | 中共中央办公厅电子科技学院 | The access node device of quantum secret communication network system and communications network system including the device |
CN110661620A (en) * | 2019-09-06 | 2020-01-07 | 成都量安区块链科技有限公司 | Shared key negotiation method based on virtual quantum link |
Non-Patent Citations (2)
Title |
---|
《Single-Photon-Memory_Two-Step_Quantum_Secure_Direct_Communication_Relying_on_Einstein-Podolsky-Rosen_Pairs》;Dong Pan;《 IEEE Access》;20200630;全文 * |
《一个新型的量子密钥服务体系架构》;陈晖;《中国电子科学研究院学报》;20200331(第3期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113489586A (en) | 2021-10-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113489586B (en) | VPN network system compatible with quantum key negotiation | |
US9094206B2 (en) | Method and system for secure session establishment using identity-based encryption (VDTLS) | |
US8788805B2 (en) | Application-level service access to encrypted data streams | |
WO2009060283A1 (en) | Method and apparatus for secure communication | |
KR20130140873A (en) | Discovery of security associations for key management relying on public keys | |
CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
WO2017075134A1 (en) | Key management for privacy-ensured conferencing | |
Bali et al. | Lightweight authentication for MQTT to improve the security of IoT communication | |
US20220263811A1 (en) | Methods and Systems for Internet Key Exchange Re-Authentication Optimization | |
CN114285571A (en) | Method, gateway device and system for using quantum key in IPSec protocol | |
CN107493294B (en) | Safe access and management control method of OCF (optical clock and frequency conversion) equipment based on asymmetric encryption algorithm | |
CN113726795A (en) | Message forwarding method and device, electronic equipment and readable storage medium | |
Yang et al. | A trust and privacy preserving handover authentication protocol for wireless networks | |
Hamada et al. | LAMAS: Lightweight anonymous mutual authentication scheme for securing fog computing environments | |
Yang et al. | FHAP: Fast Handover Authentication Protocol for High-Speed Mobile Terminals in 5G Satellite-Terrestrial Integrated Networks | |
Park et al. | Survey for secure IoT group communication | |
CN102739660A (en) | Key exchange method for single sign on system | |
CN115459913A (en) | Quantum key cloud platform-based link transparent encryption method and system | |
CN114362938A (en) | Key management dynamic route generation network architecture and method for quantum communication | |
CN114386020A (en) | Quick secondary identity authentication method and system based on quantum security | |
CN113746861A (en) | Data transmission encryption and decryption method and encryption and decryption system based on state encryption technology | |
Marksteiner et al. | On the Resilience of a QKD Key Synchronization Protocol for IPsec | |
Chen et al. | A secure network coding based on broadcast encryption in sdn | |
Jain | “Sec-KeyD” an efficient key distribution protocol for critical infrastructures | |
Zhao et al. | Design and formal verification of a vanet lightweight authentication protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |