CN212413174U - Quantum key distribution management device and distribution system based on post-quantum cryptography and block chains - Google Patents
Quantum key distribution management device and distribution system based on post-quantum cryptography and block chains Download PDFInfo
- Publication number
- CN212413174U CN212413174U CN202021143179.3U CN202021143179U CN212413174U CN 212413174 U CN212413174 U CN 212413174U CN 202021143179 U CN202021143179 U CN 202021143179U CN 212413174 U CN212413174 U CN 212413174U
- Authority
- CN
- China
- Prior art keywords
- management device
- key distribution
- quantum key
- quantum
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The utility model discloses a quantum key distribution management device and distribution system based on back quantum cryptography and block chain, quantum key distribution system include the management device that has the administrator qualification of a plurality of quantum key distribution sites, each quantum key distribution site of communication connection, each quantum key distribution site set up close range communication connection's quantum key distribution device with quantum key distribution management device, quantum key distribution management device include management device cryptographic module, management device management module and management device networking module, and quantum key distribution management device is used for carrying out direct management to quantum key distribution device, and the management device that has the administrator qualification is responsible for the other flows to the initial authentication key's of quantum key distribution equipment in pairs procedure and quantum key distribution equipment. The utility model discloses can realize QKD network distribution's management and control, improve the managerial efficiency of quantum key distribution and network management system's security performance.
Description
Technical Field
The utility model relates to a quantum secret communication field especially relates to a quantum key distribution management device and distribution system based on back quantum cryptography.
Background
The Quantum Key Distribution (QKD) technique guarantees quantum physics rationale, can unconditionally and safely distribute keys over a public channel, and guarantees that the keys are inevitably discovered once eavesdropping exists in principle. Once the keys are successfully established between the two communicating parties, the set of keys is secure, and the keys with absolute randomness cannot be cracked in principle. The quantum key distribution is to realize large-scale, cross-region, safe and efficient key distribution and management by using a trusted relay technology, a classical network communication technology, a network management technology and the like, and realize safe and efficient key sharing among 2 quantum secret communication terminals in different regions. The quantum communication network utilizes a quantum key distribution technology to realize a safe and efficient key sharing network among 2 quantum secret communication terminals; the classical network, i.e. the traditional data communication network, realizes data transmission between devices.
Except that quantum key distribution technology can effectively resist quantum computation, most of the existing public key cryptographic algorithms (RSA, Diffie-Hellman, elliptic curve and the like) can be broken through by a sufficiently large and stable quantum computer. Therefore, the post-quantum cryptography algorithm comes along with the production. The post-quantum cryptography algorithm, the expression in English is: "Post-quat Cryptographic (PQC)", or "Quantum-Resistant Cryptographic". At present, the National Institute of Standards and Technology (NIST) is making a new generation of cryptographic standards, which is the post-quantum cryptographic standard. The NIST PQC standard collection work was formally initiated in 2016. NIST focuses mainly on the following syndrome set of class 3 post-quantum cryptography algorithms: encryption, key exchange, digital signature. Following the primary screening, NIST published 69 "complete and fit" protocols. Among the 69 candidate drafts, the post-quantum cryptography algorithm mainly comprises the following 4 mathematical methods: 1. hash-based; 2. code-based; 3. multivariate-based (multivariable-based); 4. lattice-based (Lattice-based). The problems of the prior art are as follows:
1. the current QKD network is cumbersome to network, one of which appears as: after networking, manually issuing a pair of secret symmetric keys to any two connected QKD devices as initial authentication keys of the QKD devices; the quantity of pairwise relations of the QKD equipment is huge, so that the workload of manually issuing the authentication key is also huge; each time of adding 1 new pairwise relationship, 1 time of manual issuance is needed, and the efficiency is low; the key issuing needs the responsibility of a specially-assigned person, is realized through a special transportation mode, and has higher cost;
2. the management of the current QKD equipment is limited to the management in a machine room local area network; if the administrator is not in the machine room, the administrator is difficult to realize safe and reliable remote management due to the lack of a sufficiently safe remote management mechanism and equipment;
3. the management and monitoring of the current network are all performed by a centralized network management server in a unified way, and the anti-destruction capability is not strong.
SUMMERY OF THE UTILITY MODEL
The technical purpose is as follows: to the technical problem, the utility model provides a quantum key distribution management device and distribution system based on back quantum cryptography and block chain, its combination through back quantum cryptography and special management device has realized the issue of the initial authentication key between the QKD equipment, through the flow that carries out the authentication key and generate, can accomplish the issue work of authentication key, has improved the security and the efficiency of key distribution management, can realize the safe and reliable remote management of QKD equipment simultaneously.
The technical scheme is as follows: in order to achieve the technical purpose, the utility model adopts the following technical scheme:
a quantum key distribution management device based on post-quantum cryptography and blockchains is characterized in that: comprises a management device password module, a management device management module and a management device networking module, wherein,
the management device password module comprises a common password module and a safety password module, wherein the common password module stores a post-quantum password public key and a post-quantum password digital certificate, the safety password module stores a post-quantum private key of the safety password module, management device equipment information with administrator qualification and PIN code information and performs cryptography calculation, and the management device password module is used for performing identity safety authentication on a quantum key distribution management device with administrator qualification and performing PIN code authentication on login equipment;
the management device management module is used for receiving and sending a management command;
and the management device networking module is used for accessing a communication network.
Preferably, a geographic position judgment module is arranged in the management module of the management device and is used for positioning the position of the quantum key distribution management device.
Preferably, the management device networking module includes a blockchain communication module, configured to implement transceiving of messages of the quantum key distribution management device through a blockchain network.
A quantum key distribution system, characterized by: the system comprises a plurality of quantum key distribution sites and a management device with administrator qualification, wherein the management device is in communication connection with each quantum key distribution site, each quantum key distribution site is provided with a quantum key distribution device and a quantum key distribution management device which are in close range communication connection, and the quantum key distribution management device is used for directly managing the quantum key distribution devices;
the management device with the administrator qualification comprises a management device password module and a management device networking module, and quantum key distribution management is carried out through the management device networking module.
Preferably, the quantum key distribution management device is configured to directly manage the quantum key distribution device, and includes importing an initial authentication key, importing and exporting configuration data, collecting device parameters, and submitting the device problem to a management device with administrator qualification.
Preferably, the quantum key distribution device is provided with an expansion interface connected with a quantum key distribution management device.
Preferably, the quantum key distribution management performed by the management device with administrator qualification includes an issuing process of an initial authentication key to the paired quantum key distribution equipment and a process of receiving a report message of the quantum key distribution device.
Preferably, the communication network comprises a classical communication network and a quantum communication network.
The technical effects are as follows: due to the adoption of the technical scheme, the utility model discloses following technological effect has:
1. the utility model realizes the issuance of the initial authentication key between the QKD devices by the combination of the post-quantum cryptography and the special management device, and the workload of issuing the authentication key is greatly reduced; each time 1 pairwise relation is newly added, only one authentication key generation process needs to be executed, and the efficiency is greatly improved; the cost of manpower and material resources required by a large amount of key issuance is saved, and the cost is low;
2. the utility model discloses a combination of back quantum cryptography and special management device, can carry out functions such as the collection of equipment information, the warning of equipment problem submits to quantum key distribution device through quantum key distribution management device, realized the safe and reliable remote management of QKD equipment;
3. the utility model discloses a block chain and special management device's combination has realized the management and the control of QKD network distribution formula, and the management device that has administrator's qualification includes management device cryptographic module, management device networking module and block chain communication module, and block chain communication module through management device networking module carries out quantum key distribution management, has removed the not strong network management server of survivability from for network management system's survivability obtains improving.
Drawings
Fig. 1 is a quantum communication service station based on post-quantum cryptography and block chaining according to an embodiment of the present invention;
fig. 2 is a quantum key distribution management apparatus according to an embodiment of the present invention.
Detailed Description
The invention will be further elucidated with reference to the drawings and the specific embodiments.
The utility model discloses a quantum key distribution management device based on back quantum cryptography and block chain, the quantum key distribution management device based on back quantum cryptography and block chain realize promptly.
As shown in fig. 1, a quantum key distribution management apparatus, a quantum key distribution apparatus (QKD device) and a classical communication network based on post-quantum cryptography and blockchains are connected. The classical communication network also comprises a management device with administrator qualification, the device belongs to one of quantum key distribution management devices, and the device comprises partial modules of the quantum key distribution management device, wherein the partial modules comprise a management device password module and a management device networking module. The management device with the administrator qualification is used for being connected to the equipment side of the administrator. The quantum key distribution management device and the quantum key distribution device are connected through an expansion interface of the quantum key distribution device. As shown in fig. 2, the quantum key distribution management device is mainly composed of a management device cryptographic module, a management device management module, and a management device networking module. The quantum key distribution management device is connected to the quantum key distribution device by near field communication, and the former can set device parameters, such as the authentication key introduction of the quantum key distribution device, the setting of administrator information and legal location information corresponding to an administrator, and the legal location information corresponding to the distribution device, to the latter by using the near field communication. In addition, the quantum key distribution management device can perform functions of collecting equipment information and submitting alarm of equipment problems on the quantum key distribution device.
The management device management module manages configuration items of the quantum key distribution device and transmits and receives management commands; the management device management module is internally provided with a geographic position judgment module which can position the equipment.
The management module of the management device is connected with the operation console through an input/output interface, and the operation console is a touch screen and the like; the management commands may be issued by an operator console.
The quantum key distribution management device can realize the import of the initial authentication key of the quantum key distribution equipment, the import and export of configuration data, the acquisition of equipment parameters and the like through the near field communication input and output interface.
The management device password module is divided into a common password module and a safety password module, the common password module stores a post-quantum public key and a post-quantum digital certificate of the quantum key distribution management device, and the safety password module (such as a safety chip) stores a self post-quantum private key, management device equipment information of all administrator qualifications and PIN code information and is responsible for cryptography calculation; the security password module contains all administrator qualification management device equipment information and PIN code authentication modules, and performs identity security authentication on the administrator qualification quantum key distribution management device and performs PIN code authentication on login equipment.
The management device networking module comprises a block chain communication module, and the management device realizes the receiving and sending of messages through block chain communication. The management device networking module is responsible for quantum key distribution management processes, including an issuing process of an initial authentication key of paired quantum key distribution equipment and other remote management processes of the quantum key distribution equipment.
The working principle of the utility model is as follows:
the issuing of the initial authentication key of the quantum key distribution equipment is realized by submitting the transaction issued by the initial authentication key through a blockchain network protocol by a management device with the qualification of an administrator. Setting a quantum key distribution management device of a quantum communication service station A as MA, a digital certificate of the quantum key distribution management device as CERTMA, quantum key distribution equipment as QA and a digital certificate of the quantum key distribution management device as CERTQA; setting a quantum key distribution management device of a quantum communication service station B as MB, a digital certificate of which is CERTMB, quantum key distribution equipment of which is QB, and a digital certificate of which is CERTQB; the management device with administrator qualification is set as the MC, and the digital certificate thereof is CERTMC. The management device with administrator qualification is located at different positions with the quantum communication service station A and the quantum communication service station B. The digital certificate contains the ID of the device, the legitimate location, and the signature of the CA.
The management means MC with administrator qualification generate a transaction Tx with the contents of: QA | | QB | | encym (AK, KAK) | | ENC (KAK, PKMA) | | ENC (KAK, PKMB). Wherein AK is an issued initial authentication key, KAK is a symmetric key between MC and MA, MB, ENCSYM (m, k) represents a ciphertext obtained by encrypting m by a symmetric encryption algorithm using key k, ENC (m, k) represents a ciphertext obtained by encrypting m by a post-quantum encryption algorithm using key k, PKMA is a public key of the quantum key distribution management apparatus MA, and PKMB is a public key of the quantum key distribution management apparatus MB. Meanwhile, the management device with administrator qualification signs the transaction content for the MC by using the private key SKMC of the management device, and sends the signature to the block chain network together with the transaction Tx.
The quantum key distribution management device MA and the quantum key distribution management device MB decrypt ENC (KAK, PKMA) and ENC (KAK, PKMB) in the transaction content by using their own private keys SKMA and SKMB according to QA and QB in the transaction content to obtain a symmetric key KAK, and decrypt ENCSYM (AK, KAK) by using the symmetric key to obtain an initial authentication key AK. The quantum key distribution management device MA imports the initial authentication key AK into the local quantum key distribution equipment QA; the quantum key distribution management apparatus MB imports the initial authentication key AK into the local quantum key distribution device QB.
The process of the quantum key distribution management device for performing remote management may refer to the initial authentication key issuance process of the quantum key distribution device described above.
And the information report of the quantum key distribution equipment is submitted to one or more management devices with administrator qualification by the corresponding quantum key distribution management device. Setting a quantum key distribution management device of a quantum communication service station A as MA, a digital certificate of the quantum key distribution management device as CERTMA, quantum key distribution equipment as QA and a digital certificate of the quantum key distribution management device as CERTQA; the management device with administrator qualification is MC1/MC2/… …/MCn.
The quantum key distribution management device MA generates a transaction Tx, the transaction contents of which are: QA | | ENCSYM (MSG, KMSG) | ENC (KMSG, PKMC1) | ENC (KMSG, PKMC2) | | … … | | ENC (KMSG, PKMCn). The MSG is the message content reported by the quantum key distribution device QA, the KMSG is the symmetric key, the PKMC1 is the public key of the quantum key distribution management device MC1, and so on. Meanwhile, the quantum key distribution management device MA signs the transaction content by using a private key SKMA of the quantum key distribution management device MA, and sends the signature to the block chain network together with the transaction Tx.
The management devices MC1/MC2/… …/MCn with administrator qualification respectively use the private keys thereof to decrypt DATA to obtain the report message MSG of QA.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only represent some embodiments of the present invention, and the description thereof is specific and detailed, but not to be construed as limiting the scope of the present invention. It should be noted that, for those skilled in the art, without departing from the spirit of the present invention, several variations and modifications can be made, which are within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the appended claims.
Claims (7)
1. A quantum key distribution management device based on post-quantum cryptography and blockchains is characterized in that: comprises a management device password module, a management device management module and a management device networking module, wherein,
the management device password module comprises a common password module and a safety password module, wherein the common password module stores a post-quantum password public key and a post-quantum password digital certificate, the safety password module stores a post-quantum private key of the safety password module, management device equipment information with administrator qualification and PIN code information and performs cryptography calculation, and the management device password module is used for performing identity safety authentication on a quantum key distribution management device with administrator qualification and performing PIN code authentication on login equipment;
the management device management module is used for receiving and sending a management command;
the management device networking module is used for accessing a communication network;
the management device networking module comprises a blockchain communication module and is used for realizing the receiving and sending of the messages of the quantum key distribution management device through a blockchain network.
2. The quantum key distribution management device of claim 1, wherein: and a geographic position judgment module is arranged in the management module of the management device and is used for positioning the position of the quantum key distribution management device.
3. A quantum key distribution system, characterized by: the system comprises a plurality of quantum key distribution sites and a management device with administrator qualification, wherein the management device is in communication connection with each quantum key distribution site, each quantum key distribution site is provided with a quantum key distribution device and a quantum key distribution management device which are in close range communication connection, and the quantum key distribution management device is used for directly managing the quantum key distribution devices;
the management device with the administrator qualification comprises a management device password module and a management device networking module, and quantum key distribution management is carried out through the management device networking module.
4. A quantum key distribution system according to claim 3, wherein: the quantum key distribution management device is used for directly managing the quantum key distribution device, and comprises the steps of importing an initial authentication key, importing and exporting configuration data, acquiring equipment parameters, and submitting equipment problems to the management device with administrator qualification.
5. A quantum key distribution system according to claim 3, wherein: the quantum key distribution device is provided with an expansion interface connected with the quantum key distribution management device.
6. A quantum key distribution system according to claim 3, wherein: the quantum key distribution management performed by the management device with administrator qualification comprises an issuing process of an initial authentication key of paired quantum key distribution equipment and a process of receiving a report message of the quantum key distribution device.
7. A quantum key distribution system according to claim 3, wherein: the management device networking module is used for accessing a communication network, and the communication network comprises a classical communication network and a quantum communication network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202021143179.3U CN212413174U (en) | 2020-06-19 | 2020-06-19 | Quantum key distribution management device and distribution system based on post-quantum cryptography and block chains |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202021143179.3U CN212413174U (en) | 2020-06-19 | 2020-06-19 | Quantum key distribution management device and distribution system based on post-quantum cryptography and block chains |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN212413174U true CN212413174U (en) | 2021-01-26 |
Family
ID=74407643
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202021143179.3U Active CN212413174U (en) | 2020-06-19 | 2020-06-19 | Quantum key distribution management device and distribution system based on post-quantum cryptography and block chains |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN212413174U (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113890732A (en) * | 2021-10-14 | 2022-01-04 | 成都信息工程大学 | Block chain-based secret communication method and tracing method of security event thereof |
| CN114124377A (en) * | 2021-11-19 | 2022-03-01 | 中国联合网络通信集团有限公司 | Quantum key transmission method, device, system and storage medium |
| CN114531238A (en) * | 2022-04-24 | 2022-05-24 | 中电信量子科技有限公司 | Secret key safe filling method and system based on quantum secret key distribution |
| CN114785504A (en) * | 2022-06-17 | 2022-07-22 | 国开启科量子技术(北京)有限公司 | Quantum communication system network topology structure, quantum key distribution method and system |
-
2020
- 2020-06-19 CN CN202021143179.3U patent/CN212413174U/en active Active
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113890732A (en) * | 2021-10-14 | 2022-01-04 | 成都信息工程大学 | Block chain-based secret communication method and tracing method of security event thereof |
| CN113890732B (en) * | 2021-10-14 | 2022-10-14 | 成都信息工程大学 | Block chain-based secret communication method and security event tracing method thereof |
| CN114124377A (en) * | 2021-11-19 | 2022-03-01 | 中国联合网络通信集团有限公司 | Quantum key transmission method, device, system and storage medium |
| CN114124377B (en) * | 2021-11-19 | 2023-05-16 | 中国联合网络通信集团有限公司 | Quantum key transmission method, device, system and storage medium |
| CN114531238A (en) * | 2022-04-24 | 2022-05-24 | 中电信量子科技有限公司 | Secret key safe filling method and system based on quantum secret key distribution |
| CN114785504A (en) * | 2022-06-17 | 2022-07-22 | 国开启科量子技术(北京)有限公司 | Quantum communication system network topology structure, quantum key distribution method and system |
| CN114785504B (en) * | 2022-06-17 | 2022-09-30 | 国开启科量子技术(北京)有限公司 | Quantum communication system network topology structure, quantum key distribution method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN212413174U (en) | Quantum key distribution management device and distribution system based on post-quantum cryptography and block chains | |
| CN103475464B (en) | A kind of power special quantum encryption gateway system | |
| CN110247765B (en) | Quantum secret data chain communication system | |
| CN101599188B (en) | IPA security certification-based access control system | |
| CN112152817B (en) | Quantum key distribution method and system for authentication based on post-quantum cryptography algorithm | |
| CN109787761B (en) | Equipment authentication and key distribution system and method based on physical unclonable function | |
| CN104660605A (en) | Multi-factor identity authentication method and system | |
| CN101540669A (en) | Method for distributing keys and protecting information for wireless mobile communication network | |
| CN113746632B (en) | Multi-level identity authentication method for Internet of things system | |
| CN109243020A (en) | A kind of smart lock identity identifying method based on no certificate | |
| CN112804356B (en) | Block chain-based networking equipment supervision authentication method and system | |
| CN102239661B (en) | Method and device for exchanging key | |
| CN110401530A (en) | A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium | |
| CN204180095U (en) | A kind of ciphering and deciphering device for network data encryption transmission | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| Zhang et al. | A secure revocable fine-grained access control and data sharing scheme for SCADA in IIoT systems | |
| CN211063620U (en) | Quantum key distribution site and system based on post-quantum cryptography | |
| CN103825725B (en) | A kind of efficient random physical layer key generation method based on vector quantization | |
| CN109067550A (en) | Two-way authentication system and mutual authentication method based on CPK tagged keys | |
| CN112073182B (en) | Quantum key management method and system based on block chain | |
| CN101431409B (en) | Method for implementing secret communication in different wireless local area network | |
| CN112039654A (en) | Electric meter data security acquisition method for resisting man-in-the-middle attack | |
| CN218336048U (en) | Secret key management dynamic route generation network architecture for quantum communication | |
| Jin et al. | Secure data collection in constrained tree-based smart grid environments | |
| CN216391430U (en) | Power distribution automation terminal access control system with quantum encryption function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |