CN201830272U - Network encryption machine based on quantum keys - Google Patents
Network encryption machine based on quantum keys Download PDFInfo
- Publication number
- CN201830272U CN201830272U CN2010205372402U CN201020537240U CN201830272U CN 201830272 U CN201830272 U CN 201830272U CN 2010205372402 U CN2010205372402 U CN 2010205372402U CN 201020537240 U CN201020537240 U CN 201020537240U CN 201830272 U CN201830272 U CN 201830272U
- Authority
- CN
- China
- Prior art keywords
- key
- quantum
- vpn
- virtual private
- private network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The utility model relates to a network encryption machine based on quantum keys, which is characterized in that in the existing VPN (virtual private network) system, a quantum key injection module is added; VPNs are connected with QKD (quantum key distribution) equipment through network ports, USB (universal serial bus) ports, Console ports, or any other interfaces capable of conducting data communication; a key reading channel is established; keys of the QKD equipment are read on the channel; and the QKD equipment transmits the keys with each other through a quantum fiber channel. The quantum VPNs send key requests to the QKD equipment, and after acquiring the keys from the QKD equipment, both the quantum VPNs conduct key synchronization, so as to determine whether the acquired keys are the same key pairs or not; and if the acquired keys are synchronized, communication data are encrypted and decrypted by using the acquired keys. By virtue of the mechanical characteristics of quanta, the quantum key transmission process cannot be broken through. The data are encrypted by adopting the quantum keys and an encryption manner of one-time pad is implemented, so that the data are guaranteed to be absolutely safe.
Description
Technical field
The utility model belongs to field of information security technology, is specifically related to VPN (virtual private network) (VPN) key code system.
Background technology
VPN (virtual private network) (VPN) is to be used on the network, data is carried out the communication equipment of encryption safe transmission.At present, traditional VPN (virtual private network) (VPN) key is to use internet information exchange (IKE) scheme, employed key all is to calculate after the information exchange carrying out on traditional network, traditional netkey exchange process is easy to suffer extraneous attack, therefore has very big risk on safety.The IKE system is to be based upon on the basis of computational complexity in addition, and this computational complexity is theoretically to confirm being to be perfectly safe reliably, when being attacked, has the possibility that is broken.
Summary of the invention
In order to overcome the deficiency of the employed key of existing VPN (virtual private network) (VPN) cipher key system at secure context; realization is to the safety encipher of clear data; the safe transmission of protected data or file; the utility model provides a kind of network encryption machine based on quantum key, and this quantum key network encryption machine can guarantee key being perfectly safe in transmission course.
Technical solution of the present utility model is as follows:
Network encryption machine based on quantum key comprises a pair of above VPN (virtual private network), i.e. first VPN (virtual private network) 1, second VPN (virtual private network) 2, link to each other by virtual private network tunnel between the adjacent virtual dedicated network, also comprise a pair of above quantum key distribution equipment, the i.e. first quantum key distribution equipment 1, the second quantum key distribution equipment 2, link to each other by optical fiber between the adjacent quantum key distribution equipment, described VPN (virtual private network) is passed through network interface, perhaps USB interface, perhaps Console interface or other can be used for the interface and the first quantum key distribution equipment 1 of transfer of data, the second quantum key distribution equipment 2 links to each other, set up the key fetch channel, in VPN (virtual private network), addition sub-key injection module, the quantum key injection module is responsible for getting key from quantum key distribution equipment (QKD), for encrypting or decipher, encrypt or decipher employed key from the first quantum key distribution equipment 1 in the data of transmission over networks, the second quantum key distribution equipment 2 obtains.
In the quantum VPN (virtual private network), it is that throughput quantum key distribution equipment (QKD) is transferred to the opposing party by a side that key obtains, and the passage of quantum key distribution equipment (QKD) transmission security key is an optical fiber.The quantum VPN (virtual private network) sends key request to quantum key distribution equipment (QKD), after obtaining key from quantum key distribution equipment (QKD), quantum VPN (virtual private network) both sides carry out key synchronization, determine that the key that obtains is that identical key is right, if correct synchronously, encrypt, decipher with the cipher key pair communication data of obtaining; If incorrect synchronously, ask key again.
Quantum key distribution equipment (QKD) is when receiving key request, according to the key management algorithm, distribute suitable key, if available key is arranged, just send key to VPN (virtual private network) VPN, in the process that key obtains, VPN (virtual private network) VPN and quantum key distribution equipment QKD need set up a session.VPN (virtual private network) VPN still continues to keep VPN (virtual private network) VPN work with old key when consulting new key, the negotiation of new key is to consult in the passage that old key is set up.VPN is when the key replacement cycle arrives, just need more new key, VPN sends out the request key to QKD, after correctly obtaining key, VPN (virtual private network) VPN tells the opposing party's VPN (virtual private network) VPN with the cipher key sequence that obtains number and Md5 check value, the opposing party VPN reads key according to the serial number that receives to quantum key distribution equipment QKD, the Md5 value that reads the key that relatively reads behind the key with receive whether consistent, if it is consistent, VPN respond to confirm that key obtains success (OK), represents that current key updating obtains success; If the key difference inconsistent, that expression two ends VPN obtains need be asked key again.
After successfully getting access to key, adopt quantum key that data are encrypted, and carry out the cipher mode of one-time pad, ensure being perfectly safe of data.
In the process of cipher key delivery, according to the quantum mechanics characteristic, the quantum VPN (virtual private network) can't be broken at cipher key transmitting process, even suffer external attack, attack also is easy to just be found.Therefore it all is impossible having adopted after the quantum transmission technology any third party to want to intercept and capture key.In the quantum VPN (virtual private network), replace traditional key obtain manner, it is that throughput quantum key distribution equipment (QKD) is transferred to the opposing party by a side that key obtains, and the passage of quantum key distribution equipment (QKD) transmission security key is an optical fiber.The quantum VPN (virtual private network) is to do a change on original VPN (virtual private network) (VPN) basis, in original VPN (virtual private network) (VPN) system, addition sub-key injection module, this quantum key injection module is responsible for getting key from quantum key distribution equipment (QKD), and carry out the cipher mode of one-time pad, ensure being perfectly safe of data.Can't be stolen by the third party.
The beneficial effects of the utility model are, can guarantee data being perfectly safe in transmission course when utilizing public network to set up Virtual Private Network, and only recruitment sub-key injection module in traditional VPN is simple in structure.The utility model is applicable to the diverse network of units such as government, enterprise, army, bank, security, insurance.
Description of drawings
Fig. 1 is a fundamental diagram of the present utility model.
Fig. 2 be among Fig. 1 quantum VPN how throughput quantum key distribution equipment (QKD) obtain the work sequence figure of key.
Fig. 3 is when quantum VPN obtains key among Fig. 2, and quantum key distribution equipment (QKD) use level sub-VPN is used to complete the work sequence figure of key management, renewal, use.
Embodiment
Below in conjunction with accompanying drawing, the utility model is done to describe further by embodiment.
Embodiment:
Referring to Fig. 1, network encryption machine based on quantum key comprises first VPN (virtual private network) 1 (VPN1), second VPN (virtual private network) 2 (VPN2), and first VPN (virtual private network) 1 (VPN1) links to each other by setting up VPN (virtual private network) (VPN) tunnel with second VPN (virtual private network) 2 (VPN2); Also comprise the first quantum key distribution equipment 1 (QKD1) and the second quantum key distribution equipment 2 (QKD2), link to each other by optical fiber between the two, VPN (virtual private network) is passed through network interface, perhaps USB interface, perhaps Console interface or other interfaces that can be used for transfer of data link to each other with the second quantum key distribution equipment 2 (QKD2) with the first quantum key distribution equipment 1 (QKD1), set up the key fetch channel, in VPN (virtual private network), addition sub-key injection module, the quantum key injection module is responsible for getting key from quantum key distribution equipment (QKD), for encrypting, encrypt employed key and obtain from the first quantum key distribution equipment 1 (QKD1) and the second quantum key distribution equipment 2 (QKD2) in the data of transmission over networks.In the process of cipher key delivery, according to the quantum mechanics characteristic, key is safe and reliable, can't be stolen by the third party.
In embodiment illustrated in figures 1 and 2, VPN (virtual private network) (VPN) is passed through port, perhaps USB mouth, perhaps any interface that can carry out data communication such as Console port links to each other with quantum key distribution (QKD) equipment, set up the key fetch channel, then the key that transmission quantity quantum key distribution (QKD) equipment produces on this passage.First VPN (virtual private network) 1 (VPN1) sends key request to quantum key distribution equipment 1 (QKD1) and connects, (QKD1) obtains key from quantum key distribution equipment 1, second VPN (virtual private network) 2 (VPN2) connects to quantum key distribution equipment 2 (QKD2) transmission key request simultaneously, (QKD2) obtains key from quantum key distribution equipment 2, first VPN (virtual private network) 1 (VPN1) is carried out key synchronization with second VPN (virtual private network) 2 (VPN2), determine that the key that obtains is that identical key is right, if correct synchronously, VPN (virtual private network) (VPN) is encrypted with the cipher key pair communication data of obtaining, deciphering.
As shown in Figure 3, quantum key distribution equipment 1 (QKD1) according to the key management algorithm, distributes suitable key when receiving key request, if available key is arranged, just sends key to the 3rd VPN (virtual private network) 1 (VPN1), in the process that key obtains.The 3rd VPN (virtual private network) 1 (VPN1) still continues to keep the work of the 3rd VPN (virtual private network) 1 (VPN1) with old key when consulting new key, the negotiation of new key is to consult in the passage that old key is set up.The 3rd VPN (virtual private network) 1 is when the key replacement cycle arrives, need more new key, the 3rd VPN (virtual private network) 1 (VPN1) is sent out the request key to quantum key distribution equipment 1 (QKD1), after correctly obtaining key, the 3rd VPN (virtual private network) 1 (VPN1) is told the 4th Virtual Private Network 2 (VPN2) with the cipher key sequence that obtains number and Md5 check value, the 4th Virtual Private Network 2 (VPN2) reads key according to the serial number that receives to quantum key distribution equipment 2 (QKD2), the Md5 value that reads the key that relatively reads behind the key with receive whether consistent, if it is consistent, the 4th Virtual Private Network 2 (VPN2) respond to confirm that key obtains success (OK), shows that current key updating obtains success; Otherwise respond key and obtain failure.
Claims (1)
1. based on the network encryption machine of quantum key, comprise a pair of above VPN (virtual private network), i.e. first VPN (virtual private network) 1, second VPN (virtual private network) 2, link to each other by virtual private network tunnel between the adjacent virtual dedicated network, it is characterized in that: also comprise a pair of above quantum key distribution equipment, the i.e. first quantum key distribution equipment 1, the second quantum key distribution equipment 2, link to each other by optical fiber between the adjacent quantum key distribution equipment, described VPN (virtual private network) is passed through network interface, perhaps USB interface, perhaps Console interface or other can be used for the interface and the first quantum key distribution equipment 1 of transfer of data, the second quantum key distribution equipment 2 links to each other, set up the key fetch channel, addition sub-key injection module in VPN (virtual private network), the quantum key injection module is responsible for getting key from quantum key distribution equipment, for encrypting or decipher, encrypt or decipher employed key from the first quantum key distribution equipment 1 in the data of transmission over networks, the second quantum key distribution equipment 2 obtains.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010205372402U CN201830272U (en) | 2010-09-17 | 2010-09-17 | Network encryption machine based on quantum keys |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010205372402U CN201830272U (en) | 2010-09-17 | 2010-09-17 | Network encryption machine based on quantum keys |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201830272U true CN201830272U (en) | 2011-05-11 |
Family
ID=43968785
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010205372402U Expired - Fee Related CN201830272U (en) | 2010-09-17 | 2010-09-17 | Network encryption machine based on quantum keys |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201830272U (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
| CN104202157A (en) * | 2014-09-16 | 2014-12-10 | 安徽量子通信技术有限公司 | Quantum key distribution (QKD) system synchronization method and device |
| CN105846995A (en) * | 2015-12-10 | 2016-08-10 | 安徽问天量子科技股份有限公司 | Vo LTE (Voice over LTE) quantum encryption terminal and encryption method |
| CN106161402A (en) * | 2015-04-22 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Encryption equipment key injected system based on cloud environment, method and device |
| CN106301769A (en) * | 2015-06-08 | 2017-01-04 | 阿里巴巴集团控股有限公司 | Quantum key output intent, storage consistency verification method, Apparatus and system |
| CN107483197A (en) * | 2017-09-14 | 2017-12-15 | 杭州迪普科技股份有限公司 | A kind of VPN terminal key distribution method and device |
| CN108075890A (en) * | 2016-11-16 | 2018-05-25 | 中兴通讯股份有限公司 | Data sending terminal, data receiver, data transmission method and system |
| WO2018095322A1 (en) * | 2016-11-28 | 2018-05-31 | 广东国盾量子科技有限公司 | Method for issuing quantum key chip, application method, issuing platform and system |
| CN108123797A (en) * | 2017-11-20 | 2018-06-05 | 安徽问天量子科技股份有限公司 | Network cryptographic device based on quantum key |
| CN108881313A (en) * | 2018-08-28 | 2018-11-23 | 中国银行股份有限公司 | A kind of telecommunication transmission system based on quantum wavelength-division multiplex |
| CN111865589A (en) * | 2020-08-14 | 2020-10-30 | 国科量子通信网络有限公司 | Quantum communication encryption system and method for realizing mobile communication quantum encryption transmission |
-
2010
- 2010-09-17 CN CN2010205372402U patent/CN201830272U/en not_active Expired - Fee Related
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102196425B (en) * | 2011-07-01 | 2013-04-03 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
| CN102196425A (en) * | 2011-07-01 | 2011-09-21 | 安徽量子通信技术有限公司 | Quantum-key-distribution-network-based mobile encryption system and communication method thereof |
| CN104202157B (en) * | 2014-09-16 | 2018-01-02 | 科大国盾量子技术股份有限公司 | The synchronous method and device of a kind of quantum key distribution system |
| CN104202157A (en) * | 2014-09-16 | 2014-12-10 | 安徽量子通信技术有限公司 | Quantum key distribution (QKD) system synchronization method and device |
| CN106161402A (en) * | 2015-04-22 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Encryption equipment key injected system based on cloud environment, method and device |
| CN106161402B (en) * | 2015-04-22 | 2019-07-16 | 阿里巴巴集团控股有限公司 | Encryption equipment key injected system, method and device based on cloud environment |
| US10581600B2 (en) | 2015-06-08 | 2020-03-03 | Alibaba Group Holding Limited | System, method, and apparatus for quantum key output, storage, and consistency verification |
| CN106301769B (en) * | 2015-06-08 | 2020-04-10 | 阿里巴巴集团控股有限公司 | Quantum key output method, storage consistency verification method, device and system |
| US11115200B2 (en) | 2015-06-08 | 2021-09-07 | Alibaba Group Holding Limited | System, method, and apparatus for quantum key output, storage, and consistency verification |
| CN106301769A (en) * | 2015-06-08 | 2017-01-04 | 阿里巴巴集团控股有限公司 | Quantum key output intent, storage consistency verification method, Apparatus and system |
| CN105846995A (en) * | 2015-12-10 | 2016-08-10 | 安徽问天量子科技股份有限公司 | Vo LTE (Voice over LTE) quantum encryption terminal and encryption method |
| CN108075890A (en) * | 2016-11-16 | 2018-05-25 | 中兴通讯股份有限公司 | Data sending terminal, data receiver, data transmission method and system |
| CN108123795A (en) * | 2016-11-28 | 2018-06-05 | 广东国盾量子科技有限公司 | Distributing method, application process, publishing platform and the system of quantum key chip |
| WO2018095322A1 (en) * | 2016-11-28 | 2018-05-31 | 广东国盾量子科技有限公司 | Method for issuing quantum key chip, application method, issuing platform and system |
| CN108123795B (en) * | 2016-11-28 | 2020-01-10 | 广东国盾量子科技有限公司 | Quantum key chip issuing method, application method, issuing platform and system |
| US11362818B2 (en) | 2016-11-28 | 2022-06-14 | Quantumctek (Guangdong) Co., Ltd. | Method for issuing quantum key chip, application method, issuing platform and system |
| CN107483197A (en) * | 2017-09-14 | 2017-12-15 | 杭州迪普科技股份有限公司 | A kind of VPN terminal key distribution method and device |
| CN108123797A (en) * | 2017-11-20 | 2018-06-05 | 安徽问天量子科技股份有限公司 | Network cryptographic device based on quantum key |
| CN108881313A (en) * | 2018-08-28 | 2018-11-23 | 中国银行股份有限公司 | A kind of telecommunication transmission system based on quantum wavelength-division multiplex |
| CN108881313B (en) * | 2018-08-28 | 2023-09-01 | 中国银行股份有限公司 | Communication transmission system based on quantum wavelet division multiplexing |
| CN111865589A (en) * | 2020-08-14 | 2020-10-30 | 国科量子通信网络有限公司 | Quantum communication encryption system and method for realizing mobile communication quantum encryption transmission |
| CN111865589B (en) * | 2020-08-14 | 2023-09-08 | 国科量子通信网络有限公司 | Quantum communication encryption system and method for realizing mobile communication quantum encryption transmission |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN201830272U (en) | Network encryption machine based on quantum keys | |
| CN103475464B (en) | A kind of power special quantum encryption gateway system | |
| CN104158653B (en) | A kind of safety communicating method based on the close algorithm of business | |
| CN103338215B (en) | The method setting up TLS passage based on the close algorithm of state | |
| CN112152817B (en) | Quantum key distribution method and system for authentication based on post-quantum cryptography algorithm | |
| US20100042841A1 (en) | Updating and Distributing Encryption Keys | |
| CN108881224A (en) | A kind of encryption method and relevant apparatus of electrical power distribution automatization system | |
| CN109194656A (en) | A kind of method of distribution wireless terminal secure accessing | |
| CN102111273B (en) | Pre-sharing-based secure data transmission method for electric load management system | |
| CN103763099A (en) | Electric power security communication network based on quantum key distribution technology | |
| CN108173644A (en) | Data transfer encryption method, device, storage medium, equipment and server | |
| CN107769913A (en) | A kind of communication means and system based on quantum UKey | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN104935553B (en) | Unified identity authentication platform and authentication method | |
| CN106685969A (en) | Hybrid-encrypted information transmission method and transmission system | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN203851153U (en) | Electric power security communication network based on quantum key distribution technology | |
| CN109274663A (en) | Communication means based on SM2 dynamic key exchange and SM4 data encryption | |
| CN211352206U (en) | IPSec VPN cryptographic machine based on quantum key distribution | |
| CN108123797A (en) | Network cryptographic device based on quantum key | |
| CN102413144A (en) | Secure access system for C/S architecture service and related access method | |
| CN104753682A (en) | Generating system and method of session keys | |
| CN112073182B (en) | Quantum key management method and system based on block chain | |
| CN109587149A (en) | A kind of safety communicating method and device of data | |
| JP5102701B2 (en) | Secret key distribution method and secret key distribution system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110511 Termination date: 20150917 |
|
| EXPY | Termination of patent right or utility model |