CN113645619B - One-to-many key distribution method and device - Google Patents

One-to-many key distribution method and device Download PDF

Info

Publication number
CN113645619B
CN113645619B CN202111088518.1A CN202111088518A CN113645619B CN 113645619 B CN113645619 B CN 113645619B CN 202111088518 A CN202111088518 A CN 202111088518A CN 113645619 B CN113645619 B CN 113645619B
Authority
CN
China
Prior art keywords
receiving base
radio frequency
authentication module
host
bit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111088518.1A
Other languages
Chinese (zh)
Other versions
CN113645619A (en
Inventor
赵全鑫
廖鹏
李嘉伟
杨萍
杜仕刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Netop Telecom Co ltd
Original Assignee
Sichuan Netop Telecom Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Netop Telecom Co ltd filed Critical Sichuan Netop Telecom Co ltd
Priority to CN202111088518.1A priority Critical patent/CN113645619B/en
Publication of CN113645619A publication Critical patent/CN113645619A/en
Application granted granted Critical
Publication of CN113645619B publication Critical patent/CN113645619B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules

Abstract

The application discloses a one-to-many key distribution method and a device, wherein a host, a radio frequency module and an authentication module distribute keys by using an improved one-to-many quantum key distribution algorithm and can verify. The one-to-many key distribution method and the device designed by the application realize the rapid key distribution and key verification flow under a multi-module scene, the used one-to-many key distribution device and the separable authentication module ensure that the information security carrier is controllable and manageable, and the information security carrier can be immediately accessed for use or taken out for destruction in emergency, thereby increasing the security attribute.

Description

One-to-many key distribution method and device
Technical Field
The application belongs to the field of secure encryption, and particularly relates to a one-to-many key distribution method and device.
Background
RFID is a radio frequency identification technology, and realizes data interaction in a radio frequency wireless mode. The technology is widely applied to the fields of logistics, traffic, identity recognition and the like, and related products generally have the capabilities of identity authentication and security encryption.
Fig. 1 is a radio frequency identification product based on RFID, and its hardware architecture is generally composed of a host and a radio frequency card, where the host integrates a CPU (central processing unit) and an authentication module to implement functions such as identity authentication, data authentication, and data processing. The radio frequency card is used outside to store identity information and realize functions such as authorization and authentication. And obtaining a plaintext after decrypting the ciphertext through wireless reading of the radio frequency module, and using the ciphertext for function activation or identity authentication of the internal authentication module.
But the existing products are physically shaped: the host integrates an authentication module, the authentication module has no plug and play characteristic, is inconvenient to manage, and is inconvenient to take out and process when the carrier is required to be destroyed immediately in an emergency; the technical framework of the existing product is a process of executing related functions by reading the key and applying the key, and does not have a process of distributing the key.
At present, a key distribution algorithm based on a common BB84 protocol is a one-to-one key distribution algorithm, but if key distribution among a plurality of devices is needed to be realized, the key distribution needs to be carried out for a plurality of times, and the working efficiency is low.
In order to solve the above problems, the present application proposes a method and apparatus for implementing one-to-many key distribution, and implementing separable design of authentication module; and the traditional one-to-one quantum key distribution algorithm based on BB84 protocol is improved, and a more efficient one-to-many key distribution method is provided, so that the method is suitable for key distribution in a multi-module application scene.
Disclosure of Invention
The application provides a one-to-many key distribution method, which comprises the following steps:
s11: the host randomly generates a 0-1 classical bit string S;
s12: the host randomly selects a transmission base bit by bit for each bit of the bit string S;
s13: generating quantum bits corresponding to each bit of the bit string S, and sending the quantum bits in a public mode by a radio frequency channel of the host;
s14: the radio frequency module and the authentication module respectively measure the received quantum bits bit by bit through a receiving base A and a receiving base B to obtain classical bits, and then send a receiving base A sequence and a receiving base B sequence used by self measurement to a host; the receiving base A is a receiving base used by the radio frequency module, and the receiving base B is a receiving base used by the authentication module;
s15: the host compares the own transmitting base with the receiving base A and the receiving base B respectively, and calculates the correct parts of the receiving base A and the receiving base B respectively;
s16: the host sends out the correct parts of the receiving base A and the receiving base B in a public way;
s17: the radio frequency module receives the correct part of the receiving base A, discards the error part of the receiving base A, and the classical bit received by the correct receiving base A is a communication KEY KEY-1 between the radio frequency module and the host;
the authentication module receives the correct part of the receiving base B, discards the error part of the receiving base B, and the classical bit received by the correct receiving base B is a communication KEY KEY-3 between the authentication module and the host;
s18: the radio frequency module receives the correct part of the receiving base B, the authentication module receives the correct part of the receiving base A, the correct part of the receiving base A and the repeated part of the correct part of the receiving base B, and the received classical bit forms a communication KEY KEY-2 between the radio frequency module and the authentication module.
Further, the method also comprises a one-to-many key verification method, which comprises the following steps:
s21: the user inputs a plaintext password in the host;
s22: the host encrypts the plaintext password by using a KEY KEY-1 to obtain a ciphertext A and sends the ciphertext A to the radio frequency module;
s23: the radio frequency module decrypts the ciphertext A by using the KEY KEY-1 to obtain a plaintext password, and S24 is carried out when the plaintext password passes verification, otherwise, the quit is abandoned;
s24: the radio frequency module encrypts a plaintext password into a ciphertext B by using a KEY KEY-2, sends the ciphertext B to the authentication module, and informs the authentication module whether to start authentication or not;
s25: the authentication module decrypts the ciphertext B by using the KEY KEY-2 to obtain a plaintext password, the plaintext password passes verification and receives the authentication starting message sent by the radio frequency module, and the authentication module starts authentication, otherwise, the authentication function is not started.
Further, the issuing in the public manner is issuing in a broadcast form.
The application also provides a one-to-many key distribution device, which comprises a host, an authentication module and a radio frequency module;
the host is used for randomly generating a 0-1 classical bit string S, randomly selecting a transmission base bit by bit according to each bit of the bit string S, and sending out quantum bits generated by each bit of the bit string S in a public mode;
the radio frequency module is used for measuring received quantum bits bit by bit through a receiving base A to obtain classical bits, and then the receiving base A sequence is sent to a host; the receiving base A is a receiving base used by the radio frequency module;
the authentication module is used for measuring the received quantum bits bit by bit through the receiving base B to obtain classical bits, and then the receiving base B sequence is sent to a host; the receiving base B is a receiving base used by the authentication module;
the host is also used for comparing the own sending base with the receiving base A and the receiving base B respectively, calculating the correct parts of the receiving base A and the receiving base B respectively, and sending the correct parts of the receiving base A and the receiving base B in a public mode;
the radio frequency module and the authentication module respectively receive the correct parts of the receiving base A and the receiving base B, and a communication KEY KEY-1 and a communication KEY KEY-3 between the radio frequency module and the host are obtained by using classical bits received by the correct parts;
the radio frequency module receives the correct part of the receiving base B, the authentication module receives the correct part of the receiving base A, the repeat part of the correct part of the receiving base A and the correct part of the receiving base B, and the classical bit is received to obtain a communication KEY KEY-2 between the radio frequency module and the authentication module.
Further, the host comprises a main control unit, a radio frequency combiner and an authentication module socket;
the main control unit is used for host data processing and host control management;
the radio frequency combiner is used for coupling radio frequency signals to the main control unit and the authentication module;
after the host sends a command to the radio frequency module, the main control unit and the authentication module can both receive and process the wireless signals fed back by the radio frequency module through the radio frequency splitting and combining device.
Further, the host and the authentication module are physically separable;
the host is provided with an authentication module socket, and the authentication module can be connected with the host by inserting the authentication module socket;
the radio frequency combiner is connected with the authentication module through a radio frequency feeder line, and the radio frequency combiner is connected with the main control unit through a microstrip line.
Further, the authentication module socket comprises a power supply unit and a hot plug detection unit;
the power supply unit is used for supplying power to the authentication module, and the power supply unit supplies power to the authentication module after detecting that the authentication module is inserted;
the hot plug detection unit is used for detecting whether the authentication module is plugged into the authentication module socket.
Further, the hot plug detection unit uses two detection pins;
only when both detection pins display low level, the authentication module is judged to be inserted into the authentication module socket to supply power for the authentication module;
and when any one of the detection pins is displayed as high level, the power supply unit is turned off, and communication is ended.
Further, the radio frequency module is of a 5-layer structure, and the stacking sequence of the 5-layer structure is as follows from inside to outside: the antenna comprises a metal shell, ferrite materials, a first acrylic cover plate, a radio frequency antenna and a second acrylic cover plate.
Further, the ferrite material uses a wave-absorbing material film, and the thickness is not less than 1mm.
The one-to-many key distribution method and the device designed by the application realize the rapid key distribution and key verification flow under a multi-module scene, the used one-to-many key distribution device and the separable authentication module ensure that the information security carrier is controllable and manageable, and the information security carrier can be immediately accessed for use or taken out for destruction in emergency, thereby increasing the security attribute.
Drawings
FIG. 1 shows a schematic diagram of the composition of a radio frequency identification product in the background art;
FIG. 2 shows a flow chart of a one-to-many key distribution method in an embodiment of the application;
FIG. 3 is a diagram showing key distribution results according to an embodiment of the present application;
FIG. 4 shows a flow chart of a one-to-many key verification method in an embodiment of the application;
FIG. 5 shows a block diagram of the one-to-many key distribution apparatus in the embodiment of the present application;
FIG. 6 illustrates a host and authentication module socket pin definition in accordance with an embodiment of the present application;
FIG. 7 is a circuit diagram of an in-host hot plug detection circuit according to an embodiment of the present application;
fig. 8 shows a schematic diagram of a stacked design of a radio frequency antenna structure according to an embodiment of the present application.
In the figure: 1. a second acrylic cover; 2. a radio frequency antenna; 3. a first acrylic cover plate; 4. a ferrite material; 5. a metal shell.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The application uses a quantum encryption method, and the basic principle is as follows:
(1) 0-1 classical bit string, such as s= 100101001. Quantum bit: indicated by ≡, →, ↖, ↗.2 transmitting base, receiving base: indicated by +, x.
(2) Classical bits 0 and 1 become quantum bits +.and → respectively after transmitting base +.
(3) Classical bits 0 and 1 become qubits ↗ and ↖, respectively, after transmitting base x.
(4) The quantum bits +.and → become classical bits 0 and 1 after receiving the base → respectively.
(5) Qubits ↗ and ↖ become classical bits 0 and 1, respectively, after receiving base x.
(6) After the qubits ↗, ↖ receive the base+, the measurement is unpredictable when the qubits do not match the base according to the basic theorem of quantum physics.
(7) Similarly, after the quantum bit ∈and the quantum bit ∈pass through the receiving base x, the measurement result is unpredictable.
The application provides a one-to-many key distribution method, as shown in fig. 2, comprising the following steps:
s11: the host randomly generates a 0-1 classical bit string S.
S12: the host randomly selects a transmission base bit by bit for each bit of the bit string S.
Illustratively, the host randomly generates a classical bit string s=00001111, the transmission base is + x+x+ x+x. The present application is illustratively described using a specific classical bit string, a transmission base, etc., and one skilled in the art can derive a one-to-many key distribution embodiment.
S13: generating quantum bits corresponding to each bit of the bit string S, and sending the quantum bits in a public mode by a radio frequency channel of the host; the issuing in the disclosed manner is issuing in a broadcast form.
Each bit of the bit string S of the host correspondingly generates a quantum bit which is +. ↗ +. ↗ - & gt ↖ - & gt ↖, and the quantum bit is sent out by a radio frequency channel of the host in a broadcasting mode.
S14: the radio frequency module and the authentication module respectively measure the received quantum bits bit by bit through a receiving base A and a receiving base B to obtain classical bits, and then send a receiving base A sequence and a receiving base B sequence used by self measurement to a host; the receiving base A is a receiving base used by the radio frequency module, and the receiving base B is a receiving base used by the authentication module.
Receiving base A is +++ x +xxx, receiving base B is xxxx+ + ++, of the material. The radio frequency module and the authentication module respectively measure the received quantum bits bit by bit through a receiving base A and a receiving base B to obtain classical bits of 0z0011z1 and z0z01z1z respectively; where z indicates that the bit measurement is unpredictable. Radio frequency module and authentication module receiving base A #; +++ x + xxx), receiving base B (xxxx++) and +) to the host.
The application is an improvement to the BB84 protocol, and the transmission of the receiving base through the public channel is the standard practice of the BB84 protocol.
Further, in order to prevent the fourth party from obtaining the message through the public information, the classical bit data interacted with by the public channel can be encrypted by adopting a common encryption algorithm.
S15: the host compares its own transmitting base with the receiving base a and the receiving base B, respectively, and calculates correct portions of the receiving base a and the receiving base B, respectively.
The host machine will itself transmitting base +x+x+x+ transmitting base +' x+x+x+ receiving base B (xxxx+) ++) for comparison. The receiving base a is correctly (+y+x+xyx), and the receiving base B is correctly (yxyx+y+y), where y represents the erroneous part and the rest is the correct part.
S16: the host issues the correct parts of receiving base a and receiving base B in a public way.
The host issues +y+x+xyx and yxyx+y in the disclosed manner.
The y and z characters above are merely exemplary, and y and z are otherwise indicated when actual data is transmitted.
S17: the radio frequency module receives the correct part of the receiving base A, discards the error part of the receiving base A, and the classical bit received by the correct receiving base A is a communication KEY KEY-1 between the radio frequency module and the host; the authentication module receives the correct part of the receiving base B, discards the error part of the receiving base B, and the classical bit received by the correct receiving base B is the communication KEY KEY-3 between the authentication module and the host.
The radio frequency module receives +y+x+xyx, y is abandoned, the rest is a correct receiving base A, and the received classical bit is 000111 which is used as a communication KEY KEY-1 between the radio frequency module and a host; similarly, the authentication module correctly receives 0011 as a communication KEY-3 between the authentication module and the host.
S18: the radio frequency module receives the correct part of the receiving base B, the authentication module receives the correct part of the receiving base A, and for the repeated parts of the correct part of the receiving base A and the correct part of the receiving base B, the classical bit is received to form a communication KEY KEY-2 between the radio frequency module and the authentication module.
The radio frequency module receives the correct part of the receiving base B, the authentication module receives the correct part of the receiving base A, and the radio frequency module compares the correct parts of the receiving base A and the receiving base B to obtain a repeated part; the authentication module compares the correct part of the receiving base A with the receiving base B to obtain a repeated part; the repeated part corresponds to the received classical bit to form a communication KEY KEY-2 between the radio frequency module and the authentication module.
The radio frequency module receives the correct part of yxyx+y+y, the receiving base A is++ +x+xxx, and the repeated part is x+.
The authentication module receives +y+x+xyx, the receiving base B is xxxx++, and the repeated part is x+.
x+ which corresponds to the classical bit "01" received constitutes KEY-2.
After the key distribution, the host, the radio frequency module and the authentication module form a communication key. Illustratively, as shown in fig. 3, the communication KEY between the host and the radio frequency module is KEY-1, the communication KEY between the radio frequency module and the authentication module is KEY-2, and the communication KEY between the authentication module and the host is KEY-3.
The application also comprises a verification method of the one-to-many key distribution key, after the key distribution is finished, the key is verified, and the function enabling of the authentication module is realized. Authentication refers to verifying whether a user has rights to access a system.
Specifically, as shown in fig. 4, the method comprises the following steps:
s21: the user enters a plaintext password at the host.
Illustratively, the plaintext password may be composed of a number, a character, a biometric password, or the like, without having a key characteristic, which corresponds to a start password.
S22: and the host encrypts the plaintext password by using a KEY KEY-1 to obtain a ciphertext A and sends the ciphertext A to the radio frequency module.
Encryption may use common encryption algorithms such as RSA, SHA, AES, etc.
S23: the radio frequency module decrypts the ciphertext A by using the KEY KEY-1 to obtain a plaintext password, and S24 is carried out when the plaintext password passes verification, otherwise, the subsequent operation is abandoned;
illustratively, the verification process for the plaintext password is specifically as follows: the plaintext password is stored in the radio frequency module in advance, and when the plaintext password obtained after the radio frequency module decrypts the ciphertext A by using the KEY-1 is compared with the stored information in the module, the content is consistent, and the verification is passed.
S24: the radio frequency module encrypts a plaintext password into a ciphertext B by using a KEY KEY-2, sends the ciphertext B to the authentication module, and informs the authentication module whether to start authentication or not;
s25: the authentication module decrypts the ciphertext B by using the KEY KEY-2 to obtain a plaintext password, the plaintext password passes verification and receives the authentication starting message sent by the radio frequency module, and the authentication module starts authentication, otherwise, the authentication function is not started.
The application also discloses a one-to-many key distribution device, in particular, as shown in fig. 5, fig. 5 shows a block diagram of the one-to-many key distribution device. The one-to-many key distribution device comprises a host, an authentication module and a radio frequency module.
Specifically, the host is configured to randomly generate a 0-1 classical bit string S, randomly select a transmission base bit by bit for each bit of the bit string S, and send out a quantum bit generated by each bit of the bit string S in a public manner.
The radio frequency module is used for measuring received quantum bits bit by bit through a receiving base A to obtain classical bits, and then the receiving base A sequence is sent to a host; the receiving base A is a receiving base used by the radio frequency module;
the authentication module is used for measuring the received quantum bits bit by bit through the receiving base B to obtain classical bits, and then the receiving base B sequence is sent to a host; the receiving base B is a receiving base used by the authentication module;
the host is also used for comparing the own sending base with the receiving base A and the receiving base B respectively, calculating the correct parts of the receiving base A and the receiving base B respectively, and sending the correct parts of the receiving base A and the receiving base B in a public mode;
the radio frequency module and the authentication module respectively receive the correct parts of the receiving base A and the receiving base B, and a communication KEY KEY-1 and a communication KEY KEY-3 between the radio frequency module and the host are obtained by using classical bits received by the correct parts;
the radio frequency module receives the correct part of the receiving base B, the authentication module receives the correct part of the receiving base A, and for the repeated part between the correct part of the receiving base A and the correct part of the receiving base B, the classical bit is received to obtain a communication KEY KEY-2 between the radio frequency module and the authentication module.
Further, the host comprises a main control unit, a radio frequency combiner and an authentication module socket. The main control unit comprises a radio frequency card reading module and a CPU processing module and is used for host data processing, host control management and other functions. The radio frequency combiner is used for coupling radio frequency signals to the main control unit and the authentication module. After the host sends a command to the radio frequency module, the main control unit and the authentication module can both receive and process the wireless signals fed back by the radio frequency module through the radio frequency splitting and combining device.
Preferably, the radio frequency module supports two protocols, namely a class A card and a class B card defined by ISO/IEC 14443. The radio frequency combiner in the host is connected with the authentication module through a radio frequency feeder line; the radio frequency combiner is connected with a main control unit in the host through a microstrip line.
The host and the authentication module are physically separable, so that the authentication module is controllable and manageable, the host and the authentication module are convenient to access and use or take out for destruction in emergency, and the security attribute is increased.
And an authentication module socket is arranged on the host and used for inserting the authentication module into the host. The radio frequency combiner is connected with the authentication module through a radio frequency feeder line, and the radio frequency combiner is connected with the main control unit through a printed board microstrip line.
Specifically, the authentication module socket comprises a power supply unit, a hot plug detection unit and a data transmission unit. The hot plug detection unit is used for avoiding the damage to the host and the authentication module caused by surge voltage generated in the instant in the plug process between the authentication module and the host. The power supply unit is used for supplying power to the authentication module, the power supply is not opened by default, and the authentication module is supplied with power after the insertion of the authentication module is detected. The hot plug detection unit is used for detecting whether the authentication module is plugged into the authentication module socket of the host.
Specifically, the hot plug detection unit uses two detection pins to ensure the reliability of a detection result. Illustratively, the detection pin exhibits a low level when the authentication module is plugged into the authentication module socket. Only when both detection pins show low level, the authentication module is judged to be plugged into the authentication module socket to supply power for the authentication module. And when any one of the detection pins is displayed as high level, the power supply unit is turned off, and communication is ended. The data transmission unit is used for communication between the authentication module and the main control unit. Illustratively, FIG. 6 shows a schematic diagram of a host and authentication module detection pin definition. As shown in fig. 6, X1 is an authentication module socket, X2 is a host socket, DET1, DET2 are hot plug detection pins, VCC is a power supply, GND is a ground, and MISO, MOSI, CS, CLK is a data line of the communication module.
The application uses but is not limited to the following way, (1) VCCA supplies power to VCC through MOS tube V1, V1 is not opened by default, and VCC voltage is 0V. The VCC supplies power to the authentication module, and the V1 can be opened only after the authentication module is detected to be inserted. (2) As shown in fig. 7, an embodiment circuit for controlling V1 switching by detecting DET1 and DET2 is provided. When the host is not inserted into the authentication module, DET1 and DET2 at the host end are in high level, V1 is not opened, and VCC voltage is 0V. The authentication module is connected to the host, and DET1 and DET2 are connected well at the same time, so that V1 can be controlled to be opened, VCC is equal to front-end power supply VCCA, and power is supplied to the authentication module. When either of the pins DET1 or DET2 is poorly connected, or the authentication module is taken out, V1 is turned off and VCC is powered down.
Furthermore, in order to ensure that the one-to-many key distribution device is normally used in a severe environment, the host adopts a metal shell design. However, due to the reflection characteristic of the high-frequency RFID, the problem of low recognition rate of the radio frequency signals can occur when the radio frequency antenna is directly used on the metal shell. As shown in fig. 8, the radio frequency antenna mounting mode of the present application adopts a stacking sequence from inside to outside: the antenna comprises a metal shell 5, a ferrite material 4, a first acrylic cover plate 3, a radio frequency antenna 2 and a second acrylic cover plate 1. Preferably, the ferrite material uses a wave-absorbing material film, and the thickness is not less than 1mm.
The one-to-many key distribution method and the device designed by the application realize the rapid key distribution and key verification flow under a multi-module scene, the used one-to-many key distribution device and the separable authentication module ensure that the information security carrier is controllable and manageable, and the information security carrier can be immediately accessed for use or taken out for destruction in emergency, thereby increasing the security attribute.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims (10)

1. A one-to-many key distribution method comprising the steps of:
s11: the host randomly generates a 0-1 classical bit string S;
s12: the host randomly selects a transmission base bit by bit for each bit of the bit string S;
s13: generating quantum bits corresponding to each bit of the bit string S, and sending the quantum bits in a public mode by a radio frequency channel of the host;
s14: the radio frequency module and the authentication module respectively measure the received quantum bits bit by bit through a receiving base A and a receiving base B to obtain classical bits, and then send a receiving base A sequence and a receiving base B sequence used by self measurement to a host; the receiving base A is a receiving base used by the radio frequency module, and the receiving base B is a receiving base used by the authentication module;
s15: the host compares the own transmitting base with the receiving base A and the receiving base B respectively, and calculates the correct parts of the receiving base A and the receiving base B respectively;
s16: the host sends out the correct parts of the receiving base A and the receiving base B in a public way;
s17: the radio frequency module receives the correct part of the receiving base A, discards the error part of the receiving base A, and the classical bit received by the correct receiving base A is a communication KEY KEY-1 between the radio frequency module and the host;
the authentication module receives the correct part of the receiving base B, discards the error part of the receiving base B, and the classical bit received by the correct receiving base B is a communication KEY KEY-3 between the authentication module and the host;
s18: the radio frequency module receives the correct part of the receiving base B, the authentication module receives the correct part of the receiving base A, the correct part of the receiving base A and the repeated part of the correct part of the receiving base B, and the received classical bit forms a communication KEY KEY-2 between the radio frequency module and the authentication module.
2. The one-to-many key distribution method according to claim 1, wherein,
the method also comprises a one-to-many key verification method, which comprises the following steps:
s21: the user inputs a plaintext password in the host;
s22: the host encrypts the plaintext password by using a KEY KEY-1 to obtain a ciphertext A and sends the ciphertext A to the radio frequency module;
s23: the radio frequency module decrypts the ciphertext A by using the KEY KEY-1 to obtain a plaintext password, and S24 is carried out when the plaintext password passes verification, otherwise, the quit is abandoned;
s24: the radio frequency module encrypts a plaintext password into a ciphertext B by using a KEY KEY-2, sends the ciphertext B to the authentication module, and informs the authentication module whether to start authentication or not;
s25: the authentication module decrypts the ciphertext B by using the KEY KEY-2 to obtain a plaintext password, the plaintext password passes verification and receives the authentication starting message sent by the radio frequency module, and the authentication module starts authentication, otherwise, the authentication function is not started.
3. The one-to-many key distribution method according to claim 1, wherein,
the issuing in the disclosed manner is issuing in a broadcast form.
4. A one-to-many key distribution device is characterized in that,
the one-to-many key distribution device comprises a host, an authentication module and a radio frequency module;
the host is used for randomly generating a 0-1 classical bit string S, randomly selecting a transmission base bit by bit according to each bit of the bit string S, and sending out quantum bits generated by each bit of the bit string S in a public mode;
the radio frequency module is used for measuring received quantum bits bit by bit through a receiving base A to obtain classical bits, and then the receiving base A sequence is sent to a host; the receiving base A is a receiving base used by the radio frequency module;
the authentication module is used for measuring the received quantum bits bit by bit through the receiving base B to obtain classical bits, and then the receiving base B sequence is sent to a host; the receiving base B is a receiving base used by the authentication module;
the host is also used for comparing the own sending base with the receiving base A and the receiving base B respectively, calculating the correct parts of the receiving base A and the receiving base B respectively, and sending the correct parts of the receiving base A and the receiving base B in a public mode;
the radio frequency module and the authentication module respectively receive the correct parts of the receiving base A and the receiving base B, and a communication KEY KEY-1 and a communication KEY KEY-3 between the radio frequency module and the host are obtained by using classical bits received by the correct parts;
the radio frequency module receives the correct part of the receiving base B, the authentication module receives the correct part of the receiving base A, the repeat part of the correct part of the receiving base A and the correct part of the receiving base B, and the classical bit is received to obtain a communication KEY KEY-2 between the radio frequency module and the authentication module.
5. The one-to-many key distribution apparatus according to claim 4, wherein,
the host comprises a main control unit, a radio frequency combiner and an authentication module socket;
the main control unit is used for host data processing and host control management;
the radio frequency combiner is used for coupling radio frequency signals to the main control unit and the authentication module;
after the host sends a command to the radio frequency module, the main control unit and the authentication module can both receive and process the wireless signals fed back by the radio frequency module through the radio frequency splitting and combining device.
6. The one-to-many key distribution apparatus according to claim 5, wherein,
the host and the authentication module are physically separable;
the host is provided with an authentication module socket, and the authentication module can be connected with the host by inserting the authentication module socket;
the radio frequency combiner is connected with the authentication module through a radio frequency feeder line, and the radio frequency combiner is connected with the main control unit through a microstrip line.
7. The one-to-many key distribution apparatus according to claim 6, wherein,
the authentication module socket comprises a power supply unit and a hot plug detection unit;
the power supply unit is used for supplying power to the authentication module, and the power supply unit supplies power to the authentication module after detecting that the authentication module is inserted;
the hot plug detection unit is used for detecting whether the authentication module is plugged into the authentication module socket.
8. The one-to-many key distribution apparatus according to claim 7, wherein,
the hot plug detection unit uses two detection pins;
only when both detection pins display low level, the authentication module is judged to be inserted into the authentication module socket to supply power for the authentication module;
and when any one of the detection pins is displayed as high level, the power supply unit is turned off, and communication is ended.
9. The one-to-many key distribution apparatus according to claim 4, wherein,
the radio frequency module is of a 5-layer structure, and the stacking sequence of the 5-layer structure is as follows from inside to outside: the antenna comprises a metal shell (5), ferrite materials (4), a first acrylic cover plate (3), a radio-frequency antenna (2) and a second acrylic cover plate (1).
10. The one-to-many key distribution apparatus according to claim 9, wherein,
the ferrite material uses a wave-absorbing material membrane, and the thickness is not less than 1mm.
CN202111088518.1A 2021-09-16 2021-09-16 One-to-many key distribution method and device Active CN113645619B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111088518.1A CN113645619B (en) 2021-09-16 2021-09-16 One-to-many key distribution method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111088518.1A CN113645619B (en) 2021-09-16 2021-09-16 One-to-many key distribution method and device

Publications (2)

Publication Number Publication Date
CN113645619A CN113645619A (en) 2021-11-12
CN113645619B true CN113645619B (en) 2023-09-19

Family

ID=78425939

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111088518.1A Active CN113645619B (en) 2021-09-16 2021-09-16 One-to-many key distribution method and device

Country Status (1)

Country Link
CN (1) CN113645619B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114531239B (en) * 2022-04-20 2022-08-12 广州万协通信息技术有限公司 Data transmission method and system for multiple encryption keys

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991285A (en) * 2015-02-16 2016-10-05 阿里巴巴集团控股有限公司 Identity authentication methods, devices and system applied to quantum key distribution process
CN110247765A (en) * 2019-06-25 2019-09-17 湖北凯乐量子通信光电科技有限公司 A kind of quantum secure data link communications system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10291399B2 (en) * 2013-09-30 2019-05-14 Traid National Security, LLC Quantum-secured communications overlay for optical fiber communications networks
US10476854B2 (en) * 2017-04-20 2019-11-12 Bank Of America Corporation Quantum key distribution logon widget

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991285A (en) * 2015-02-16 2016-10-05 阿里巴巴集团控股有限公司 Identity authentication methods, devices and system applied to quantum key distribution process
CN110247765A (en) * 2019-06-25 2019-09-17 湖北凯乐量子通信光电科技有限公司 A kind of quantum secure data link communications system

Also Published As

Publication number Publication date
CN113645619A (en) 2021-11-12

Similar Documents

Publication Publication Date Title
US20090153290A1 (en) Secure interface for access control systems
US10104542B2 (en) Systems and methods for preventing transmitted cryptographic parameters from compromising privacy
US7548623B2 (en) Communication system, communication device, and communication method
US20030112972A1 (en) Data carrier for the secure transmission of information and method thereof
CN101410848B (en) Method and system for device authentication
MXPA06010776A (en) Authentication between device and portable storage.
US20150372813A1 (en) System and method for generating a random number
CN101789068B (en) Card reader safety certification device and method
WO2016195949A1 (en) Authenticating stylus device
WO2012019397A1 (en) Method and system for identifying radio frequency identification tag
CN113645619B (en) One-to-many key distribution method and device
US20080022101A1 (en) Data transmission method and apparatus
CN114900304A (en) Digital signature method and apparatus, electronic device, and computer-readable storage medium
US9154481B1 (en) Decryption of a protected resource on a cryptographic device using wireless communication
RU182969U1 (en) CRYPOGRAPHIC METER READER
US10511946B2 (en) Dynamic secure messaging
CN101908024A (en) Encrypting method, device and hard disk
CN108319870B (en) Electronic key equipment without keys
CN113988103B (en) RFID identification method based on multiple tags
US8953804B2 (en) Method for establishing a secure communication channel
US11363455B2 (en) Near field communication forum data exchange format (NDEF) messages with authenticated encryption
US20160226665A1 (en) Method for authentication of an object by a device capable of mutual contactless communication, corresponding system and object
WO2004054208A1 (en) Transferring secret information
US11272358B2 (en) Near field communication forum data exchange format (NDEF) messages
Jenkin et al. Secure communication between lightweight computing devices over the internet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant