CN117676564A - Operation method of quantum secret communication system of track traffic CBTC - Google Patents

Abstract

The invention discloses an operation method of a quantum secret communication system of a track traffic CBTC, which comprises the following steps: the key is initially installed, and the CBTC ground subsystem safely fills the online protection key and the session key into the vehicle-mounted subsystem to update the key of the vehicle-mounted subsystem; the vehicle-ground safety communication is that firstly, a vehicle-mounted subsystem equipment business processing module sends plaintext data to a vehicle-mounted encryption and decryption module; then, the vehicle-mounted encryption and decryption module uses a session key and a symmetric encryption algorithm to protect confidentiality of data and sends the confidentiality to the ground encryption and decryption module of the ground subsystem equipment through the vehicle-to-ground wireless communication network; and finally, the ground encryption and decryption module decrypts by using the symmetrical session key and sends decrypted data to the ground subsystem equipment service processing module. According to the invention, quantum secret communication and CBTC are integrated efficiently, a quantum secret communication system of the track traffic CBTC is designed and realized, the safety protection of wireless communication data is realized, and the illegal eavesdropping risk in the data transmission process is eliminated.

Description

Operation method of quantum secret communication system of track traffic CBTC

Technical Field

The invention relates to an operation method of a quantum secret communication system of a track traffic CBTC, belonging to the technical field of quantum secret communication.

Background

In recent ten years, the urban rail transit industry in China develops rapidly, and the proportion of on-track trains and the complexity of urban rail transit networks are unprecedented. The CBTC system is the most widely used urban rail transit train operation control system in China, and consists of ground equipment and vehicle-mounted equipment, and based on a communication network of the train and the ground equipment, the CBTC system acquires the position of the train in real time and carries out movement authorization calculation so as to accurately control the train operation and obviously improve the driving efficiency.

With the deep integration of 4/5G large-scale commercial and CBTC system informatization and automation, CBTC automatic control networks tend to develop in a distributed and intelligent direction, more and more CBTC systems adopt wireless communication network architecture and standard user datagram protocol/Internet protocol (UDP/IP), and high-speed, large-capacity and bidirectional continuous information transmission can be realized between a train and ground equipment, but illegal eavesdropping risks are also introduced. Therefore, how to ensure the safe transmission of data is important.

One of the fundamental requirements for data security transmission is to ensure confidentiality of data, and a CBTC system generally adopts a symmetric encryption algorithm to encrypt the data and then transmit the data, so that confidentiality of system data can be ensured to a certain extent, but potential safety hazards exist. Shannon in the theory of communication of security systems proves that One-time Pad (OTP) has unconditional security, also known as theoretical security of information. OTP requires that the key to encrypt the information can only be used once at a time, which requires that the symmetric key must be updated quickly. The security of the symmetric encryption algorithm is completely dependent on the confidentiality of the symmetric key itself, according to the scientific principle. The key used by the current CBTC system is generally filled offline, so that the key is difficult to update rapidly, the multiplexing rate of the key is high, the multiplexing period is long, and leakage is very easy to occur in the multiplexing process. After the eavesdropper steals the secret key, the eavesdropper can easily acquire the service information of the CBTC system, and the risk of disclosure is brought.

The research on the safety protection of the CBTC system at home and abroad is still in a starting stage, and is mainly focused on standard establishment and safety communication protocol design. The existing CBTC system still has great information potential safety hazard, and it is particularly important to ensure the security in the system data transmission process.

Disclosure of Invention

In order to solve the problems, the invention discloses an operation method of a quantum secret communication system of a track traffic CBTC, which comprises the following specific technical scheme:

a quantum secret communication system of a track traffic CBTC comprises a vehicle-mounted subsystem, a ground subsystem and a communication subsystem; the vehicle-mounted subsystem comprises a train automatic protection unit, a train automatic driving unit and a vehicle-mounted wireless unit and is used for monitoring train operation, positioning and traction braking;

the ground subsystem comprises a ground area controller (Zone Control, ZC), computer interlocks (Computer Interlocking, CI), a data storage unit (Data Storage Unit, DSU) and a train automatic supervision (Automatic Train Supervision, ATS), wherein the ZC is used for receiving train information provided by VOBC so as to realize the functions of train automatic protection and automatic driving, the CI system is mainly used for processing related functions of handling routes or cancelling and the like of the train in respective Control fields, the DSU stores static and dynamic information, the static information comprises line speed limit and line gradient, and the dynamic information comprises temporary speed limit; the ATS comprises a central ATS of a control center and extension ATS distributed at each station and is responsible for providing an automatic monitoring function for a train;

the communication subsystem is a data communication system (Distributed Control System, DCS) and comprises a train-ground wireless communication network and a ground backbone network, wherein the train-ground wireless communication network is used for realizing bidirectional data interaction transmission between the train-mounted subsystem of the CBTC system and the ground subsystem and between all devices of the ground subsystem, the backbone network consists of a synchronous digital system, an elastic grouping ring and a network switch and provides a data transmission channel for ground devices, and the train-ground wireless communication network mainly depends on a wireless base station, a cable leakage, an antenna and a train-mounted wireless terminal to realize wireless communication.

Furthermore, the VOBC is communicated with the ground equipment through a wireless access network, and other subsystems complete information interaction through a backbone network; under a normal working state, the vehicle-mounted equipment acquires the position of a train on a line in real time by using the vehicle-mounted speed measuring and positioning equipment, reports the position, speed and state of the train to the ZC periodically, and the ZC calculates the Movement Authorization (MA) of the train according to the train route information, the barrier information and the temporary speed limiting information transmitted by the DUS transmitted by the CI and transmits the Movement Authorization (MA) to the vehicle-mounted equipment in the jurisdiction periodically; and the vehicle-mounted equipment calculates a safe speed curve of train operation according to the received shielding door information transmitted by MA and CI and the head code information transmitted by ATS, and controls the automatic driving of the train according to the safe speed curve.

An operation method of a quantum secret communication system of a track traffic CBTC comprises the following steps:

step 1: the Key is initially installed, the U-Key or the SD-Key is used for completing the initial protection Key injection of the CBTC ground subsystem and the vehicle-mounted subsystem, and the initial protection Key is only used when a train is started for the first time and passes through a first management and control domain;

step 2: station-to-station key service, providing online protection key and session key service for CBTC ground subsystem of each station;

step 3: station-car key filling, wherein the CBTC ground subsystem safely fills an online protection key and a session key to the car-mounted subsystem through a car-ground wireless communication network, so that key updating of the car-mounted subsystem is realized;

step 4: the vehicle-ground safety communication is that firstly, a vehicle-mounted subsystem equipment business processing module sends plaintext data to a vehicle-mounted encryption and decryption module;

then, the vehicle-mounted encryption and decryption module uses a session key and a symmetric encryption algorithm to protect confidentiality of data and sends the confidentiality to the ground encryption and decryption module of the ground subsystem equipment through the vehicle-to-ground wireless communication network;

and finally, the ground encryption and decryption module decrypts by using the symmetrical session key and sends decrypted data to the ground subsystem equipment service processing module.

Further, the key generation and transmission device and the key generation and reception device of each site in the step 2 are interconnected through an optical fiber link of the urban rail transit SDH network, and are extended to each site by adopting a chain structure to jointly form a quantum key generation and distribution subsystem, and the quantum key is output to the key management device through a wired network; the key management equipment of each site is uniformly connected to a CBTC system ground backbone network to form a quantum key service subsystem, so that symmetric quantum keys can be obtained between any two sites, and key service is provided for ZC, CI, ATS of the site; ZC, CI, ATS of each site is used as key application equipment, and after a key is acquired based on a private protocol, the key is safely filled into a CBTC vehicle-mounted subsystem through a vehicle-to-ground wireless communication network; the ground subsystem and the vehicle-mounted subsystem adopt symmetric keys to realize vehicle-ground secure communication.

Further, on the key distribution, a key grading system is constructed, the data of interaction between the VOBC and the ZC/CI/ATS is protected by adopting a session key, and the equipment registration information, the session key and a protection key to be used in the next management and control domain are protected by adopting a protection key.

Further, the method for updating the online protection key in the step 3 is as follows: firstly, a ground signal device ZC01 actively initiates a key application frame to a key management device No. 1, wherein the data frame accurately carries information source and information sink identifiers, the number of protected key applications and application serial numbers;

after receiving a protection key application frame sent by a ground signal device, a key management device No. 1 analyzes a protection key application requirement carried in the frame, then synchronizes the request to a key management device No. 2 through a key relay process, actively pushes a protection key for data decryption to the ground signal device No. 2, encapsulates the protection key into an active pushing frame, and the number of keys, a key ID and a key value carried by the active pushing frame are completely consistent with a protection key response frame;

the protection key pushing frame is sent later than the protection key active pushing frame, so that the ground signal equipment at the decryption end is ensured to receive the key preferentially;

after receiving the active push frame and analyzing the protection key, the ground signal equipment No. 2 responds to the active push response frame to the key management equipment No. 2, and carries the fields of the type of the key received by the ground signal equipment, whether the response is successful or not and the like;

after receiving the response, the key management device No. 2 informs the key management device No. 1 of the end of the active pushing flow through the key relay process, then provides a protection key for the ground signal device No. 1 according to the requirement, encapsulates the protection key into a protection key response frame, and accurately carries the source and sink identification, the protection key providing number, the key ID and the key value in the response frame;

the update flow of the online protection key is ended.

Further, the method for updating the session key in step 3 in real time includes: firstly, the ground signal equipment No. 1 actively initiates a key application frame to the key management equipment No. 1, the frame format is the same as the protection key application frame,

after receiving and analyzing the session key application frame, the key management device No. 1 encapsulates the session key information in the response frame as required to provide the session key for the ground signal device No. 1, and the update flow of the session key is ended.

Further, the specific process of the key distribution period in the step 4 is as follows:

the train maximum data frame throughput rate, i.e., VOBC maximum data frame throughput rate, is expressed as:

wherein: VOBC (volatile organic Block) supporting concurrent connection ZC maximum number Q _ZC VOBC supports the maximum number Q of concurrent connections CI _CI VOBC supports concurrent connection ATS maximum number Q _ATS ，T _MTCI 、T _MTzc 、T _MTATS 、T _MCIT 、T _MZCT 、T _MATST Sequentially representing the switching cycle of CI, ZC, ATS, CIT, CT, TST;

the ground station maximum data frame throughput rate, i.e. ZC, CI, ATS throughput rate sum Th _GR Expressed as:

wherein: th (Th) _ZC 、Th _CI 、Th _ATS Sequentially representing ZC, CI, ATS throughput rates;

the VOBC and the ground station ZC/CI/ATS datagram interaction adopts RSSP-I protocol, data frames in the protocol range are the smallest communication unit of interaction, and the system adopts a 'one-frame one-cipher' mode to complete transmission data encryption in combination with the performance of a quantum key generation and distribution subsystem, and because the number of single carrying session keys is not more than 60, the session key service rate R of key management equipment is realized _CKey Expressed as:

in "one frame one pad" mode, 1 protection key is used to encrypt a single data frame carrying no more than 60 session keys or protection keys, thus session key service rate R _CKey And protection key service rate R _PKey The method meets the following conditions:

namely:

obtaining the key distribution period among the devices of the system.

The working principle of the invention is as follows:

(1) By comparing and analyzing the functions and characteristics of the CBTC and the quantum secret communication system, combining the requirement of the current system on improving the data transmission safety capability in a wireless communication scene, a technology for fusing a secret key real-time updating mechanism of the quantum secret communication to improve the CBTC safety capability is provided, thereby conforming to the standards of the quantum secret communication and the rail transit industry, and further providing a basic principle that the technical system and the reliability, the specification and the performance are not influenced and are in accordance with the engineering construction standards.

(2) By analyzing the working principle of the quantum secret communication network and the CBTC networking scheme, a CBTC key real-time updating networking method based on quantum communication is provided, and a CBTC key real-time updating method, a key grading strategy and a key updating flow are designed. The system workflow, the core protocol and the process design are further realized, and the technical specification of the system is clarified, so that a CBTC key real-time updating system software scheme is constructed.

(3) The system realizes the function of updating the key in real time through an X86 platform, builds a quantum secret communication system of the track traffic CBTC based on FZL300 type CBTC developed by China general numbers, completes function verification and safety test, and the test result shows that the built system realizes the real-time updating of the CBTC key from nothing to nothing, the key updating rate can reach 133.3 groups/second, the problem of incomplete prevention of illegal interception existing in the CBTC is practically solved, and the safety protection short plate of the CBTC is made up.

The beneficial effects of the invention are as follows:

according to the invention, quantum secret communication and CBTC are integrated efficiently, a quantum secret communication system of the track traffic CBTC is designed and realized, the safety protection of wireless communication data is realized, and the illegal eavesdropping risk in the data transmission process is eliminated.

Drawings

Figure 1 is a unitary frame of the present invention,

figure 2 is a schematic representation of the principle of operation of the present invention,

fig. 3 is a key hierarchy of the present invention.

Detailed Description

The invention is further elucidated below in connection with the drawings and the detailed description. It should be understood that the following detailed description is merely illustrative of the invention and is not intended to limit the scope of the invention.

The theoretical basis of the invention is as follows: quantum secret communication is a research field combining quantum mechanics and cryptography. Based on the "Haisenberg uncertainty principle" and the "quantum state unclonable theorem" of quantum mechanics, the method truly realizes absolute safe data communication, and therefore becomes a research hotspot of international quantum physics and information science. The main research directions include: quantum key distribution, quantum invisible transmission, quantum secure direct communication, quantum dense encoding, and the like. The quantum secret communication research based on quantum key distribution has the longest time and is closest to practical use, and is the only industrialized quantum secret communication at present. It provides that both communication parties use quantum of light, single photon, as carrier of information to negotiate in real time to generate symmetric quantum key. The sender encrypts the information to be transmitted by adopting the symmetric quantum key and then sends the information to the receiver, and the receiver decrypts the ciphertext to obtain the transmitted information.

In the whole communication process, the quantum key distribution can ensure the quick updating of the key, the symmetric quantum key can be used immediately after being produced, long-time storage is not needed, and the absolute safety of an information system can be ensured by combining OTP on the basis. Therefore, the quantum secret communication technology is applied to the CBTC system, the short plates of the existing data transmission safety protection measures can be fully overcome, the system safety level is improved, and the quantum secret communication technology has great significance for improving the safety capability of urban rail transit train operation.

The specific process of the invention is as follows:

the first step: the Key is initially installed, and initial protection Key injection of the CBTC ground subsystem and the vehicle-mounted subsystem is completed by using the U-Key or the SD-Key;

and a second step of: station-to-station key service, wherein a quantum key service subsystem provides online protection keys and session key service for CBTC ground subsystems of all stations;

and a third step of: station-car key filling, wherein the CBTC ground subsystem safely fills an online protection key and a session key to the car-mounted subsystem through a car-ground wireless communication network, so that key updating of the car-mounted subsystem is realized;

fourth step: the vehicle-ground safety communication is that firstly, the vehicle-mounted subsystem equipment business processing module sends plaintext data to the vehicle-mounted encryption and decryption module. And then, the vehicle-mounted encryption and decryption module uses a session key and a symmetric encryption algorithm to protect confidentiality of data and sends the confidentiality to the ground encryption and decryption module of the ground subsystem equipment through the vehicle-to-ground wireless communication network. And finally, the ground encryption and decryption module decrypts by using the symmetrical session key and sends decrypted data to the ground subsystem equipment service processing module. Compared with the original CBTC system, the CBTC system applying the quantum secret communication technology has the capability of quickly updating the secret key, and can better protect the confidentiality of system data.

In this system, the quantum key service subsystem provides key services to the CBTC ground subsystem, which ensures that the system can update keys quickly. On the other hand, the quantum key service subsystem is the boundary between the newly added quantum secret communication system and the original CBTC system, and is the most core component part of the fusion system.

The key updating method of the invention is introduced by taking an FZL300 type CBTC system developed by China general numbers as a test object:

the system deploys quantum secret communication networking equipment at each station of urban rail transit, and builds a quantum secret communication network with a 'three-layer one-face' architecture. The key generation and transmission equipment and the key generation and reception equipment of each site are interconnected through an optical fiber link of an urban rail transit SDH network, and are extended to each site by adopting a chain structure to jointly form a quantum key generation and distribution subsystem, and the quantum key is output to the key management equipment through a wired network; the key management equipment of each site is uniformly connected to a CBTC system ground backbone network to form a quantum key service subsystem, so that symmetric quantum keys can be obtained between any two sites, and key service is provided for ZC, CI, ATS of the site; and ZC, CI, ATS of each site is used as key application equipment, and after the key is acquired based on a private protocol, the key is safely filled into the CBTC vehicle-mounted subsystem through the vehicle-to-ground wireless communication network. The ground subsystem and the vehicle-mounted subsystem adopt symmetric keys to realize vehicle-ground secure communication.

The system adopts a mode of key hierarchical protection to encrypt communication data by using a session key, and protects the key encryption protection key and the session key, so that the theoretical safety and reliability of the system key distribution process are ensured. Assume that the ground station numbers of urban rail transit are 1, 2, 3, … and n in sequence. The system level keys are shown in table 1.

Table 1 System level keys

The QCC-CBTC system adopts SM4 packet symmetric encryption algorithm to replace the DES algorithm commonly used by the original CBTC system. Because of the instability of wireless networks, CBTC system device data interactions follow a polling mechanism, typically employing UDP/IP protocols.

CBTC communication subsystem specifies that the single data frame length of the system interaction must be between 46-1500 bytes, which is determined by the MTU value of the network device. Because the header of the IP datagram is 20 bytes, the data field of the IP datagram does not exceed 1480 bytes at maximum, for storing the UDP datagram. The header of the UDP datagram is 8 bytes, and the data field of the single UDP datagram is no more than 1472 bytes at maximum.

Due to the characteristics of the UDP protocol, after the UDP datagram is fragmented, if a piece of data is lost during the transmission, the sink cannot reassemble the datagram, which results in the entire UDP datagram being discarded. Thus 1472 bytes is the maximum number of bytes available for a system UDP datagram. On the basis, the UDP datagram is considered to carry necessary fields in the data interaction process of message type, source and sink ID and the like, so that the number of the limited system UDP datagram carrying the session key or the protection key at a time is not more than 60. When the SM4 algorithm is adopted, the length of 60 keys is 960 bytes in total, the packaged UDP datagram does not exceed 1472 bytes, and a certain length allowance is reserved, so that future technology derivatization is facilitated.

The key allocation period of the system is calculated according to the actual running condition of the system.

In the FZL300 type CBTC system, the number of concurrent access VOBC supported by ZC/CI/ATS is shown in table 2. Thus, the ground station ensures Q of ZC/CI/ATS that any vehicle can access the station at the same time _Tmax ＝Q _TCI ＝20。

TABLE 2ZC/CI/ATS support for accessing VOBC device number

The number of VOBC supported concurrent connections ZC/CI/ATS is shown in Table 3.

TABLE 3 number of ZC/CI/ATS devices supporting concurrent connection by VOBC

The VOBC and ZC/CI/ATS data interaction period is shown in Table 4.

Table 4 datagram interaction period

The train maximum data frame throughput rate, i.e., VOBC maximum data frame throughput rate, is expressed as:

substituting the parameter values in the table into the above formula, and calculating to obtain Th _VOBC =28.67/s. The ground station maximum data frame throughput rate, i.e., ZC, CI, ATS throughput rate sum, is expressed as:

substituting the parameter values in the table into the above formula, and calculating to obtain Th _GR = 286.67/s.

The interaction of VOBC and the ZC/CI/ATS datagram of the ground station adopts RSSP-I protocol, and the data frame in the protocol range is the minimum communication unit of the interaction. By combining the performance of the quantum key generation and distribution subsystem, the system adopts a 'one-frame one-pad' mode to complete transmission data encryption. Since the number of the single carried session keys is not more than 60, the key management device session key service rate is expressed as:

substituting the parameter values in the table into the formula, and calculating to obtain R _CKey 5.26 pieces/second.

In the "one frame one cipher" mode, 1 protection key is used to encrypt a single data frame carrying no more than 60 session keys or protection keys. Thus session key service rate and protection key service rate R _PKey The method meets the following conditions:

namely:

calculate the available R _PKey Not less than 0.09 pieces/second.

In summary, the maximum operation requirement can be met by providing that the quantum key service subsystem transmits a session key frame period of 150ms and an online protection key frame period of 500ms to the CBTC ground subsystem. Thus, the key distribution period among the devices of the system can be obtained, and specific values are shown in table 5:

table 5 datagram interaction period

The technical means disclosed by the scheme of the invention is not limited to the technical means disclosed by the technical means, and also comprises the technical scheme formed by any combination of the technical features.

With the above-described preferred embodiments according to the present invention as an illustration, the above-described descriptions can be used by persons skilled in the relevant art to make various changes and modifications without departing from the scope of the technical idea of the present invention. The technical scope of the present invention is not limited to the description, but must be determined according to the scope of claims.

Claims (8)

1. The quantum secret communication system of the rail transit CBTC is characterized by comprising an on-board subsystem, a ground subsystem and a communication subsystem; the vehicle-mounted subsystem comprises a train automatic protection unit, a train automatic driving unit and a vehicle-mounted wireless unit and is used for monitoring train operation, positioning and traction braking;

the ground subsystem comprises a ground zone controller ZC, a computer interlocking CI, a data storage unit DSU and a train automatic supervision ATS, wherein the ZC is used for receiving train information provided by the VOBC so as to realize the functions of automatic train protection and automatic driving, the CI system is mainly used for processing related functions of handling routes or cancelling and the like of the train in respective control fields, the DSU stores static and dynamic information, the static information comprises line speed limit and line gradient, and the dynamic information comprises temporary speed limit; the ATS comprises a central ATS of a control center and extension ATS distributed at each station and is responsible for providing an automatic monitoring function for a train;

the communication subsystem is a data communication system DCS, and comprises a vehicle-ground wireless communication network and a ground backbone network, wherein the vehicle-ground wireless communication network is used for realizing bidirectional data interaction transmission between a vehicle-mounted subsystem of the CBTC system and the ground subsystem and between all devices of the ground subsystem, the backbone network consists of a synchronous digital system, an elastic grouping ring and a network switch, a data transmission channel is provided for ground devices, and the vehicle-ground wireless communication network mainly depends on a wireless base station, a leaky cable, an antenna and a vehicle-mounted wireless terminal to realize wireless communication.

2. The quantum secret communication system of the rail transit CBTC according to claim 1, wherein said VOBC communicates with ground equipment through a radio access network, and the remaining subsystems all complete information interaction through a backbone network; under a normal working state, the vehicle-mounted equipment acquires the position of a train on a line in real time by using the vehicle-mounted speed measuring and positioning equipment, reports the position, speed and state of the train to the ZC periodically, and the ZC calculates the movement authorization of the train according to the train route information, the barrier information and the temporary speed limiting information transmitted by the DUS transmitted by the CI and transmits the movement authorization to the vehicle-mounted equipment in the jurisdiction periodically; and the vehicle-mounted equipment calculates a safe speed curve of train operation according to the received shielding door information transmitted by MA and CI and the head code information transmitted by ATS, and controls the automatic driving of the train according to the safe speed curve.

3. A method of operating a quantum secure communications system based on a rail transit CBTC as claimed in claim 1 or claim 2, comprising the steps of:

step 1: the Key is initially installed, the U-Key or the SD-Key is used for completing the initial protection Key injection of the CBTC ground subsystem and the vehicle-mounted subsystem, and the initial protection Key is only used when a train is started for the first time and passes through a first management and control domain;

step 2: station-to-station key service, providing online protection key and session key service for CBTC ground subsystem of each station;

step 3: station-car key filling, wherein the CBTC ground subsystem safely fills an online protection key and a session key to the car-mounted subsystem through a car-ground wireless communication network, so that key updating of the car-mounted subsystem is realized;

step 4: the vehicle-ground safety communication is that firstly, a vehicle-mounted subsystem equipment business processing module sends plaintext data to a vehicle-mounted encryption and decryption module;

then, the vehicle-mounted encryption and decryption module uses a session key and a symmetric encryption algorithm to protect confidentiality of data and sends the confidentiality to the ground encryption and decryption module of the ground subsystem equipment through the vehicle-to-ground wireless communication network;

and finally, the ground encryption and decryption module decrypts by using the symmetrical session key and sends decrypted data to the ground subsystem equipment service processing module.

4. The method for operating a quantum secret communication system of a track traffic CBTC according to claim 3, wherein, in said step 2, the key generation transmitting device and the key generation receiving device of each site are interconnected through the optical fiber link of the urban track traffic SDH network, and are extended to each site by adopting a chain structure, so as to jointly form a quantum key generation distribution subsystem, and output the quantum key to the key management device through the wired network; the key management equipment of each site is uniformly connected to a CBTC system ground backbone network to form a quantum key service subsystem, so that symmetric quantum keys can be obtained between any two sites, and key service is provided for ZC, CI, ATS of the site; ZC, CI, ATS of each site is used as key application equipment, and after a key is acquired based on a private protocol, the key is safely filled into a CBTC vehicle-mounted subsystem through a vehicle-to-ground wireless communication network; the ground subsystem and the vehicle-mounted subsystem adopt symmetric keys to realize vehicle-ground secure communication.

5. A method of operating a quantum private communication system of a rail transit CBTC according to claim 3 wherein on key distribution, a key hierarchy is constructed, the data of VOBC interactions with ZC/CI/ATS are protected with session keys, and device registration information, session keys and protection keys to be used in the next regulatory domain are protected with protection keys.

6. The method for operating a quantum secret communication system of a track traffic CBTC according to claim 3, wherein said step 3 online protection key updating method is: firstly, a ground signal device ZC01 actively initiates a key application frame to a key management device No. 1, wherein the data frame accurately carries information source and information sink identifiers, the number of protected key applications and application serial numbers;

after receiving a protection key application frame sent by a ground signal device, a key management device No. 1 analyzes a protection key application requirement carried in the frame, then synchronizes the request to a key management device No. 2 through a key relay process, actively pushes a protection key for data decryption to the ground signal device No. 2, encapsulates the protection key into an active pushing frame, and the number of keys, a key ID and a key value carried by the active pushing frame are completely consistent with a protection key response frame;

the protection key pushing frame is sent later than the protection key active pushing frame, so that the ground signal equipment at the decryption end is ensured to receive the key preferentially;

after receiving the active push frame and analyzing the protection key, the ground signal equipment No. 2 responds to the active push response frame to the key management equipment No. 2, and carries the fields of the type of the key received by the ground signal equipment, whether the response is successful or not and the like;

after receiving the response, the key management device No. 2 informs the key management device No. 1 of the end of the active pushing flow through the key relay process, then provides a protection key for the ground signal device No. 1 according to the requirement, encapsulates the protection key into a protection key response frame, and accurately carries the source and sink identification, the protection key providing number, the key ID and the key value in the response frame;

the update flow of the online protection key is ended.

7. The method for operating a quantum secret communication system of a track traffic CBTC according to claim 3, wherein said method for updating a session key in step 3 in real time is: firstly, the ground signal equipment No. 1 actively initiates a key application frame to the key management equipment No. 1, the frame format is the same as the protection key application frame,

after receiving and analyzing the session key application frame, the key management device No. 1 encapsulates the session key information in the response frame as required to provide the session key for the ground signal device No. 1, and the update flow of the session key is ended.

8. The method for operating a quantum secret communication system of a track traffic CBTC according to claim 3 wherein said step 4 is characterized by the specific procedure of a key distribution cycle:

train maximum data frame throughput rate, VOBC maximum data frame throughput rate Th _VOBC Expressed as:

wherein: VOBC (volatile organic Block) supporting concurrent connection ZC maximum number Q _ZC VOBC supports the maximum number Q of concurrent connections CI _CI VOBC supporting concurrent connectionsMaximum number Q of ATS connection _ATS ，T _MTCI 、T _MTzc 、T _MTATS 、T _MCIT 、T _MZCT 、T _MATST Sequentially representing the switching cycle of CI, ZC, ATS, CIT, CT, TST;

the ground station maximum data frame throughput rate, i.e. ZC, CI, ATS throughput rate sum Th _GR Expressed as:

wherein: th (Th) _ZC 、Th _CI 、Th _ATS Sequentially representing ZC, CI, ATS throughput rates;

the VOBC and the ground station ZC/CI/ATS datagram interaction adopts RSSP-I protocol, data frames in the protocol range are the smallest communication unit of interaction, and the system adopts a 'one-frame one-cipher' mode to complete transmission data encryption in combination with the performance of a quantum key generation and distribution subsystem, and because the number of single carrying session keys is not more than 60, the session key service rate R of key management equipment is realized _CKey Expressed as:

in "one frame one pad" mode, 1 protection key is used to encrypt a single data frame carrying no more than 60 session keys or protection keys, thus session key service rate R _CKey And protection key service rate R _PKey The method meets the following conditions:

namely:

obtaining the key distribution period among the devices of the system.