CN208638376U - A kind of telecommunication transmission system based on quantum wavelength-division multiplex - Google Patents

A kind of telecommunication transmission system based on quantum wavelength-division multiplex Download PDF

Info

Publication number
CN208638376U
CN208638376U CN201821391835.4U CN201821391835U CN208638376U CN 208638376 U CN208638376 U CN 208638376U CN 201821391835 U CN201821391835 U CN 201821391835U CN 208638376 U CN208638376 U CN 208638376U
Authority
CN
China
Prior art keywords
quantum
equipment
classical
data
division multiplexing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn - After Issue
Application number
CN201821391835.4U
Other languages
Chinese (zh)
Inventor
杜放
赵铖
林蓉
胡俊
陈冠廷
陈君惠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN201821391835.4U priority Critical patent/CN208638376U/en
Application granted granted Critical
Publication of CN208638376U publication Critical patent/CN208638376U/en
Withdrawn - After Issue legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Optical Communication System (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a kind of telecommunication transmission system based on quantum wavelength-division multiplex, including the first quantum key distribution equipment, quantum cryptography equipment, firewall, router, the first data processing equipment and the first quantum wavelength division multiplexing equipment;First quantum key distribution equipment is to distribute quantum signal, receive and dispatch classical negotiation data, negotiate to generate quantum key, and quantum key is sent to quantum cryptography equipment via firewall, classical negotiation data is sent to router, quantum signal is sent to the first quantum wavelength division multiplexing equipment by quantum channel;Quantum cryptography equipment utilization quantum key carries out encryption to classical business datum and encrypted classical business datum is back to router;The quantum key that first quantum key distribution equipment is sent to quantum cryptography equipment is filtered isolation by firewall.Effectively trust in enterprise area can be isolated with external non-trust area in the lesser situation of variation to existing network framework by the application.

Description

A kind of telecommunication transmission system based on quantum wavelength-division multiplex
Technical field
This application involves Technique on Quantum Communication field more particularly to a kind of communications systems based on quantum wavelength-division multiplex System.
Background technique
Due to the sensibility of financial industry, financial industry has " Gao Baomi ", " high safety ", " highly reliable " to business information The strict demand of property, and quantum secret communication is the secret communication skill of the currently the only certifiable information security by Strict Proof Art.Quantum secret communication is indivisible using single photon, the irreproducible characteristic of quantum state realizes that the safety between communicating pair is close Key distribution realizes unconditional security characteristic not available for conventional communication mode in conjunction with " one-time pad " technology, passes in secrecy There are extensive research and application prospect in terms of defeated, digital signature, authentication, is considered as financial field next generation's secure communication Key technology.
But the investment of transformation quantum secret communication early period is excessive, in view of this, being currently suggested a kind of quantum communications and warp The total fine transmission mode of allusion quotation optical transmission system, as shown in Figure 1, it illustrates the optical signal of quantum in the prior art-classics optical signals The structural schematic diagram of fibre system altogether.Wherein classical channel is used for transmission the sensitive traffic data after quantum cryptography;Auxiliary letter Road is used for transmission the control data (such as check code etc.) of quantum negotiation etc.;Point of the quantum channel for sending and receiving end quantum signal Hair.The coupling after quantum optical signal-classics optical signal altogether fine system multiplex of the different channel of the three tunnels function passes through a light Fibre can pass to opposite end.Opposite end obtains after receiving multiplex signal through the total fine system analysis of excessive sub-light signal-classics optical signal To classical channel signal, supplemental channel signal and quantum channel signal, and pass through classical channel, auxiliary channel and quantum letter respectively Road passes to classical communication equipment/system of opposite end, quantum communications equipment/system.Quantum optical signal-classics the optical signal is fine altogether System can greatly reduce quantum secret communication network construction cost, this is beneficial to the use of quantum secret communication and pushes away Extensively.
Present applicant have found that fine Transmission system is to exist to existing quantum optical signal-classics optical signal altogether at present The problem of security domain separation, specifically as shown in connection with fig. 2, wherein the sensitive traffic data that classical router is used to need to encrypt It drains into quantum VPN (VirtualPrivate Network, Virtual Private Network);Quantum gateway (is measured for sending and receiving end Sub- gateway A and quantum gateway B) between quantum key generate;Quantum VPN closes the quantum key generated to quick for usage amount subnet Sense business datum is encrypted;The application of MSAP/MSTP (Multi-Service Access Device/multi-service transport platform equipment) based on SDH Platform, access and transmission for network;Quantum wavelength division multiplexing equipment is used for the coupling of multipath light signal.
In actual application, sensitive traffic data drain into quantum VPN to be encrypted and (add via classical router Close quantum key is provided by quantum gateway A), subsequent encrypted sensitive traffic data are back to classical router, and quantum The classical negotiation data (being mainly used for verification etc.) that gateway A provides is also sent to classical router, and classical router will receive Encrypted sensitive traffic data and classical negotiation data be sent to MSAP/MSTP platform, and then MSAP/MSTP platform will be through The encrypted sensitive traffic data and classical negotiation data that allusion quotation router is sent are sent to quantum wavelength division multiplexing equipment.Finally, Quantum wavelength division multiplexing equipment sends out encrypted sensitive traffic data, the classical sub- gateway A of negotiation data same amount by quantum channel The quantum channel signal sent is coupled into an optical fiber and is transferred to opposite end.The quantum wavelength division multiplexing equipment of opposite end receives coupled signal Afterwards, it demultiplexes the coupled signal and obtains encrypted sensitive traffic data, classical negotiation data and quantum channel signal.
During above-mentioned realization, the quantum gateway B that quantum gateway A needs to connect operator's local side carries out quantum key Negotiate, is synchronous, it is non-trust area that for financial institution, operator's local side, which belongs to external network,.While quantum gateway A is also It needs the quantum key of generation being sent to quantum VPN, sensitive traffic data be encrypted by quantum VPN, for financial machine For structure, it is trusted domain that quantum gateway A vector sub-VPN direction, which belongs to internal network,.Obviously, in the existing network architecture not There are the means of security domain separation, directly accesses or even distort the risk of trust in enterprise area data there are external non-trust area, exist The problem of serious security domain separation, does not meet the demand of financial field security management and control.
Utility model content
The application provides a kind of telecommunication transmission system based on quantum wavelength-division multiplex, for solving existing quantum light letter Number-altogether there is security domain separation in fine Transmission system to classics optical signal.Technical solution is as follows:
One side based on the application, the application provide a kind of telecommunication transmission system based on quantum wavelength-division multiplex, comprising:
It is connected with router, the first quantum wavelength division multiplexing equipment and firewall, described in the quantum key warp for that will generate Firewall is sent to quantum cryptography equipment, and classical negotiation data is sent to the router, and quantum signal is believed by quantum Road is sent to the first quantum key distribution equipment of the first quantum wavelength division multiplexing equipment;
It is connected with the first quantum key distribution equipment, the quantum cryptography equipment and the first data processing equipment, uses In receiving classical business datum and the classical business datum being drained into the quantum cryptography equipment, the quantum cryptography is received The encrypted classical business datum that equipment returns, receives the classics that the first quantum key distribution equipment is sent and negotiates number According to, and the classical negotiation data, the encrypted classical business datum be sent to first data processing equipment Router;
It is connected with the router and the firewall, the warp sent for receiving the first quantum key distribution equipment The classical business datum is encrypted by the quantum key of the firewall, and using the quantum key, will be added Classical business datum after close is back to the quantum cryptography equipment of the router;
Between the first quantum key distribution equipment and the quantum cryptography equipment, it is used for first quantum The quantum key that cipher key distribution system is sent to the quantum cryptography equipment is filtered the firewall of isolation;
It is connected with the router and the first quantum wavelength division multiplexing equipment, the institute sent for receiving the router Encrypted classical business datum and the classical negotiation data are stated, and will the encrypted classics business datum and the warp Allusion quotation negotiation data is sent to the first data processing equipment of the first quantum wavelength division multiplexing equipment;
It is connected with first data processing equipment and the first quantum key distribution equipment, being used for will be from described first The encrypted classical business datum and the classical negotiation data that data processing equipment receives, with from first amount After the quantum signal that quantum key distribution equipment receives carries out multiplex, the first quantum wavelength-division for being transmitted to data receiver is multiple Use equipment.
Optionally, the data receiver includes:
It is connect with the first quantum wavelength division multiplexing equipment, for receiving and parsing through the first quantum wavelength division multiplexing equipment The data of output obtain the second of the encrypted classical business datum, the classical negotiation data and the quantum signal Quantum wavelength division multiplexing equipment;
It is connect with the second quantum wavelength division multiplexing equipment and the second quantum key distribution equipment, for receiving described second The encrypted classical business datum and the classical negotiation data that quantum wavelength division multiplexing equipment is sent, and by the encryption The classical negotiation data is transmitted to the second quantum key distribution equipment to carrier network by classical business data transmission afterwards The second data processing equipment;
It is connect with the second quantum wavelength division multiplexing equipment and second data processing equipment, for receiving described second The quantum signal that quantum wavelength division multiplexing equipment is sent, and receive the classics that second data processing equipment is sent Negotiation data, and quantum signal is interacted with the first quantum key distribution equipment negotiates to generate the of quantum key Two quantum key distribution equipment.
Optionally, the first quantum wavelength division multiplexing equipment and the second quantum wavelength division multiplexing equipment are connected by optical fiber It connects.
Optionally, first data processing equipment includes Multi-Service Access Device or multi-service transport platform equipment.
Optionally, second data processing equipment includes Multi-Service Access Device or multi-service transport platform equipment.
Another aspect based on the application, the application provide a kind of telecommunication transmission system based on quantum wavelength-division multiplex, packet It includes:
It is connected with the first quantum wavelength division multiplexing equipment, firewall and the first data processing equipment, the quantum for will generate Key is sent to quantum cryptography equipment through the firewall, and classical negotiation data is sent to first data processing equipment, Quantum signal is sent to the first quantum key distribution equipment of the first quantum wavelength division multiplexing equipment by quantum channel;
It is connected with the quantum cryptography equipment and first data processing equipment, for receiving classical business datum and inciting somebody to action The classics business datum drains into the quantum cryptography equipment, receives the encrypted classics that the quantum cryptography equipment returns Business datum, and the encrypted classical business datum is sent to the router of first data processing equipment;
It is connected with the router and the firewall, the warp sent for receiving the first quantum key distribution equipment The classical business datum is encrypted by the quantum key of the firewall, and using the quantum key, will be added Classical business datum after close is back to the quantum cryptography equipment of the router;
Between the first quantum key distribution equipment and the quantum cryptography equipment, it is used for first quantum The quantum key that cipher key distribution system is sent to the quantum cryptography equipment is filtered the firewall of isolation;
It is connected with the router, the first quantum key distribution equipment and the first quantum wavelength division multiplexing equipment, The encrypted classical business datum sent for receiving the router, receives the first quantum key distribution equipment The classical negotiation data sent, and the encrypted classical business datum and the classical negotiation data are counted After isolation, it is sent to the first data processing equipment of the first quantum wavelength division multiplexing equipment;
It is connected with first data processing equipment and the first quantum key distribution equipment, being used for will be from described first The encrypted classical business datum and the classical negotiation data that data processing equipment receives, with from first amount After the quantum signal that quantum key distribution equipment receives carries out multiplex, the first quantum wavelength-division for being transmitted to data receiver is multiple Use equipment.
Optionally, the data receiver includes:
It is connect with the first quantum wavelength division multiplexing equipment, for receiving and parsing through the first quantum wavelength division multiplexing equipment The data of output obtain the second of the encrypted classical business datum, the classical negotiation data and the quantum signal Quantum wavelength division multiplexing equipment;
It is connect with the second quantum wavelength division multiplexing equipment and the second quantum key distribution equipment, for receiving described second The encrypted classical business datum and the classical negotiation data that quantum wavelength division multiplexing equipment is sent, and by the encryption The classical negotiation data is transmitted to the second quantum key distribution equipment to carrier network by classical business data transmission afterwards The second data processing equipment;
It is connect with the second quantum wavelength division multiplexing equipment and second data processing equipment, for receiving described second The quantum signal that quantum wavelength division multiplexing equipment is sent, and receive the classics that second data processing equipment is sent Negotiation data, and quantum signal is interacted with the first quantum key distribution equipment negotiates to generate the of quantum key Two quantum key distribution equipment.
Optionally, the first quantum wavelength division multiplexing equipment and the second quantum wavelength division multiplexing equipment are connected by optical fiber It connects.
Optionally, first data processing equipment includes Multi-Service Access Device or multi-service transport platform equipment.
Optionally, second data processing equipment includes Multi-Service Access Device or multi-service transport platform equipment.
In telecommunication transmission system provided by the present application based on quantum wavelength-division multiplex, by being set in the first quantum key distribution It is standby between quantum cryptography equipment, it is close that quantum for the first quantum key distribution equipment to be sent to quantum cryptography equipment is set Key is filtered the firewall of isolation, realizes in the case where changing very little to existing network framework, using firewall, (this is anti- Wall with flues need to have parsing quantum optical signal ability) complete Intranet trusted domain and outer net non-trust area isolation, effectively solve The problem of security domain separation existing for telecommunication transmission system in the prior art based on quantum wavelength-division multiplex, meet financial prison The requirement of pipe.In addition, the telecommunication transmission system structure novel provided by the present application based on quantum wavelength-division multiplex, economical and practical, tool There are higher market value and wide applicability.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The embodiment of application for those of ordinary skill in the art without creative efforts, can also basis The attached drawing of offer obtains other attached drawings.
Fig. 1 is the structural schematic diagram of the total fine system of quantum optical signal-classics optical signal in the prior art;
Fig. 2 is another structural schematic diagram of the total fine system of quantum optical signal-classics optical signal in the prior art;
Fig. 3 is the structural schematic diagram of the telecommunication transmission system provided by the present application based on quantum wavelength-division multiplex;
Fig. 4 is another structural schematic diagram of the telecommunication transmission system provided by the present application based on quantum wavelength-division multiplex;
Fig. 5 is the yet another construction schematic diagram of the telecommunication transmission system provided by the present application based on quantum wavelength-division multiplex;
Fig. 6 is the yet another construction schematic diagram of the telecommunication transmission system provided by the present application based on quantum wavelength-division multiplex.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall in the protection scope of this application.
This application provides a kind of telecommunication transmission system based on quantum wavelength-division multiplex, which specifically proposes close in quantum Key discharge device and quantum cryptography equipment room carry out the realization of isolation control by setting firewall to trusted domain and non-trust area Mode can meet " Gao Baomi " of supervision, " high safety ", " highly reliable " property are wanted in the case where changing very little to existing net It asks.
Specifically, as shown in figure 3, the telecommunication transmission system 100 provided by the present application based on quantum wavelength-division multiplex is at least wrapped Include: the first quantum key distribution equipment 110, quantum cryptography equipment 120, firewall 130, router 140, the first data processing are set Standby 150 and the first quantum wavelength division multiplexing equipment 160.
Wherein, the first quantum key distribution equipment 110 is multiple with router 140, firewall 130 and the first quantum wavelength-division respectively It is connected with equipment 160, is mainly used for distributing quantum signal, receives and dispatches classical negotiation data and negotiate to generate quantum key.This Shen Please in the first quantum key distribution equipment 110 can be specially quantum gateway.
Specifically in the application, the first quantum key distribution equipment 110 sends the quantum key of generation through firewall 130 To quantum cryptography equipment 120, classical negotiation data is sent to router 140, and quantum signal is sent out by quantum channel It send to the first quantum wavelength division multiplexing equipment 160.
Router 140 respectively with the first quantum key distribution equipment 110, quantum cryptography equipment 120 and the first data processing Equipment 150 is connected, specifically for receiving classical business datum and the classical business datum being drained into quantum cryptography equipment 120, and the encrypted classical business datum of the return of quantum cryptography equipment 120 is received, and for receiving the first quantum key The classical negotiation data that discharge device 110 is sent.In turn, the warp that router 140 sends the first quantum key distribution equipment 110 The encrypted classical business datum that allusion quotation negotiation data and quantum cryptography equipment 120 return is sent to the first data processing and sets Standby 150.
In the application, sensitive traffic data that the classical business datum that router 140 receives as needs to encrypt.
Quantum cryptography equipment 120 is connected with router 140 and firewall 130 respectively, for receiving the first quantum key point The quantum key via the firewall 130 that equipment 110 is sent is sent out, and router 140 is sent using the quantum key Classical business datum encrypted, and then encrypted classical business datum is back to router 140.Amount in the application Son encryption equipment 120 can be specially quantum VPN.
Particularly, the application is additionally arranged fire prevention between the first quantum key distribution equipment 110 and quantum cryptography equipment 120 Wall 130, firewall 130 first quantum key distribution equipment 110 can be sent to the quantum key of quantum cryptography equipment 120 into Row filtering isolation.
Quantum communications wavelength-division multiplex technique is applied at financial field, in order to meet Financial Information " Gao Baomi ", " Gao An Entirely ", the requirement of " highly reliable " property, using the technological means that internal trusted domain and external non-trust area are isolated.It is connecting Trust in enterprise area, external non-trust area the first quantum key distribution equipment 110 and quantum cryptography equipment 120 between, add one Firewall 130 is isolated with this internal external network.
First data processing equipment 150 is connected with router 140 and the first quantum wavelength division multiplexing equipment 160 respectively, is used for The encrypted classical business datum and the classical negotiation data that receiving router 140 is sent, and will be after the encryption Classical business datum and the classical negotiation data be sent to the first quantum wavelength division multiplexing equipment 160.
In the application, the first data processing equipment 150 is used for the access and transmission of network, is chosen as multi-service transport platform Equipment (MSTP) or Multi-Service Access Device (MSAP).
First quantum wavelength division multiplexing equipment 160 is set with the first data processing equipment 150 and the first quantum key distribution simultaneously Standby 110 are connected, for by the encrypted classical business datum received from the first data processing equipment 150 and the warp Allusion quotation negotiation data is transmitted to number after carrying out multiplex from the quantum signal that the first quantum key distribution equipment 110 receives According to receiving end.
In telecommunication transmission system 100 provided by the present application based on quantum wavelength-division multiplex, the first quantum key distribution equipment Quantum key is sent to quantum cryptography equipment 120 after the filtering of firewall 130 by 110, and classical negotiation data is sent to road The first quantum wavelength division multiplexing equipment 160 is sent to by quantum channel by device 140, and by quantum signal.Router 140 will connect The classical business datum received drains into quantum cryptography equipment 120, and quantum cryptography equipment 120 utilizes the first quantum key distribution The quantum key that equipment 110 is sent encrypts the classical business datum.Subsequent router 140 receives quantum cryptography equipment The 120 encrypted classical business datums returned.Further, router 140 will be after the classical negotiation data that received and encryption Classical business datum be sent to the first data processing equipment 150, the first data processing equipment 150 continues the classics that will be received Negotiation data and encrypted classical business datum are sent to the first quantum wavelength division multiplexing equipment 160.
Finally, by the first quantum wavelength division multiplexing equipment 160 by encrypted sensitive traffic data, classical negotiation data and amount Sub-channel data multiplex is coupled into an optical fiber and passes to data receiver.
Obviously, in the telecommunication transmission system provided by the present application based on quantum wavelength-division multiplex, by the first quantum key Between discharge device 110 and quantum cryptography equipment 120, setting one is used for 110 amount of being sent to of the first quantum key distribution equipment The quantum key of son encryption equipment 120 is filtered the firewall 130 of isolation, realizes and is changing very little to existing network framework In the case where, using firewall 130 (firewall need to have parsing quantum optical signal ability) complete Intranet trusted domain and The isolation of outer net non-trust area efficiently solves peace existing for the telecommunication transmission system in the prior art based on quantum wavelength-division multiplex The problem of universe is isolated, meet the requirement of financial supervision.In addition, the communication provided by the present application based on quantum wavelength-division multiplex passes Defeated system structure is novel, economical and practical, market value and wide applicability with higher.
In order to further described in more detail to the telecommunication transmission system provided by the present application based on quantum wavelength-division multiplex, Applicant further carries out the data receiver in the telecommunication transmission system 100 provided by the present application based on quantum wavelength-division multiplex It is described in detail, as shown in figure 4, the data receiver may include: the second quantum key distribution equipment 170, the second quantum wave Divide multiplexing equipment 180 and the second data processing equipment 190.Specifically in this application:
Second quantum wavelength division multiplexing equipment 180 is connect with the first quantum wavelength division multiplexing equipment 160, for receiving and parsing through The data of one quantum wavelength division multiplexing equipment 160 output obtain the encrypted classical business datum, the classical negotiation data With the quantum signal.
Specifically in this application, lead between the first quantum wavelength division multiplexing equipment 160 and the second quantum wavelength division multiplexing equipment 180 Cross optical fiber connection.
Second data processing equipment 190 is set with the second quantum wavelength division multiplexing equipment 180 and the second quantum key distribution respectively Standby 170 connection, for receiving the encrypted classics business datum of the second quantum wavelength division multiplexing equipment 180 transmission and described Classical negotiation data, and negotiate by the encrypted classical business data transmission to carrier network, and by the classics Data are transmitted to the second quantum key distribution equipment 170.
In the application, the second data processing equipment 190 is chosen as multi-service transport platform equipment (MSTP) or multi-service Access device (MSAP).Sensitive traffic data (i.e. classical business datum) in the application are sent to by MSAP/MSTP platform In the classic network of operator.
Second quantum key distribution equipment 170 is set with the second quantum wavelength division multiplexing equipment 180 and the second data processing respectively Standby 190 connection, for receiving the quantum signal of the second quantum wavelength division multiplexing equipment 180 transmission, and the second data of reception The classical negotiation data that processing equipment 190 is sent, and quantum letter is interacted with the first quantum key distribution equipment 110 Number, negotiate to generate quantum key.The second quantum key distribution equipment 170 can be specially quantum gateway in the application.
The operational process general summary of telecommunication transmission system 100 provided by the present application based on quantum wavelength-division multiplex is as follows:
170 dispensed amount sub-light signal of first quantum key distribution equipment 110 and the second quantum key distribution equipment negotiates life At quantum key.
Quantum key is sent to quantum cryptography after the filtering of firewall 130 and set by the first quantum key distribution equipment 110 Standby 120 and first quantum key distribution equipment 110 classical negotiation data is sent to router 140, subsequent router 140 Classical negotiation data is sent to the first data processing equipment 150 (MSAP/MSTP platform)
Sensitive business datum (i.e. classical business datum) via router 140 drain into quantum cryptography equipment 120 into Row encryption, after then encrypted classical business datum returns to router 140, router 140 is sent it at the first data Manage equipment 150.
The encrypted sensitive traffic data received and classical negotiation data are sent to by the first data processing equipment 150 First quantum wavelength division multiplexing equipment 160.
First quantum wavelength division multiplexing equipment 160 is by encrypted sensitive traffic data, classical negotiation data, quantum channel number An optical fiber, which is coupled into, according to multiplex passes to the second quantum wavelength division multiplexing equipment 180.
After second quantum wavelength division multiplexing equipment 180 receives coupled signal, the coupled signal is demultiplexed, after obtaining encryption Sensitive traffic data, classical negotiation data and quantum channel data.
Further, the second quantum wavelength division multiplexing equipment 180 sends out encrypted sensitive traffic data and classical negotiation data It send to the second data processing equipment 190 (MSAP/MSTP platform), the second data processing equipment 190 is by encrypted sensitive traffic Data are sent in the classic network of operator, and classical negotiation data is transmitted to the second quantum key distribution equipment 170.
On the basis of previous embodiment, present applicant is it has furthermore been found that after about classical business datum, encryption Classical business datum and classical negotiation data be all via router 140, that is to say, that the classical business number of unencryption According to, converged in router 140 jointly through the encrypted classical business datum of quantum cryptography equipment 120 and classical negotiation data, And these data are not isolated in router 140.And if multiple signals need on router 140 carry out every From the configuration change then now netted to enterprise is larger, leads to security of system energy, stability decline, does not meet financial industry peace Full specification.
In view of this, the telecommunication transmission system 200 this application provides another kind based on quantum wavelength-division multiplex, to existing net Network framework changes in lesser situation, effectively by classical business datum and classical negotiation data physically and logically carry out every From as shown in figure 5, system includes: the first quantum key distribution equipment 210, quantum cryptography equipment 220, firewall 230, routing Device 240, the first data processing equipment 250 and the first quantum wavelength division multiplexing equipment 260.
Wherein, the first quantum key distribution equipment 210 respectively with firewall 230, the first data processing equipment 250 and first Quantum wavelength division multiplexing equipment 260 connects, and is mainly used for distributing quantum signal, receive and dispatch classical negotiation data and negotiating production quantity Sub-key.The first quantum key distribution equipment 210 in the application can be specially quantum gateway.
Specifically in the application, the quantum key that the first quantum key distribution equipment 210 is used to generate is through firewall 230 It is sent to quantum cryptography equipment 220, classical negotiation data is sent directly to the first data processing equipment 250, by quantum signal The first quantum wavelength division multiplexing equipment 260 is sent to by quantum channel.
The classical negotiation data that the application generates the first quantum key distribution equipment 210 no longer couple in router 240, and It is to be directly connected in the first data processing equipment 250 (MSAP/MSTP platform), is used on the first data processing equipment 250 Data isolation means, because the extended capability of the first data processing equipment 250 is strong, security management and control grade is relative to the system core Lower grade for router 240, and the influence to existing net is minimum, and thus the application can be realized changes to existing network framework In lesser situation, effectively trust in enterprise area is isolated with external non-trust area, this ensures that sensitive traffic number According to the independence and safety when with other control class signal coupling multiplexings, effectively solve to be based on quantum wavelength-division in the prior art The problem of security domain separation existing for the telecommunication transmission system of multiplexing.
Router 240 is connected with quantum cryptography equipment 220 and the first data processing equipment 250 respectively, for receiving classics The classical business datum is simultaneously drained into quantum cryptography equipment 220 by business datum, and is received quantum cryptography equipment 220 and returned Encrypted classical business datum, and the encrypted classical business datum is sent to the first data processing equipment 250.
In the application, sensitive traffic data that the classical business datum that router 240 receives as needs to encrypt.
Quantum cryptography equipment 220 is connected with router 240 and firewall 230 respectively, for receiving the first quantum key point The quantum key filtered via the firewall 230 that equipment 210 is sent is sent out, and using the quantum key to the warp Allusion quotation business datum is encrypted, and encrypted classical business datum is back to the router 240.Quantum cryptography in the application Equipment 220 can be specially quantum VPN.
Particularly, the application is additionally arranged fire prevention between the first quantum key distribution equipment 210 and quantum cryptography equipment 220 Wall 230, the firewall 230 are used between the first quantum key distribution equipment 210 and quantum cryptography equipment 220 by first The quantum key that quantum key distribution equipment 210 is sent to quantum cryptography equipment 220 is filtered isolation.
Quantum communications wavelength-division multiplex technique is applied at financial field, in order to meet Financial Information " Gao Baomi ", " Gao An Entirely ", the requirement of " highly reliable " property, using the technological means that internal trusted domain and external non-trust area are isolated.It is connecting Trust in enterprise area, external non-trust area the first quantum key distribution equipment 210 and quantum cryptography equipment 220 between, add one Firewall 230 is isolated with this internal external network, thus effectively further by trust in enterprise area and external non-trust area It is isolated, and further ensures independence and safety of the sensitive traffic data when with other control class signal coupling multiplexings Property, effectively solve the problems, such as security domain separation existing for the telecommunication transmission system in the prior art based on quantum wavelength-division multiplex.
First data processing equipment 250 and router 240, the first quantum key distribution equipment 210 and the first quantum wavelength-division Multiplexing equipment 260 is connected, and for the encrypted classical business datum that receiving router 240 is sent, receives the first quantum The classical negotiation data that cipher key distribution system 210 is sent, and will the encrypted classics business datum and the warp Allusion quotation negotiation data is sent to the first quantum wavelength division multiplexing equipment 260.
Based in this application, the first data processing equipment 250 can be described encrypted by what is received from router 240 After classical business datum, the classical negotiation data received from the first quantum key distribution equipment 210 carry out data isolation, It retransmits to the first quantum wavelength division multiplexing equipment 260.
The first data processing equipment 250 is to the encrypted classical business datum, the classical negotiation number in the application According to carrying out, data isolation includes but are not limited to vlan technology, different data flows stamps the data isolations sides such as different labels Formula.This ensures that independence and safety of the sensitive traffic data when with other control class signal coupling multiplexings.
In the application, the first data processing equipment 250 is used for the access and transmission of network, is chosen as multi-service transport platform Equipment (MSTP) or Multi-Service Access Device (MSAP).
First quantum wavelength division multiplexing equipment 260 is set with the first data processing equipment 250 and the first quantum key distribution respectively Standby 210 are connected, for by the encrypted classical business datum received from the first data processing equipment 250 and the warp Allusion quotation negotiation data is transmitted to number after carrying out multiplex from the quantum signal that the first quantum key distribution equipment 210 receives According to receiving end.
In telecommunication transmission system 200 provided by the present application based on quantum wavelength-division multiplex, the first quantum key distribution equipment Quantum key is sent to quantum cryptography equipment 220 after the filtering of firewall 230 by 210, and classical negotiation data is directly transmitted The first quantum wavelength division multiplexing equipment is sent to by quantum channel to the first data processing equipment 250, and by quantum signal 260.Router 240 drains into the classical business datum received in quantum cryptography equipment 220,220 benefit of quantum cryptography equipment The quantum key sent with the first quantum key distribution equipment 210 encrypts the classical business datum.Subsequent router 240 receive the encrypted classical business datum that quantum cryptography equipment 220 returns.Further, router 240 adds what is received Classical business datum after close is sent to the first data processing equipment 250, the classics that the first data processing equipment 250 will receive After negotiation data and encrypted classical business datum carry out data isolation, it is sent to the first quantum wavelength division multiplexing equipment 260.
Finally, by the first quantum wavelength division multiplexing equipment 260 by encrypted sensitive traffic data, classical negotiation data and amount Sub-channel data multiplex is coupled into an optical fiber and passes to data receiver.
In telecommunication transmission system 200 provided by the present application based on quantum wavelength-division multiplex, not only by close in the first quantum Between key discharge device 210 and quantum cryptography equipment 220, setting one is for the first quantum key distribution equipment 210 to be sent to The quantum key of quantum cryptography equipment 220 is filtered the firewall 230 of isolation, and controls the first quantum key distribution equipment Classical negotiation data is directly sent to the first data processing equipment 250 by 210, will be received by the first data processing equipment 250 Classical negotiation data and after encrypted classical business datum carries out data isolation, retransmit to the first quantum wavelength-division multiplex and set Standby 260, the application is realized in the case where changing very little to existing network framework, and using firewall 230, (firewall needs The ability for having parsing quantum optical signal) isolation of completing Intranet trusted domain and outer net non-trust area, and at the first data The isolation for completing Intranet trusted domain and outer net non-trust area in equipment 250 using data isolation means is managed, is efficiently solved existing The problem of security domain separation existing for telecommunication transmission system based on quantum wavelength-division multiplex in technology, meet wanting for financial supervision It asks.In addition, the telecommunication transmission system structure novel provided by the present application based on quantum wavelength-division multiplex, economical and practical, have higher Market value and wide applicability.
In order to further described in more detail to the telecommunication transmission system provided by the present application based on quantum wavelength-division multiplex, Applicant further carries out the data receiver in the telecommunication transmission system 200 provided by the present application based on quantum wavelength-division multiplex It is described in detail, as shown in fig. 6, the data receiver may include: the second quantum key distribution equipment 270, the second quantum wave Divide multiplexing equipment 280 and the second data processing equipment 290.Specifically in this application:
Second quantum wavelength division multiplexing equipment 280 is connect with the first quantum wavelength division multiplexing equipment 260, for receiving and parsing through The data of one quantum wavelength division multiplexing equipment 260 output obtain the encrypted classical business datum, the classical negotiation data With the quantum signal.
Specifically in this application, lead between the first quantum wavelength division multiplexing equipment 260 and the second quantum wavelength division multiplexing equipment 280 Cross optical fiber connection.
Second data processing equipment 290 is set with the second quantum wavelength division multiplexing equipment 280 and the second quantum key distribution respectively Standby 270 connection, for receiving the encrypted classics business datum of the second quantum wavelength division multiplexing equipment 280 transmission and described Classical negotiation data, and negotiate by the encrypted classical business data transmission to carrier network, and by the classics Data are transmitted to the second quantum key distribution equipment 270.
In the application, the second data processing equipment 290 is chosen as multi-service transport platform equipment (MSTP) or multi-service Access device (MSAP).Sensitive traffic data (i.e. classical business datum) in the application are sent to by MSAP/MSTP platform In the classic network of operator.
Second quantum key distribution equipment 270 is set with the second quantum wavelength division multiplexing equipment 280 and the second data processing respectively Standby 290 connection, for receiving the quantum signal of the second quantum wavelength division multiplexing equipment 280 transmission, and the second data of reception The classical negotiation data that processing equipment 290 is sent, and quantum letter is interacted with the first quantum key distribution equipment 210 Number, negotiate to generate quantum key.The second quantum key distribution equipment 270 can be specially quantum gateway in the application.
The operational process general summary of telecommunication transmission system 200 provided by the present application based on quantum wavelength-division multiplex is as follows:
270 dispensed amount sub-light signal of first quantum key distribution equipment 210 and the second quantum key distribution equipment negotiates life At quantum key.
Quantum key is sent to quantum cryptography after the filtering of firewall 230 and set by the first quantum key distribution equipment 210 Standby 220, while classical negotiation data is transmitted directly to the first data processing equipment by the first quantum key distribution equipment 210 250 (MSAP/MSTP platforms)
Sensitive business datum (i.e. classical business datum) via router 240 drain into quantum cryptography equipment 220 into Row encryption, after then encrypted classical business datum returns to router 240, router 240 is sent it at the first data Manage equipment 250.
First data processing equipment 250 counts the encrypted sensitive traffic data received and classical negotiation data After isolation, it is sent to the first quantum wavelength division multiplexing equipment 260.
First quantum wavelength division multiplexing equipment 260 is by encrypted sensitive traffic data, classical negotiation data, quantum channel number An optical fiber, which is coupled into, according to multiplex passes to the second quantum wavelength division multiplexing equipment 280.
After second quantum wavelength division multiplexing equipment 280 receives coupled signal, the coupled signal is demultiplexed, after obtaining encryption Sensitive traffic data, classical negotiation data and quantum channel data.
Further, the second quantum wavelength division multiplexing equipment 280 sends out encrypted sensitive traffic data and classical negotiation data It send to the second data processing equipment 290 (MSAP/MSTP platform), the second data processing equipment 290 is by encrypted sensitive traffic Data are sent in the classic network of operator, and classical negotiation data is transmitted to the second quantum key distribution equipment 270.
A kind of telecommunication transmission system based on quantum wavelength-division multiplex provided herein is described in detail above, Specific examples are used herein to illustrate the principle and implementation manner of the present application, and the explanation of above embodiments is only used The present processes and its core concept are understood in help;At the same time, for those skilled in the art, according to the application's Thought, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not be construed as Limitation to the application.

Claims (10)

1. a kind of telecommunication transmission system based on quantum wavelength-division multiplex characterized by comprising
It is connected with router, the first quantum wavelength division multiplexing equipment and firewall, the quantum key for that will generate is through the fire prevention Wall is sent to quantum cryptography equipment, and classical negotiation data is sent to the router, and quantum signal is sent out by quantum channel It send to the first quantum key distribution equipment of the first quantum wavelength division multiplexing equipment;
It is connected with the first quantum key distribution equipment, the quantum cryptography equipment and the first data processing equipment, for connecing It receives classical business datum and the classical business datum is drained into the quantum cryptography equipment, receive the quantum cryptography equipment The encrypted classical business datum returned, receives the classical negotiation data that the first quantum key distribution equipment is sent, with And the classical negotiation data, the encrypted classical business datum are sent to the routing of first data processing equipment Device;
It is connected with the router and the firewall, for receiving that the first quantum key distribution equipment sends via institute The quantum key of firewall is stated, and the classical business datum is encrypted using the quantum key, after encryption Classical business datum be back to the quantum cryptography equipment of the router;
Between the first quantum key distribution equipment and the quantum cryptography equipment, it is used for first quantum key The quantum key that discharge device is sent to the quantum cryptography equipment is filtered the firewall of isolation;
It is connected with the router and the first quantum wavelength division multiplexing equipment, adds described in the router transmission for receiving Classical business datum and the classical negotiation data after close, and the encrypted classical business datum and the classics are assisted Quotient data is sent to the first data processing equipment of the first quantum wavelength division multiplexing equipment;
It is connected with first data processing equipment and the first quantum key distribution equipment, being used for will be from first data The encrypted classical business datum and the classical negotiation data that processing equipment receives, with close from first quantum After the quantum signal that key discharge device receives carries out multiplex, the first quantum wavelength-division multiplex for being transmitted to data receiver is set It is standby.
2. system according to claim 1, which is characterized in that the data receiver includes:
It is connect with the first quantum wavelength division multiplexing equipment, for receiving and parsing through the first quantum wavelength division multiplexing equipment output Data, obtain the second quantum of the encrypted classical business datum, the classical negotiation data and the quantum signal Wavelength division multiplexing equipment;
It is connect with the second quantum wavelength division multiplexing equipment and the second quantum key distribution equipment, for receiving second quantum The encrypted classical business datum and the classical negotiation data that wavelength division multiplexing equipment is sent, and will be described encrypted Classical business data transmission is transmitted to the of the second quantum key distribution equipment to carrier network, by the classical negotiation data Two data processing equipments;
It is connect with the second quantum wavelength division multiplexing equipment and second data processing equipment, for receiving second quantum The quantum signal that wavelength division multiplexing equipment is sent, and receive the classical negotiation that second data processing equipment is sent Data, and quantum signal is interacted with the first quantum key distribution equipment, negotiate the second amount for generating quantum key Quantum key distribution equipment.
3. system according to claim 2, which is characterized in that the first quantum wavelength division multiplexing equipment and second amount Sub- wavelength division multiplexing equipment is connected by optical fiber.
4. system according to claim 1-3, which is characterized in that first data processing equipment includes more industry Business access device or multi-service transport platform equipment.
5. according to the described in any item systems of claim 2-3, which is characterized in that second data processing equipment includes more industry Business access device or multi-service transport platform equipment.
6. a kind of telecommunication transmission system based on quantum wavelength-division multiplex characterized by comprising
It is connected with the first quantum wavelength division multiplexing equipment, firewall and the first data processing equipment, the quantum key for will generate It is sent to quantum cryptography equipment through the firewall, classical negotiation data is sent to first data processing equipment, will be measured Subsignal is sent to the first quantum key distribution equipment of the first quantum wavelength division multiplexing equipment by quantum channel;
It is connected with the quantum cryptography equipment and first data processing equipment, for receiving classical business datum and will be described Classical business datum drains into the quantum cryptography equipment, receives the encrypted classical business that the quantum cryptography equipment returns Data, and the encrypted classical business datum is sent to the router of first data processing equipment;
It is connected with the router and the firewall, for receiving that the first quantum key distribution equipment sends via institute The quantum key of firewall is stated, and the classical business datum is encrypted using the quantum key, after encryption Classical business datum be back to the quantum cryptography equipment of the router;
Between the first quantum key distribution equipment and the quantum cryptography equipment, it is used for first quantum key The quantum key that discharge device is sent to the quantum cryptography equipment is filtered the firewall of isolation;
It is connected with the router, the first quantum key distribution equipment and the first quantum wavelength division multiplexing equipment, is used for The encrypted classical business datum that the router is sent is received, the first quantum key distribution equipment is received and sends The classical negotiation data, and will the encrypted classical business datum and the classical negotiation data progress data every From rear, it is sent to the first data processing equipment of the first quantum wavelength division multiplexing equipment;
It is connected with first data processing equipment and the first quantum key distribution equipment, being used for will be from first data The encrypted classical business datum and the classical negotiation data that processing equipment receives, with close from first quantum After the quantum signal that key discharge device receives carries out multiplex, the first quantum wavelength-division multiplex for being transmitted to data receiver is set It is standby.
7. system according to claim 6, which is characterized in that the data receiver includes:
It is connect with the first quantum wavelength division multiplexing equipment, for receiving and parsing through the first quantum wavelength division multiplexing equipment output Data, obtain the second quantum of the encrypted classical business datum, the classical negotiation data and the quantum signal Wavelength division multiplexing equipment;
It is connect with the second quantum wavelength division multiplexing equipment and the second quantum key distribution equipment, for receiving second quantum The encrypted classical business datum and the classical negotiation data that wavelength division multiplexing equipment is sent, and will be described encrypted Classical business data transmission is transmitted to the of the second quantum key distribution equipment to carrier network, by the classical negotiation data Two data processing equipments;
It is connect with the second quantum wavelength division multiplexing equipment and second data processing equipment, for receiving second quantum The quantum signal that wavelength division multiplexing equipment is sent, and receive the classical negotiation that second data processing equipment is sent Data, and quantum signal is interacted with the first quantum key distribution equipment, negotiate the second amount for generating quantum key Quantum key distribution equipment.
8. system according to claim 7, which is characterized in that the first quantum wavelength division multiplexing equipment and second amount Sub- wavelength division multiplexing equipment is connected by optical fiber.
9. according to the described in any item systems of claim 6-8, which is characterized in that first data processing equipment includes more industry Business access device or multi-service transport platform equipment.
10. according to the described in any item systems of claim 7-8, which is characterized in that second data processing equipment includes more Service access equipment or multi-service transport platform equipment.
CN201821391835.4U 2018-08-28 2018-08-28 A kind of telecommunication transmission system based on quantum wavelength-division multiplex Withdrawn - After Issue CN208638376U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201821391835.4U CN208638376U (en) 2018-08-28 2018-08-28 A kind of telecommunication transmission system based on quantum wavelength-division multiplex

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201821391835.4U CN208638376U (en) 2018-08-28 2018-08-28 A kind of telecommunication transmission system based on quantum wavelength-division multiplex

Publications (1)

Publication Number Publication Date
CN208638376U true CN208638376U (en) 2019-03-22

Family

ID=65742906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201821391835.4U Withdrawn - After Issue CN208638376U (en) 2018-08-28 2018-08-28 A kind of telecommunication transmission system based on quantum wavelength-division multiplex

Country Status (1)

Country Link
CN (1) CN208638376U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138449A (en) * 2019-05-15 2019-08-16 重庆电子工程职业学院 A kind of vehicle electronics communication system based on fiber optic communication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138449A (en) * 2019-05-15 2019-08-16 重庆电子工程职业学院 A kind of vehicle electronics communication system based on fiber optic communication

Similar Documents

Publication Publication Date Title
Cao et al. The evolution of quantum key distribution networks: On the road to the qinternet
CN108881313A (en) A kind of telecommunication transmission system based on quantum wavelength-division multiplex
CN109302288B (en) Quantum secret communication network system based on quantum key distribution technology and application thereof
EP3243295B1 (en) Quantum key distribution system, method and apparatus based on trusted relay
US20190174308A1 (en) Architecture for Reconfigurable Quantum Key Distribution Networks Based on Entangled Photons Directed by a Wavelength Selective Switch
Cao et al. KaaS: Key as a service over quantum key distribution integrated optical networks
JP5366108B2 (en) Passive optical network security enhancement based on optical network terminator management control interface
US7305551B2 (en) Method of transmitting security data in an ethernet passive optical network system
Cao et al. Hybrid trusted/untrusted relay-based quantum key distribution over optical backbone networks
CN109194477B (en) Access node device for quantum secret communication network system and communication network system comprising the same
US20050175183A1 (en) Method and architecture for secure transmission of data within optical switched networks
CN106850204A (en) Quantum key distribution method and system
CN106878006B (en) Quantum key channel transmission method and system based on Optical Time Division Multiplexing
JP2022549047A (en) Quantum encryption key distribution method, device and system
CN111277404A (en) Method for realizing quantum communication service block chain
CN109121026A (en) Realize the method and system of VOLT in a kind of logic-based port
Huang et al. Realizing a downstream-access network using continuous-variable quantum key distribution
CN208589994U (en) A kind of telecommunication transmission system based on quantum wavelength-division multiplex
CN208638376U (en) A kind of telecommunication transmission system based on quantum wavelength-division multiplex
Chung et al. Architectural and engineering issues for building an optical Internet
Hajduczenia et al. On EPON security issues
CN101282177B (en) Data transmission method and terminal
CN115473729B (en) Data transmission method, gateway, SDN controller and storage medium
KR100594023B1 (en) Method of encryption for gigabit ethernet passive optical network
CN206820762U (en) A kind of quantum signal and the device of classical signals multiplexing fiber-optic transmission

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant
AV01 Patent right actively abandoned
AV01 Patent right actively abandoned
AV01 Patent right actively abandoned

Granted publication date: 20190322

Effective date of abandoning: 20230901

AV01 Patent right actively abandoned

Granted publication date: 20190322

Effective date of abandoning: 20230901