CN212519015U - Local area network quantum communication center and system accessed to quantum secure communication network - Google Patents
Local area network quantum communication center and system accessed to quantum secure communication network Download PDFInfo
- Publication number
- CN212519015U CN212519015U CN202021702867.9U CN202021702867U CN212519015U CN 212519015 U CN212519015 U CN 212519015U CN 202021702867 U CN202021702867 U CN 202021702867U CN 212519015 U CN212519015 U CN 212519015U
- Authority
- CN
- China
- Prior art keywords
- quantum
- module
- communication
- network
- communication center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The utility model discloses an access quantum secret communication network's LAN quantum communication center and system, quantum communication center includes central processing unit and the secret communication network access module of quantum that is connected with central processing unit respectively, biological authentication module, quantum random number generation module and key pool storage module, communication system includes quantum secret communication network and locates the quantum communication center in the LAN, quantum communication center is connected through the key fob that quantum communication center was awarded to the user in the LAN, the secret communication network of quantum is connected at rethread quantum communication center. In the utility model, the secret key pool issued by the quantum secret communication network exists in the quantum communication center, so that the safety of the secret key pool is improved; the quantum communication center is positioned in the local area network, so that the possibility of biological information leakage of the user is reduced; the quantum communication center simultaneously provides the identity authentication function of the user and the access function of the quantum secret communication network, and the number of key fobs held by the user is reduced.
Description
Technical Field
The utility model relates to a secret communication field of quantum especially relates to a local area network quantum communication center and system of accessing secret communication network of quantum.
Background
The trend of economic globalization has been overwhelmed, with billions of information flowing out over the internet, just as humans build a virtualized world in storage devices, concentrating privacy and knowledge. The information has intangible value as the resources in the real world.
At present, except that hackers and the like may steal your information, existing message communication manufacturers can check your communication information at any time. Therefore, for an individual or an organization to ensure that own information is not stolen, the security of own information can be ensured only by holding the key in the own hand. The traditional encryption mode mainly depends on an asymmetric cryptosystem. The asymmetric cryptosystem has the advantages that the process of key agreement between two parties is not needed, and the cost is reduced. But the advent of quantum computers made most of the asymmetric cryptographic algorithms nowadays overwhelming.
Also emerging with quantum computers are quantum communications. The Quantum Key Distribution (QKD) technique guarantees a quantum physical rationale that keys can be distributed unconditionally and securely over a public channel, guaranteeing in principle that they must be discovered once there is eavesdropping. Once a key is successfully established between two communicating parties, the set of keys is secure, and the key with absolute randomness cannot be cracked in principle.
The quantum key distribution is to realize large-scale, cross-region, safe and efficient key distribution and management by using a trusted relay technology, a classical network communication technology, a network management technology and the like, and realize safe and efficient key sharing among 2 quantum secret communication terminals in different regions. The quantum communication network utilizes a quantum key distribution technology to realize a safe and efficient key sharing network among 2 quantum secret communication terminals; the classical network, i.e. the traditional data communication network, realizes data transmission between devices.
However, quantum key distribution devices are relatively expensive, very uneconomical for individuals or small organizations, and are not affordable. Although quantum communication networks can be accessed by means of quantum key card systems or the like, keys are still held by operators in such a manner.
The invention patent with application number 201310464744.4 discloses a quantum key distribution terminal and a system, wherein an optical transceiver and an electronics board card in the quantum key distribution system are organically integrated into a whole through an electronics backboard, so that the quantum key distribution terminal with compact structure and high integration level is provided, uniform test, maintenance and management of each component in the quantum key distribution system can be realized, the integration and termination of the key distribution system are realized, the same quantum key distribution terminal can be used for flexible networking, and the quantum key distribution system with the scale of point-to-point, local area network or metropolitan area network is built. However, the invention lacks identity authentication for the user and the quantum key distribution terminal, and increases security risk.
The invention patent with application number 201810796965.4 discloses a quantum fusion communication gateway, which is designed for providing a gateway with fast networking and high data transmission safety, and comprises: the local area network networking unit receives an access request of an access gateway of the Internet of things equipment; the main control unit is used for receiving instruction data output by each terminal in a local area network and a wide area network and correspondingly controlling the Internet of things equipment in the local area network according to the instruction data; a quantum encryption unit that performs quantum encryption processing on data output to the wide area network; and the wide area network access unit is used for selecting the WiFi communication module or the gprs communication module according to the instruction of the main control unit so as to realize data interaction between the local area network and the wide area network.
The problems existing in the prior art are as follows:
1. in the prior art, the access mode of the quantum secure communication network is key fob access, a quantum random number key pool issued by the quantum secure communication network, a quantum key distribution key pool or an asymmetric key pool are stored in the key fob, all users need to go to an appointed issuing place to issue and cancel the key fob, and the flow is fixed and inconvenient; because the number of users is large, and some key pools issued by the quantum secret communication network are group type key pools, accidents such as the group type key pools are exposed and the like can be caused after some users lose key cards, and the security of the group type key pools is not high;
2. in the prior art, a quantum secure communication network generally does not provide a biometric authentication function, because biometric authentication increases the management burden, storage burden and communication burden of the quantum secure communication network on one hand, and on the other hand, because the biometric authentication service of the quantum secure communication network is located in a wide area network with higher security risk, the possibility of user biological information leakage is increased;
3. in the prior art, part of enterprises and public institutions already issue key fobs to users, the unique identity authentication function of the enterprises and public institutions runs inside the key fobs, and in addition, the key fobs issued by the quantum secret communication network are added, so that the users can use 2 key fobs simultaneously, the use is inconvenient, the user experience is poor, and the management workload is large.
SUMMERY OF THE UTILITY MODEL
The technical purpose is as follows: to the problem that exists among the prior art, the utility model discloses an access quantum secret communication network's LAN quantum communication center and system has improved the security in group type key pool, has reduced the possibility that user's biological information leaks, has reduced the key fob quantity that the user held, has reduced the storage capacity that the key fob needs.
The technical scheme is as follows: the utility model adopts the following technical scheme: a local area network quantum communication center accessed to a quantum secret communication network is characterized in that the quantum communication center comprises a central processing unit arranged in the quantum communication center, and a quantum secret communication network access module, a biological authentication module, a quantum random number generation module and a key pool storage module which are respectively connected with the central processing unit; wherein the content of the first and second substances,
the quantum secret communication network access module is used for performing identity authentication on the quantum communication center and accessing the quantum communication center to the quantum secret communication network;
the biological authentication module is used for storing biological information of a user connected with the quantum communication center and authenticating the identity of the user by using the biological information;
the quantum random number generation module is used for providing true random numbers for the quantum communication center;
the key pool storage module is used for storing a symmetric key pool of a user connected with the quantum communication center;
the central processing unit is used for calling the quantum secret communication network access module, the biological authentication module, the quantum random number generation module and the key pool storage module.
Preferably, the quantum secret communication network access module comprises a secret key storage module, an algorithm implementation module and an identity authentication module which are connected in sequence, and the identity authentication module is connected with the central processing unit;
the key storage module is used for storing a symmetric key pool generated by a key management server in the quantum secret communication network;
the algorithm realization module is used for providing algorithm support for the quantum communication center to access the quantum secret communication network;
the identity authentication module is used for performing identity authentication on a quantum communication center of the quantum secret communication network access module.
Preferably, the biological authentication module comprises a biological authentication acquisition module, a biological authentication database and an authentication algorithm module, the biological authentication acquisition module and the biological authentication database are respectively connected with the authentication algorithm module, and the authentication algorithm module is connected with the central processing unit;
the biological authentication acquisition module is used for acquiring biological information of a user connected with the quantum communication center;
the biological authentication database is used for storing biological information of a user connected with the quantum communication center;
and the authentication algorithm module is used for performing biological authentication on the user connected with the quantum communication center.
Preferably, the quantum communication center further stores authentication information of the user other than the biometric information, and authenticates the user using the authentication information.
Preferably, the quantum communication center further comprises a random access memory, a storage module, a network communication module and a peripheral interface module which are respectively connected with the central processing unit, and the central processing unit is used for calling the random access memory, the storage module, the network communication module and the peripheral interface module.
A quantum communication system of a local area network accessed to a quantum secret communication network is characterized by comprising the quantum secret communication network and a quantum communication center arranged in the local area network, wherein a secret key management server in the quantum secret communication network issues a secret key for the quantum communication center; and the user in the local area network is connected with the quantum communication center, the quantum communication center is connected with the network switching equipment, and the network switching equipment is connected with the access site of the quantum secret communication network.
Preferably, the quantum communication center provides encrypted communication for users in the local area network and services for accessing the quantum secure communication network, so that secure communication between the users in the local area network and target nodes in the quantum secure communication network is realized.
Preferably, the quantum communication center stores a symmetric key pool of a user in a key fob issued by the user in the local area network, the key fob stores a program including a cryptographic algorithm, and the user in the local area network is connected to the quantum communication center through the key fob to realize message encryption and decryption, message authentication and identity authentication.
Preferably, the quantum communication center has a network switching device, and the network switching device is connected with the quantum secure communication network.
Has the advantages that: the utility model discloses following beneficial effect has:
1. in the utility model, a quantum communication center is deployed in the LAN, the center issues and logs off the key fob for all users in the LAN, the users do not need to go to the appointed issuing place to issue and log off the key fob, the quantum communication center of each LAN can determine the issuing and logging off rules of the LAN, and the flow is flexible and convenient; because the group type key pool issued by the quantum secret communication network only exists in the quantum communication center, and the center is generally fixed equipment and is strictly managed, accidents such as the group type key pool is not easily exposed, and the like, and the safety of the group type key pool is improved;
2. the utility model discloses in, provide biological authentication function by the quantum communication center in the LAN, compensatied the secret communication network of quantum and not provided the defect of biological authentication function, improved the access security of secret communication network of quantum, and do not increase the secret communication network of quantum's management burden, storage burden, communication burden, in addition because the quantum communication center is located safe relatively controllable LAN, consequently also do not increase the possibility that user's biological information leaked;
3. in the utility model, the unique identity authentication function of the enterprise and public institution and the access function of the quantum secret communication network are provided by the quantum communication center in the local area network, and because 2 functions are integrated, the user only needs to use 1 key fob, which is consistent with the original use mode, the use is convenient, the user experience is good, and the management workload is small;
4. the utility model discloses in, need not the great quantum random number key pool of memory capacity, quantum key distribution key pool or asymmetric key pool in the user's key fob, only need to store a small amount of keys can, consequently greatly reduced the memory hardware cost of key fob to greatly reduced the cost that the user inserts quantum secret communication network.
Drawings
Fig. 1 is a schematic diagram of a functional module of a quantum communication center of the local area network of the present invention;
FIG. 2 is a functional block diagram of an access module of a quantum secure communication network;
fig. 3 is a functional block diagram of a biometric authentication module;
fig. 4 is a schematic diagram of a topology of a quantum secure communication network for implementing a user connection quantum of a lan by a lan quantum communication center.
Detailed Description
The invention will be further elucidated with reference to the drawings and the specific embodiments.
The utility model relates to an access secret communication network's of quantum LAN quantum communication center and system, this LAN quantum communication center deploys in the LAN, and the network switching equipment through the LAN realizes being connected with the secret communication network's of quantum access website, and the access website can be quantum communication service station. The quantum communication center provides encrypted communication for users in the local area network and services for accessing the quantum secret communication network.
As shown in fig. 1, the quantum communication center mainly includes a quantum secure communication network access module, a quantum random number generation module, a key pool storage module, a biometric authentication module, and other basic function modules. The other basic function modules comprise a CPU, an RAM, a storage module, a network communication module, a peripheral interface module and the like, and the network communication module is connected with the network switching equipment. In fig. 1, a CPU is connected to each module to realize resource calling for each functional module. As shown in fig. 2, the quantum secure communication network access module mainly comprises a key storage module, an algorithm implementation module, and an identity authentication module. As shown in fig. 3, the biometric authentication module includes a biometric authentication acquisition module, a biometric authentication database, and an authentication algorithm module.
The quantum secret communication network access module is a pluggable module. The built-in key storage module stores a symmetric key pool, and the symmetric key pool cannot be derived. The symmetric key pool is generated for a key management server in the quantum secure communication network. The issuance of the symmetric key pool is completed when the quantum secret communication network access module leaves a factory. The built-in algorithm implementation module provides corresponding algorithm support for the quantum communication center to access the quantum secret communication network. The quantum secure communication network access module called by the local area network quantum communication center needs to pass the identity authentication of the identity authentication module, because the quantum secure communication network access module is a pluggable module, the identity security of the used equipment needs to be ensured, and the access to the quantum secure communication network can be realized by the internal algorithm of the quantum secure communication network access module after the authentication is successful.
The quantum random number generation module provides quantum random numbers for the local area network quantum communication center, and unpredictability and quantity of the generated random numbers are guaranteed.
The key pool storage module is used for storing a symmetric key pool of users in the local area network. The issuance of the key fob by the lan quantum communication center creates a pool of symmetric keys that are stored in the key fob and a copy is stored in the key pool storage module.
The biological authentication module carries out biological authentication on an administrator, determines the identity of a person operating the local area network quantum communication center, and distributes reasonable operation authority. Meanwhile, the biological information of the user in the local area network can be stored, the biological authentication of the user can be increased when the identity of the user in the local area network is authenticated, and the accuracy of the identity authentication of the user is improved.
The working principle of the utility model is as follows:
as shown in fig. 4, a user in the lan is provided with a key fob issued by the lan quantum communication center, and the key fob stores a symmetric key pool and also implements a corresponding cryptographic algorithm. The local area network user communicates with the quantum communication center of the local area network to realize the encryption and decryption of the message and the message authentication through the key fob.
1. The local area network user is firstly connected with the local area network quantum communication center through the local key fob, and after mutual identity authentication is carried out between the local area network user and the local area network quantum communication center, the other party is determined to be a legal identity. The identity authentication can be provided with biological authentication information encrypted by using a sub-secret key, and also can be provided with unique identity authentication information in a user local area network, the unique identity authentication information is determined according to a special identity authentication mode in the local area network, the storage mode of the identity authentication information can be but not limited to a user key card, and in the aspect of a quantum communication center, the place where the identity authentication information is stored is determined according to the grade of the identity authentication information, and the identity authentication information is mainly stored in a storage module of the quantum communication center.
2. The local area network user initiates a request for connecting a certain node in the quantum secret communication network to the local area network quantum communication center.
3. The local area network quantum communication center is connected to the quantum secret communication network in a legal identity through the quantum secret communication network access module. And the local area network quantum communication center realizes authentication with the target node through a quantum secret communication network.
The local area network quantum communication center is used as a relay to realize mutual authentication and session key issuance for the local area network user and the target node, so that the secret communication between the local area network user and the target node is realized.
Claims (9)
1. A local area network quantum communication center accessed to a quantum secret communication network is characterized in that the quantum communication center comprises a central processing unit arranged in the quantum communication center, and a quantum secret communication network access module, a biological authentication module, a quantum random number generation module and a key pool storage module which are respectively connected with the central processing unit; wherein the content of the first and second substances,
the quantum secret communication network access module is used for performing identity authentication on the quantum communication center and accessing the quantum communication center to the quantum secret communication network;
the biological authentication module is used for storing biological information of a user connected with the quantum communication center and authenticating the identity of the user by using the biological information;
the quantum random number generation module is used for providing true random numbers for the quantum communication center;
the key pool storage module is used for storing a symmetric key pool of a user connected with the quantum communication center;
the central processing unit is used for calling the quantum secret communication network access module, the biological authentication module, the quantum random number generation module and the key pool storage module.
2. The local area network quantum communication center accessed to the quantum secure communication network as claimed in claim 1, wherein the quantum secure communication network access module comprises a key storage module, an algorithm implementation module and an identity authentication module which are connected in sequence, and the identity authentication module is connected with the central processing unit;
the key storage module is used for storing a symmetric key pool generated by a key management server in the quantum secret communication network;
the algorithm realization module is used for providing algorithm support for the quantum communication center to access the quantum secret communication network;
the identity authentication module is used for performing identity authentication on a quantum communication center of the quantum secret communication network access module.
3. The local area network quantum communication center accessed to the quantum secret communication network as claimed in claim 1, wherein the biometric authentication module comprises a biometric authentication acquisition module, a biometric authentication database and an authentication algorithm module, the biometric authentication acquisition module and the biometric authentication database are respectively connected with the authentication algorithm module, and the authentication algorithm module is connected with the central processing unit;
the biological authentication acquisition module is used for acquiring biological information of a user connected with the quantum communication center;
the biological authentication database is used for storing biological information of a user connected with the quantum communication center;
and the authentication algorithm module is used for performing biological authentication on the user connected with the quantum communication center.
4. The quantum communication center of claim 1, wherein the quantum communication center further stores authentication information of the user, except biometric information, and authenticates the user by using the authentication information.
5. The quantum communication center of claim 1, further comprising a random access memory, a storage module, a network communication module, and a peripheral interface module, respectively connected to the central processor, wherein the central processor is configured to invoke the random access memory, the storage module, the network communication module, and the peripheral interface module.
6. A quantum communication system of a local area network accessed to a quantum secret communication network is characterized by comprising the quantum secret communication network and a quantum communication center arranged in the local area network, wherein a secret key management server in the quantum secret communication network issues a secret key for the quantum communication center; and the user in the local area network is connected with the quantum communication center, the quantum communication center is connected with the network switching equipment, and the network switching equipment is connected with the access site of the quantum secret communication network.
7. The quantum communication system of claim 6, wherein the quantum communication center provides encrypted communication for users in the LAN and services for accessing the quantum secure communication network, thereby enabling secure communication between users in the LAN and target nodes in the quantum secure communication network.
8. The quantum communication system of claim 6, wherein the quantum communication center stores a symmetric key pool of a user in a key fob issued by the user in the local area network, and the key fob stores a program comprising a cryptographic algorithm, and the user in the local area network connects to the quantum communication center through the key fob to implement message encryption/decryption, message authentication, and identity authentication.
9. The quantum communication system of claim 6, wherein the quantum communication center comprises a network communication module, and the network communication module is connected to the network switching device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202021702867.9U CN212519015U (en) | 2020-08-17 | 2020-08-17 | Local area network quantum communication center and system accessed to quantum secure communication network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202021702867.9U CN212519015U (en) | 2020-08-17 | 2020-08-17 | Local area network quantum communication center and system accessed to quantum secure communication network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN212519015U true CN212519015U (en) | 2021-02-09 |
Family
ID=74384931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202021702867.9U Active CN212519015U (en) | 2020-08-17 | 2020-08-17 | Local area network quantum communication center and system accessed to quantum secure communication network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN212519015U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114337848A (en) * | 2022-01-10 | 2022-04-12 | 南京中科齐信科技有限公司 | Quantum cryptography secure application service system and method |
-
2020
- 2020-08-17 CN CN202021702867.9U patent/CN212519015U/en active Active
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114337848A (en) * | 2022-01-10 | 2022-04-12 | 南京中科齐信科技有限公司 | Quantum cryptography secure application service system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105376216B (en) | A kind of remote access method, proxy server and client | |
| CN101414909B (en) | System, method and mobile communication terminal for verifying network application user identification | |
| CN109787761B (en) | Equipment authentication and key distribution system and method based on physical unclonable function | |
| CN110572265B (en) | Terminal security access gateway method, device and system based on quantum communication | |
| CN101405759A (en) | Method and apparatus for user centric private data management | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN107948156A (en) | The closed key management method and system of a kind of identity-based | |
| CN106105090A (en) | Session is utilized to share automated log on and publish session | |
| CN108881309A (en) | Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform | |
| CN112668028B (en) | Intelligent data quick encryption transmission system based on block chain | |
| CN111917543B (en) | User access cloud platform security access authentication system and application method thereof | |
| CN110224816A (en) | Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number | |
| CN212519015U (en) | Local area network quantum communication center and system accessed to quantum secure communication network | |
| CN107786978A (en) | NFC Verification Systems based on quantum cryptography | |
| CN111368271A (en) | Method and system for realizing password management based on multiple encryption | |
| KR100273776B1 (en) | Integrated authentication system | |
| EP1530343B1 (en) | Method and system for creating authentication stacks in communication networks | |
| CN115834033A (en) | Dynamic password authentication system based on quantum key | |
| CN108600266A (en) | A kind of statement filtering authentication method and Verification System | |
| CN213279684U (en) | Quantum secret communication user side and quantum secret communication system | |
| CN213817802U (en) | Quantum-resistant computing local area network communication center system accessed to quantum secret communication network | |
| CN101848228B (en) | Method and system for authenticating computer terminal server ISP identity by using SIM cards | |
| Yasin et al. | Enhancing anti-phishing by a robust multi-level authentication technique (EARMAT). | |
| Kim et al. | Certificate sharing system for secure certificate distribution in mobile environment | |
| Fugkeaw et al. | Multi-Application Authentication based on Multi-Agent System. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |