WO2023151427A1 - 量子密钥传输方法、装置及系统 - Google Patents

量子密钥传输方法、装置及系统 Download PDF

Info

Publication number
WO2023151427A1
WO2023151427A1 PCT/CN2023/070073 CN2023070073W WO2023151427A1 WO 2023151427 A1 WO2023151427 A1 WO 2023151427A1 CN 2023070073 W CN2023070073 W CN 2023070073W WO 2023151427 A1 WO2023151427 A1 WO 2023151427A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
quantum
application device
message
registration
Prior art date
Application number
PCT/CN2023/070073
Other languages
English (en)
French (fr)
Inventor
谢天元
李民
张慧
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN202210187877.0A external-priority patent/CN116633530A/zh
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2023151427A1 publication Critical patent/WO2023151427A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present application relates to the field of network technology, in particular to a quantum key transmission method, device and system.
  • Quantum attack is an attack algorithm running on a quantum computer, which can crack widely used public key cryptography algorithms such as RSA (rivest-shamir-adleman) algorithm and elliptic curve cryptography (ECC) algorithm.
  • Quantum computers are expected to be achievable within the next few decades. If the eavesdropper saves the data transmitted through the network after being encrypted with the current encryption algorithm, and waits until the quantum computer is realized, and then cracks the encryption algorithm used by the stored data through a quantum attack, the decrypted plaintext data can be obtained. This is a huge threat to confidential information that needs to be preserved for a long time. Therefore, it is imperative to design cryptographic techniques that can resist quantum attacks.
  • Quantum key distribution (quantum key distribution, QKD) is a secure key distribution technology, which can realize the secure transmission of keys between two distant communication terminals.
  • the security of quantum key distribution is guaranteed by the basic principles of quantum mechanics. Therefore, in a quantum network, the transmission of quantum keys is theoretically unconditionally safe.
  • the present application provides a quantum key transmission method, device and system, which can realize the secure transmission of quantum keys in a classical network.
  • a quantum key transmission method is provided.
  • the application device sends a key request message to the sub-device.
  • the key request message includes the user identifier corresponding to the application device, the first public key, and the value of the first message authentication code.
  • the user ID is used by the quantum device to obtain corresponding storage information.
  • the stored information includes a shared key corresponding to the quantum device and the user ID.
  • the first public key is used by the quantum device to encrypt quantum key information distributed to the application device.
  • the quantum key information includes a quantum key.
  • the first public key is the public key in the key pair obtained by the application device running the quantum key generation algorithm.
  • the value of the first message authentication code is obtained by the application device by calculating the first authentication information based on the shared key.
  • the first authentication information includes a first public key.
  • the application device receives the key response message corresponding to the key request message from the quantum device.
  • the key response message includes the first ciphertext and the second message authentication code value.
  • the application device verifies the second message authentication code value based on the shared key and the second authentication information.
  • the second authentication information includes the first ciphertext. If the application device passes the verification of the second message authentication code value, the application device uses the first private key to decrypt the first ciphertext to obtain quantum key information.
  • the first private key is a private key in the key pair.
  • the user ID is used to indicate the service object.
  • the service object is the application device or the user account that logs in to the application device. If the key response message received by the application device is confirmed to be from the quantum device and has not been tampered with, the first ciphertext is obtained by encrypting the quantum key information by the quantum device using the first public key.
  • the second message authentication code is obtained by computing the second authentication information based on the shared key by the quantum device.
  • the second authentication information includes the first ciphertext.
  • the quantum device Since the first public key used by the quantum device to encrypt the quantum key information is obtained by the post-quantum key generation algorithm after the application device runs, the quantum device will use the post-quantum encryption algorithm to encrypt the quantum key and send it to the application in the form of ciphertext.
  • the device transmits the quantum key, which ensures the confidentiality of the quantum key transmission.
  • the transmitted ciphertext is encrypted by the post-quantum encryption algorithm, it can resist quantum attacks and avoid the leakage of the quantum key caused by the ciphertext being cracked by the quantum computer.
  • the first message authentication code value can be used by the quantum device to authenticate the application device (that is, to verify the source reliability of the key request message), and can also be used by the quantum device to verify the message integrity of the key request message.
  • the second message authentication code value can be used by the application device to authenticate the quantum device (that is, to verify the source reliability of the key response message), and can also be used by the application device to verify the message integrity of the key response message. Therefore, in this application, two-way identity authentication can be performed between the application device and the quantum device, and message integrity verification can be performed on the received messages respectively, while also ensuring the transmission confidentiality of the quantum key. Then the security and reliability of the quantum key transmission in the classical network are realized. In addition, the process of requesting the quantum key from the application device to the quantum device only needs one round of message interaction to complete the transmission of the quantum key and the identity authentication of both parties, and the interaction process is simple.
  • the user ID corresponding to the application device is the device ID of the application device.
  • the shared key corresponding to the quantum device and the user ID is a shared key between the quantum device and the application device.
  • the user ID corresponding to the application device is a user account logged into the application device.
  • the shared key corresponding to the quantum device and the user ID is a shared key between the quantum device and the user account.
  • the key request message further includes a first statistical value.
  • the application device obtains the historical sending times of the key request message including the user identifier.
  • the application device adds a set incremental value to the historical sending times to obtain the first statistical value.
  • the quantum device side is assisted in realizing replay attack detection.
  • the key response message further includes a second statistical value.
  • the second statistical value is the number of sending times of the key request message including the user identification recorded by the quantum device. After the application device receives the key response message corresponding to the key request message, if the second statistical value is not equal to the first statistical value, the application device stops the quantum key transmission process.
  • the recorded number of times the key request message is sent should be equal to the number of key request message sent recorded by the application device. If the statistical value carried in the key response message is not equal to the statistical value recorded by the application device, it means that the key response message may be sent repeatedly by the attacker, that is, the key response message may be repeated. Replay attack packets are replayed, which realizes replay attack detection on the application device side. Optionally, if the statistical value carried in the key response message is not equal to the statistical value recorded by the application device, the application device will also output an alarm prompt, which is used to indicate that the key request is abnormal this time, which helps relevant personnel Handle abnormal situations in a timely manner.
  • an alarm prompt which is used to indicate that the key request is abnormal this time, which helps relevant personnel Handle abnormal situations in a timely manner.
  • the first authentication information further includes one or more of a device identifier, a user identifier, or a first statistical value of the quantum device.
  • a device identifier e.g., a Wi-Fi Protected Access (WPA)
  • a user identifier e.g., a Wi-Fi Protected Access (WPA)
  • a first statistical value of the quantum device e.g., a Wi-Fi Protected Access 2
  • the application device uses a key derivation function to generate a derived key based on the target password, and the shared key is obtained based on the derived key.
  • the derived key is used instead of the target password to obtain the shared key, so that when the application device and the quantum device synchronize the shared key, the application device only needs to send the derived key obtained based on the target password to the quantum device. Even if the derived key is stolen during transmission or stored in the quantum device, the thief cannot restore the target password used by the service object, thereby preventing the thief from impersonating the service object to request the quantum key from the quantum device.
  • the application device before the application device sends a key request message to the sub-device, in response to obtaining the input quantum key acquisition instruction, the application device runs the quantum key generation algorithm to generate a key pair, and the quantum key acquisition instruction includes target password.
  • the application device calculates the first authentication information based on the shared key to obtain a first message authentication code value.
  • the application device whenever the application device obtains the quantum key acquisition instruction, it will run the post-quantum key generation algorithm to generate a temporary key pair, so that every time the application device requests a quantum key, the quantum device will use the temporary key pair generated by the application device.
  • Public-key encryption protects the quantum key information, rather than encrypting the quantum key information with the private key of the quantum device. In this way, even if the long-term private key used by the quantum device itself is leaked, it will not cause the leakage of the quantum key information transmitted between the quantum device and the application device in the previous communication process. The security of the quantum key obtained by the application device in history is guaranteed, thereby ensuring the security of the historical communication of the application device.
  • the application device sends the registration request message to the sub-device.
  • the application device receives a registration response message corresponding to the registration request message from the quantum device.
  • the registration response message includes the certificate of the quantum device, and the certificate includes the second public key. If the application device passes the verification of the certificate, the application device uses the second public key to encrypt the registration information to obtain a second ciphertext, and the registration information includes the derived key and the user identifier.
  • the application device sends a registration message to the sub-device.
  • the registration message includes the second ciphertext.
  • the identity authentication of the quantum device depends on the certificate, and the identity authentication of the application device depends on the derived key based on the password.
  • the application device and the quantum device realize mutual identity authentication.
  • the registration information is transmitted encrypted, which ensures the confidentiality of the transmission of the registration information.
  • the registration request message indicates the encryption algorithm supported by the application device.
  • the registration response message also indicates the target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device.
  • the target cryptographic algorithm includes one or more of a first message authentication code value generation algorithm, a second message authentication code value generation algorithm, or a shared secret key generation algorithm.
  • the registration response message also includes key derivation function parameter values.
  • Key derivation function parameter values include a random salt value and/or number of iterations.
  • the registration message also includes the device identifier of the application device.
  • the registration information also includes a hash of the device identity of the application device.
  • the quantum device side is assisted in realizing the information sent from the application device to the sub-device. Message integrity verification of the message.
  • the registration information further includes a first random number generated by the application device.
  • the application device receives the registration success response message from the quantum device.
  • the registration success response message is used to indicate that the user ID has been successfully registered.
  • the registration success response message includes the second random number. If the second random number is the same as the first random number, the application device determines that the registration of the user ID is successful.
  • the application device can verify the message integrity of the message from the quantum device.
  • an implementation manner in which the application device verifies the second message authentication code value based on the shared key and the second authentication information includes: the application device calculates the third message authentication code value based on the shared key and the second authentication information. If the third message authentication code value is the same as the second message authentication code value, the application device determines that the verification of the second message authentication code value passes.
  • the above-mentioned application device communicates with the quantum device through a classical network.
  • a quantum key transmission method receives the key request message from the application device.
  • the key request message includes the user identifier corresponding to the application device, the first public key, and the value of the first message authentication code.
  • the quantum device acquires first authentication information and storage information corresponding to the user identifier based on the key request message.
  • the stored information includes a shared key corresponding to the quantum device and the user ID.
  • the first authentication information includes a first public key.
  • the quantum device verifies the value of the first message authentication code based on the shared key and the first authentication information. If the quantum device passes the verification of the value of the first message authentication code, the quantum device uses the first public key to encrypt the quantum key information to obtain the first ciphertext.
  • the quantum key information includes a quantum key.
  • the quantum device calculates the second authentication information based on the shared key to obtain a second message authentication code value.
  • the second authentication information includes the first ciphertext.
  • the quantum device sends a key response message corresponding to the key request message to the application device, where the key response message includes the first ciphertext and the second message authentication code value.
  • the user ID is used to indicate the service object.
  • the service object is the application device or the user account that logs in to the application device. If the key request message received by the quantum device is confirmed to be from the application device and has not been tampered with, the first public key is the public key in the key pair obtained after the application device runs the quantum key generation algorithm.
  • the first message authentication code is obtained by the application device by calculating the first authentication information based on the shared key.
  • the user identifier corresponding to the application device is a device identifier of the application device.
  • the user identifier corresponding to the application device is a user account for logging in to the application device.
  • the key request message further includes a first statistical value.
  • the first statistical value is the number of times the key request message including the user identifier is sent recorded by the application device.
  • the stored information corresponding to the user identifier includes a second statistical value.
  • the second statistical value is the number of sending times of the key request message including the user identification recorded by the quantum device.
  • the recorded number of times the key request message is sent should be less than the number of key request message sent recorded by the application device. If the first statistical value carried in the key request message is less than or equal to the second statistical value stored by the quantum device, it means that the key request message may be repeatedly sent by the attacker, that is, the key request message
  • the text may be a replay attack message, which realizes the replay attack detection on the quantum device side.
  • the quantum device also outputs an alarm prompt, which is used to indicate that the current key request is abnormal, which helps relevant personnel to deal with the abnormal situation in a timely manner.
  • the key response message further includes the updated second statistical value.
  • the application device side is assisted in realizing replay attack detection.
  • the second authentication information further includes one or more of a device identifier of the quantum device, a user identifier, or an updated second statistical value.
  • the quantum device receives the registration request message from the application device.
  • the quantum device sends a registration response message to the application device.
  • the registration response message includes the certificate of the quantum device.
  • the certificate includes a second public key.
  • the second public key is the public key in the key pair obtained by the quantum key generation algorithm after the quantum device runs. If the quantum device receives a registration message including the second ciphertext from the application device, the quantum device uses the second private key to decrypt the second ciphertext to obtain the registration information.
  • the registration information includes a derived key and a user identifier corresponding to the application device.
  • the second private key is a private key in the key pair.
  • the quantum device stores the storage information corresponding to the user ID.
  • the stored information includes a shared key obtained based on the derived key and a user ID.
  • the application device since the second public key used by the application device to encrypt the registration information is obtained by the quantum key generation algorithm after the quantum device runs, the application device will use the post-quantum encryption algorithm to encrypt the registration information and send it to Quantum devices transmit registration information, ensuring the confidentiality of registration information transmission.
  • the second ciphertext is obtained by encrypting with a post-quantum encryption algorithm, it can resist quantum attacks and prevent the second ciphertext from being deciphered by a quantum computer to cause leakage of registration information.
  • the registration request message indicates the encryption algorithm supported by the application device.
  • the registration response message also indicates the target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device.
  • the target cryptographic algorithm includes one or more of a first message authentication code value generation algorithm, a second message authentication code value generation algorithm, or a shared secret key generation algorithm.
  • the registration response message further includes a parameter value of the first key derivation function.
  • the first key derivation function parameter value includes a random salt value and/or a number of iterations.
  • the registration information also includes a second key derivation function parameter value.
  • the quantum device uses the second private key to decrypt the second ciphertext to obtain the registration information, the quantum device compares the first key derivation function parameter value with the second key derivation function parameter value. If the parameter value of the first key derivation function is the same as the parameter value of the second key derivation function, the quantum device stores storage information corresponding to the user identifier.
  • the first key derivation function parameter value carried by the application device in the registration message comes from the first key derivation function parameter value in the registration response message received by the application device
  • the first key derivation function parameter value It should be the same as the parameter value of the second key derivation function.
  • the quantum device receives the registration message, it finds that the parameter value of the second key derivation function carried in the registration message from the application device is different from the parameter value of the first key derivation function carried in the registration response message sent by the quantum device If the values are different, it means that the registration message and/or registration response message has been tampered with during transmission.
  • the message integrity verification of the two-way transmission message between the quantum device and the application device can be realized.
  • the registration message also includes the device identifier of the application device.
  • the registration information also includes a first hash value of the device identification of the application device.
  • the quantum device uses the second private key to decrypt the second ciphertext to obtain the registration information, the quantum device calculates a second hash value of the device identification of the application device. The quantum device compares the first hash value with the second hash value. If the first hash value is the same as the second hash value, the quantum device stores storage information corresponding to the user identifier.
  • the first hash value carried in the registration message received by the quantum device is different from the second hash value calculated by the quantum device, it means that the registration message has been tampered with during transmission.
  • the message integrity verification of the message sent from the application device to the quantum device can be realized.
  • the registration information also includes a random number generated by the application device.
  • the quantum device After the quantum device stores the stored information corresponding to the user identifier, the quantum device sends a registration success response message to the application device.
  • the registration success response message is used to indicate that the user ID has been successfully registered.
  • the registration success response message includes the random number.
  • the auxiliary application device realizes the message integrity verification of the message from the quantum device.
  • an implementation manner in which the quantum device verifies the first message authentication code value based on the shared key and the first authentication information includes: calculating the fourth message authentication code value by the quantum device on the first authentication information based on the shared key. If the value of the fourth message authentication code is the same as the value of the first message authentication code, the quantum device determines that the verification of the first message authentication code value passes.
  • the application device communicates with the quantum device through a classical network.
  • an application device in a third aspect, includes multiple functional modules, and the multiple functional modules interact to implement the methods in the above first aspect and various implementation manners thereof.
  • the multiple functional modules can be implemented based on software, hardware or a combination of software and hardware, and the multiple functional modules can be combined or divided arbitrarily based on specific implementations.
  • a quantum device in a fourth aspect, includes a plurality of functional modules, and the plurality of functional modules interact to implement the methods in the above-mentioned second aspect and various implementation manners thereof.
  • the multiple functional modules can be implemented based on software, hardware or a combination of software and hardware, and the multiple functional modules can be combined or divided arbitrarily based on specific implementations.
  • an application device including: a memory, a network interface, and at least one processor.
  • the memory is used to store program instructions, and after the at least one processor reads the program instructions stored in the memory, the application device executes the methods in the above first aspect and various implementation manners thereof.
  • a quantum device including: a memory, a network interface, and at least one processor.
  • the memory is used to store program instructions, and after the at least one processor reads the program instructions stored in the memory, the application device executes the methods in the above second aspect and various implementation manners thereof.
  • a quantum key transmission system including: an application device and a quantum device.
  • the application device is configured to execute the methods in the above first aspect and various implementation manners thereof.
  • the quantum device is used to execute the methods in the above second aspect and various implementation manners thereof.
  • a quantum key transmission system including: a first application device and a first quantum device.
  • the first application device is used to send a key request message to the first quantum device.
  • the key request message includes a user identifier corresponding to the first application device, a first public key, and a first message authentication code value.
  • the first public key is The public key in the key pair obtained by the quantum key generation algorithm after the first application device runs, and the value of the first message authentication code is calculated by the first application device based on the shared key pair corresponding to the quantum device and the user ID to the first authentication information , the first authentication information includes the first public key.
  • the first quantum device is configured to acquire first authentication information and storage information corresponding to the user identifier based on the key request message, where the storage information includes a shared key.
  • the first quantum device is configured to verify the value of the first message authentication code based on the shared key and the first authentication information. If the first quantum device passes the verification of the first message authentication code value, the first quantum device is configured to use the first public key to encrypt quantum key information to obtain a first ciphertext, where the quantum key information includes the quantum key.
  • the first quantum device is configured to calculate a second message authentication code value for the second authentication information based on the shared key, and the second authentication information includes the first ciphertext.
  • the first quantum device is configured to send a key response message corresponding to the key request message to the first application device, where the key response message includes a first ciphertext and a second message authentication code value.
  • the first application device is configured to acquire the second authentication information based on the key response message.
  • the first application device is configured to verify the second message authentication code value based on the shared key and the second authentication information. If the first application device passes the verification of the second message authentication code value, the first application device is used to decrypt the first ciphertext with the first private key to obtain quantum key information, and the first private key is the private key in the key pair. key.
  • the quantum key information also includes a key identifier of the quantum key.
  • the system also includes a second application device and a second quantum device.
  • the first quantum device is also used to send quantum key information to the second quantum device.
  • the first application device is further configured to send the key identifier to the second application device.
  • the second application device is configured to send a key acquisition request to the second quantum device, where the key acquisition request includes a key identifier.
  • the second quantum device is configured to send the quantum key to the second application device based on the key identifier.
  • the first application device and the second application device are used to communicate based on the quantum key.
  • the first quantum device communicates with the second quantum device through a quantum network.
  • the first quantum device communicates with the first application device through a classical network.
  • the second quantum device communicates with the second application device through a classical network.
  • the first application device communicates with the second application device through a classic network.
  • a computer-readable storage medium where instructions are stored on the computer-readable storage medium, and when the instructions are executed by a processor of an application device, the above-mentioned first aspect and various implementations thereof are implemented. or, when the instructions are executed by the processor of the quantum device, implement the methods in the above second aspect and various implementation manners thereof.
  • a computer program product including a computer program.
  • the computer program is executed by a processor of an application device, the above-mentioned first aspect and the method in each implementation manner thereof are implemented; or, the computer program is executed by When executed by the processor of the quantum device, the above second aspect and the methods in each implementation manner thereof are realized.
  • a chip in the eleventh aspect, includes a programmable logic circuit and/or program instructions, and when the chip is running, implements the method in the above first aspect and its various implementations or the above second aspect and its various implementations methods in methods.
  • FIG. 1 is a schematic diagram of an application scenario provided by an embodiment of the present application
  • Fig. 2 is a schematic diagram of the implementation flow of a quantum key transmission method provided by the embodiment of the present application
  • Fig. 3 is a schematic diagram of the implementation flow of another quantum key transmission method provided by the embodiment of the present application.
  • FIG. 4 is a schematic structural diagram of a key manager in an application device provided in an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of a key manager in a quantum device provided in an embodiment of the present application.
  • Fig. 6 is a schematic structural diagram of a quantum key transmission system provided by an embodiment of the present application.
  • FIG. 7 is a schematic diagram of a hardware structure of an application device provided by an embodiment of the present application.
  • FIG. 8 is a schematic diagram of a hardware structure of a quantum device provided by an embodiment of the present application.
  • Fig. 9 is a schematic structural diagram of an application device provided by an embodiment of the present application.
  • Fig. 10 is a schematic structural diagram of a quantum device provided by an embodiment of the present application.
  • Classical computer It is a physical device that uses binary (0 or 1) to store and process data.
  • the application devices involved in this application belong to classical computers.
  • Quantum computer It is a physical device that follows the laws of quantum mechanics and performs information processing based on the principle of quantum computing. Quantum computers use qubits to store and process data. Qubits have more states than binary. Quantum computers have the capabilities of classical computers. Quantum computers can more efficiently solve certain problems that are difficult for classical computers. The quantum devices involved in this application belong to quantum computers.
  • Quantum network It is a new type of secure communication network, which uses quantum entanglement and quantum teleportation to bring real security to the network, as well as a qualitative leap in the fields of computing and science. Communicating between communication nodes through a quantum network can be understood as using quantum key distribution technology between communication nodes to share quantum keys between communication nodes and communicate based on quantum keys. In the quantum key distribution process, the quantum key is transmitted in the form of quantum state. Since the quantum communication line cannot be eavesdropped or intercepted through the hook-up bypass, as long as it is eavesdropped, the quantum state will change and the communication content will be changed to prevent the original text from being detected, so the secure transmission of quantum keys can be realized. Quantum computers can communicate with each other through a quantum network.
  • Quantum attack It is an attack algorithm that runs on a quantum computer, such as Shor's algorithm (Shor's algorithm), Grover's algorithm and other algorithms that can efficiently crack certain passwords.
  • Quantum key distribution It is a secure key distribution technology realized by using the Heisenberg uncertainty principle of quantum mechanics and the non-cloning theorem of quantum states. In the quantum key distribution process, a quantum device generates a quantum key and transmits it to another quantum device through a quantum network, so that a shared quantum key is formed between the two quantum devices.
  • Asymmetric cryptographic algorithm refers to the algorithm that the sender and the receiver use different keys for encryption and decryption, also known as public key cryptographic algorithm.
  • public key cryptographic algorithm there is a pair of keys, a private key and a public key. The private key is kept secret by the key pair owner and cannot be published. The public key is released to others by the key pair holder. Data encrypted with a public key can only be decrypted with the corresponding private key. Data signed with a private key can only be verified with the corresponding public key.
  • Currently commonly used asymmetric encryption algorithms include RSA algorithm and ECC algorithm.
  • Post quantum cryptography (PQC) system It is a public key cryptosystem including key generation algorithm, encryption algorithm and decryption algorithm.
  • the algorithms included in the post-quantum cryptography system are collectively called post-quantum cryptography algorithms.
  • Post-quantum cryptographic algorithms are asymmetric cryptographic algorithms that can run on classical computers.
  • Post-quantum cryptography algorithms are quantum-resistant, that is, they can resist quantum attacks and cannot be cracked by quantum computers.
  • the quantum resistance of the post-quantum cryptography algorithm does not depend on quantum mechanics, but is based on mathematical problems that cannot be cracked by quantum computers at present.
  • Post-quantum cryptography algorithms include algorithms based on lattice, code-based, homology-based or multivariate-based algorithms.
  • Digital signature (referred to as signature): it is a means of protecting the data of the sender.
  • the sender signs the message with the private key. Any third party without the private key cannot forge the signature. Any third party in possession of the public key corresponding to the private key held by the sender can verify the signature to confirm the origin and integrity of the message.
  • Signature verification After receiving the data, the receiver uses the public key to verify the signature, and outputs a Boolean value, indicating that the signature is legal (signature verification passed) or invalid (signature verification failed). If the signature verification is passed, it means that the data has not been tampered with. If the signature verification fails, it means that the data has been tampered with. Signature verification can be used to verify the integrity of the data (not tampered with) and the reliability of the source of the data (not fake or forged data).
  • Digital certificate (referred to as certificate): it is the ID card of a device, user or application in the digital world.
  • the certificate contains the applicant's information and the signature of the certificate authority (CA) on the applicant's information.
  • the applicant information includes the public key in the key pair held by the applicant.
  • the applicant information also includes the identity information of the applicant.
  • the applicant is a device, and the identity information of the applicant is a device identifier that can uniquely identify the device.
  • the device identifier of a device includes but is not limited to one or more of the device serial number, the device's Media Access Control (Media Access Control, MAC) address or the device's Internet Protocol (Internet Protocol, IP) address .
  • the receiver uses the public key (also known as the CA root certificate) in the "unified key pair" of the certificate management agency to verify the certificate, and can confirm whether the public key in the certificate comes from the sender. square.
  • Message authentication code used to verify the integrity of the message (not tampered with) and the reliability of the source of the message (not false data or forged data).
  • the authentication principle of the message authentication code is: the sender and the receiver negotiate a shared key in advance, the sender uses the shared key to generate the MAC value of a message of any length, and then transmits the message and the MAC value to the receiver.
  • the receiver uses the shared key to generate the MAC value of the message, and compares the MAC value generated by itself with the MAC value received from the sender. If the MAC values are consistent, the receiver determines that the message is indeed from the sender and has not been tampered with (passed the verification). Conversely, if the MAC values are inconsistent, the receiver can determine that the message is not from the sender or has been tampered with during transmission (verification failed).
  • Quantum keys are generated and distributed by quantum devices. For the situation where the application device and the quantum device are deployed in different security domains, if the application device wants to use the quantum key, the quantum key needs to be transmitted from the quantum device to the application device through the classical network. In this case, in order to enable application devices to communicate securely based on quantum keys, it is first necessary to solve the "last mile" problem of quantum key transmission, that is, to ensure the security and reliability of quantum key transmission in classical networks. In order to ensure the security and reliability of quantum key transmission in classical networks, the following three problems need to be solved.
  • quantum devices and application devices need to be able to authenticate each other to resist spoofing attacks during the interaction process.
  • Counterfeit attacks include, for example, that a malicious application device pretends to be a legitimate application device to interact with the quantum device, thereby stealing the quantum key.
  • Quantum keys need to be transmitted over classical networks in ciphertext. Therefore, quantum devices need to use encryption algorithms to encrypt and protect quantum keys. And the selected encryption algorithm must be anti-quantum, so as to prevent the encryption algorithm from being cracked by the quantum computer, resulting in the leakage of the quantum key.
  • this application proposes a technical solution for transmitting quantum keys.
  • the application device and the quantum device cooperate to implement the technical solution.
  • the application device sends a key request message to the sub-device, where the key request message includes the user identifier corresponding to the application device, the first public key, and the value of the first message authentication code. If the quantum device passes the verification of the first message authentication code value, the quantum device sends a key response message to the application device, where the key response message includes the first ciphertext and the second message authentication code value. If the application device passes the verification of the second message authentication code value, the application device uses the first private key to decrypt the first ciphertext to obtain the quantum key information assigned to the application device by the quantum device.
  • the first public key and the first private key are from a key pair obtained by the application device running a post-quantum key generation algorithm.
  • the first ciphertext is obtained by encrypting the quantum key information assigned to the application device by the quantum device using the first public key.
  • the quantum key information includes a quantum key. Since the first public key used by the quantum device to encrypt the quantum key information is obtained by the post-quantum key generation algorithm after the application device runs, the quantum device will use the post-quantum encryption algorithm to encrypt the quantum key and send it to the application in the form of ciphertext.
  • the device transmits the quantum key, which ensures the confidentiality of the quantum key transmission.
  • the transmitted ciphertext is encrypted by the post-quantum encryption algorithm, it can resist quantum attacks and avoid the leakage of the quantum key caused by the ciphertext being cracked by the quantum computer.
  • the first message authentication code value is calculated by the application device on the first authentication information based on the shared key corresponding to the quantum device and the user identifier, where the first authentication information includes the first public key.
  • the quantum device After the quantum device receives the key request message from the application device, it obtains the first authentication information based on the key request message and the storage information corresponding to the user identification in the key request message, and the storage information includes the quantum device and the user ID. Identifies the corresponding shared secret. Then the quantum device verifies the value of the first message authentication code based on the obtained shared key and the first authentication information.
  • the quantum device passes the verification of the first message authentication code value, it means that the key request message is from the other party holding the shared key, and the content carried by the key request message in the first authentication information (including the first public key) has not been tampered with during transmission. Therefore, the first message authentication code value can be used by the quantum device to authenticate the application device (that is, to verify the source reliability of the key request message), and can also be used by the quantum device to verify the message integrity of the key request message.
  • the second message authentication code value is calculated by the quantum device for the second authentication information based on the shared key corresponding to the quantum device and the user identifier, and the second authentication information includes the first ciphertext.
  • the application device After receiving the key response message from the quantum device, the application device acquires the second authentication information based on the key response message. Then the application device verifies the value of the second message authentication code based on the shared key corresponding to the quantum device and the user identifier and the second authentication information. If the application device passes the verification of the second message authentication code value, it means that the key response message is from the other party holding the shared key, and the content carried by the key response message in the second authentication information (including the first ciphertext) has not been tampered with during transmission. Therefore, the second message authentication code value can be used by the application device to authenticate the quantum device (that is, verify the source reliability of the key response message), and can also be used by the application device to verify the message integrity of the key response message.
  • the quantum key transmission method provided in the embodiment of this application has two implementation scenarios.
  • a specific application device is used as a service object, and the quantum device is used to distribute a quantum key for the application device.
  • the user identifier corresponding to the above application device is the device identifier of the application device.
  • the shared key corresponding to the quantum device and the user ID is the shared key between the quantum device and a specific application device, that is, the party holding the shared key is the quantum device, and the other party is the specific application device.
  • the user account is used as the service object, and the quantum device is used to distribute the quantum key for the application device logged in by the user account.
  • the user identifier corresponding to the above-mentioned application device is a user account that logs in to the application device.
  • the shared key corresponding to the quantum device and the user ID is the shared key between the quantum device and the user account.
  • the party holding the shared key is the quantum device, and the other party is any application device logged in by the user account.
  • FIG. 1 is a schematic diagram of an application scenario provided by an embodiment of the present application.
  • this application scenario mainly involves two types of devices, namely application devices and quantum devices.
  • a quantum device is used to provide quantum services for one or more application devices, that is, a quantum device can distribute quantum keys for one or more application devices.
  • the quantum device communicates with the application device through a classical network.
  • communication between quantum devices and application devices is based on Transmission Control Protocol/Internet Protocol (TCP/IP).
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • the application device includes, but is not limited to, network devices such as routers, switches, or firewalls.
  • the application device is a terminal device such as a computer, a mobile phone, or an Internet of Things (Internet of Things, IoT) terminal.
  • the application device is other devices with communication requirements such as a server or a cloud platform.
  • Quantum devices are quantum computers capable of generating or storing quantum keys.
  • the quantum device in the embodiment of the present application may also be called a quantum key distribution device.
  • FIG. 2 is a schematic diagram of an implementation flow of a quantum key transmission method 200 provided in an embodiment of the present application.
  • the method 200 includes steps 201 to 208.
  • the quantum device in method 200 is the quantum device in FIG. 1 .
  • the application device in method 200 is any application device in FIG. 1 .
  • Step 201 the application device sends a key request message to the sub-device, and the key request message includes a user ID corresponding to the application device, a first public key, and a first message authentication code value.
  • the user ID corresponding to the application device in the key request message is used to indicate the service object of the quantum device, so that the quantum device can obtain the storage information corresponding to the service object, that is, the user ID corresponding to the application device is used by the quantum device Get the corresponding storage information.
  • the stored information includes a shared key corresponding to the quantum device and the user ID.
  • the user ID corresponding to the application device is the device ID of the application device
  • the shared key corresponding to the quantum device and the user ID is a shared key between the quantum device and the application device.
  • the shared key is pre-stored in the application device, and the application device can directly obtain the stored shared key.
  • the user ID corresponding to the application device is a user account that logs in to the application device
  • the shared key corresponding to the quantum device and the user ID is a shared key between the quantum device and the user account.
  • the shared key is bound to the user account, and after the user account logs in on the application device, the application device can obtain the shared key bound to the user account.
  • the first public key in the key request message is used by the quantum device to encrypt quantum key information assigned to the application device sending the key request message.
  • the quantum key information includes a quantum key.
  • the quantum key information also includes a key identifier of the quantum key.
  • the private key corresponding to the first public key is referred to as the first private key.
  • the first public key and the first private key are respectively the public key and the private key in the key pair obtained by running the post-quantum key generation algorithm on the application device.
  • the value of the first message authentication code in the key request message is calculated by the application device on the first authentication information based on the shared key corresponding to the quantum device and the user identifier.
  • the first authentication information includes a first public key.
  • the first authentication information further includes the device identifier of the quantum device and/or the user identifier carried in the key request message.
  • the value of the first message authentication code is used by the quantum device to authenticate the identity of the application device and to authenticate the message integrity of the key request message.
  • a quantum device is used to distribute quantum keys to one or more service objects. Different service objects use different passwords for quantum device authentication.
  • the above-mentioned shared key corresponding to the quantum device and the user ID is obtained based on the target password, and the target password is the password used by the service object indicated by the user ID.
  • step 201 in response to obtaining an input quantum key acquisition instruction, the application device runs a post-quantum key generation algorithm to generate a key pair.
  • the quantum key acquisition instruction includes the target password.
  • the application device calculates the first message authentication code value based on the shared key pair to the first authentication information including the first public key. For example, when the user inputs the target password on the application device, the application device determines that the quantum key acquisition instruction has been obtained.
  • the application device locks the password input interface.
  • the times of trial and error of an attacker are limited by limiting the times of wrong input of passwords, so as to be able to resist online dictionary attacks.
  • the first message authentication code value is a hash message authentication code (hash message authentication code, HMAC) value.
  • the application device whenever the application device obtains the quantum key acquisition instruction, it will run the post-quantum key generation algorithm to generate a temporary key pair, so that every time the application device requests a quantum key, the quantum device will use the temporary key pair of the application device.
  • the generated public key encrypts the quantum key information instead of encrypting the quantum key information with the quantum device's private key. In this way, even if the long-term private key used by the quantum device itself is leaked, it will not cause the leakage of the quantum key information transmitted between the quantum device and the application device in the previous communication process.
  • the security of the quantum key obtained by the application device in history is guaranteed, thereby ensuring the security of the historical communication of the application device.
  • the application device uses a fixed key pair when requesting the quantum key, so that the application device does not need to generate a key pair after obtaining the quantum key acquisition instruction, thereby improving the efficiency of the application device to obtain the quantum key.
  • the service object is an application device
  • the application device generates and stores a key pair in advance, and in response to obtaining the quantum key acquisition instruction, the application device directly obtains the public key from the stored key pair and calculates the message authentication code value .
  • the service object is a user account
  • the user account is bound to a key pair in advance, and in response to obtaining the quantum key acquisition instruction, the application device that logs in to the user account directly obtains the public key from the key pair bound to the user account and Calculate the message authentication code value.
  • the application device before performing step 201, the application device generates a derivation key based on the target password using a key derivation function (key derivation function, KDF).
  • KDF key derivation function
  • a key derivation function is used to derive one or more keys from a secret value using a pseudorandom function.
  • the secret value is the original key and the derived key is the derived key.
  • DK is the derivation key.
  • KDF is the key derivation function.
  • Key is the original key.
  • Salt is a random number used as password salt (hereinafter referred to as random salt value). Iterations refers to the number of iterations.
  • the random salt value and the number of iterations are collectively referred to as key derivation function parameter values.
  • the target password is used as part or all of the original key used by the key derivation function.
  • the shared key corresponding to the quantum device and the user ID is obtained based on the derived key.
  • the shared key is obtained based on the derived key, including: the shared key is a derived key, or the shared key is a hash value of the derived key.
  • the derived key is used instead of the target password to obtain the shared key, so that when the application device and the quantum device synchronize the shared key, the application device only needs to send the derived key obtained based on the target password to the quantum device. Even if the derived key is stolen during transmission or stored in the quantum device, the thief cannot restore the target password used by the service object, thereby preventing the thief from impersonating the service object to request the quantum key from the quantum device.
  • the key derivation function adopted by the application device includes but is not limited to a hash function or a password-based key derivation function (password-based key derivation function 2, PBKDF2).
  • PBKDF2 password-based key derivation function
  • the application device uses PBKDF2 as the key derivation function
  • the target password is recorded as pwd
  • the random salt value is recorded as salt
  • the number of iterations is recorded as i
  • secret is a secret generated and maintained by the application device itself.
  • " in the embodiments of the present application means “and” or "and”.
  • the application device uses pwd and secret together as the original key to generate a derived key, which can reduce the possibility of obtaining the target password based on the derived key cracking and restoration, and can resist offline dictionary attacks to a certain extent, thereby further improving the confidentiality of the target password and use security.
  • Step 202 After the quantum device receives the key request message from the application device, it obtains the first authentication information and the storage information corresponding to the user ID based on the key request message, and the storage information includes the storage information corresponding to the user ID of the quantum device and the user ID. shared secret.
  • the quantum device obtains the first authentication information based on the key request message, including the quantum device obtaining the first public key from the key request message.
  • storage information corresponding to one or more user identifiers is stored in the quantum device.
  • the storage information corresponding to each user ID includes the shared key corresponding to the quantum device and the user ID and the user ID.
  • the quantum device obtains the storage information corresponding to the user ID based on the key request message, that is, the quantum device obtains the storage information corresponding to the user ID carried in the key request message.
  • Step 203 the quantum device verifies the value of the first message authentication code based on the shared key and the first authentication information.
  • the first authentication information in step 203 is the authentication information obtained by the quantum device based on the received key request message in step 202. If the key request message sent by the application device in step 201 has not been tampered with during transmission, then the first authentication information obtained by the quantum device in step 202 is the same as that used by the application device to calculate the value of the first message authentication code in step 201. The content of the first authentication information is consistent.
  • step 203 is implemented in the following manner: the quantum device calculates the first authentication information based on the shared key to obtain a fourth message authentication code value. If the fourth message authentication code value is the same as the first message authentication code value, the quantum device determines that the verification of the first message authentication code value passes. Conversely, if the fourth message authentication code value is different from the first message authentication code value, the quantum device determines that the verification of the first message authentication code value fails.
  • the quantum device passes the verification of the first message authentication code value, it means that the key request message received by the quantum device comes from the other party holding the shared key, and the content carried by the key request message in the first authentication information (at least including the first public key) has not been tampered with during transmission, and in this case, the quantum device provides the quantum key to the requesting party. If the quantum device fails to verify the value of the first message authentication code, it means that the key request message received by the quantum device is not from the other party holding the shared key, or the first authentication information is carried in the key request message The content of has been tampered with during transmission, in this case, the quantum device does not provide the quantum key to the requesting party. In the embodiment of this application, by carrying the first message authentication code value in the key request message sent by the application device, the quantum device can perform identity authentication on the application device (that is, verify the source reliability of the key request message) and Perform message integrity verification on the key request message.
  • Step 204 If the quantum device passes the verification of the first message authentication code value, the quantum device encrypts the quantum key information with the first public key to obtain the first ciphertext.
  • the quantum key information includes a quantum key.
  • the quantum key information also includes a key identifier of the quantum key.
  • the quantum device Since the first public key used by the quantum device to encrypt the quantum key information is obtained by the post-quantum key generation algorithm after the application device runs, the quantum device will use the post-quantum encryption algorithm to encrypt the quantum key and send it to the application in the form of ciphertext. The device transmits the quantum key, which ensures the confidentiality of the quantum key transmission.
  • the first ciphertext is obtained by encrypting with a post-quantum encryption algorithm, it can resist quantum attacks and prevent the first ciphertext from being deciphered by a quantum computer to cause leakage of the quantum key.
  • the quantum device after determining the quantum key information assigned to the application device, the quantum device adds the quantum key information to the storage information corresponding to the user ID corresponding to the application device, so that other application devices need to communicate with the application device
  • the quantum device can directly or indirectly provide the quantum key used by the application device to other application devices, thereby realizing secure communication between application devices.
  • Step 205 the quantum device calculates the second authentication information based on the shared key to obtain a second message authentication code value, and the second authentication information includes the first ciphertext.
  • the second authentication information further includes the device identifier of the quantum device and/or the user identifier carried in the key request message.
  • the second message authentication code value is a Hash Message Authentication Code (HMAC) value.
  • Step 206 The quantum device sends a key response message corresponding to the key request message to the application device, where the key response message includes the first ciphertext and the second message authentication code value.
  • Step 207 After receiving the key response message from the quantum device, the application device verifies the value of the second message authentication code based on the shared key and the second authentication information.
  • the second authentication information in step 207 is the authentication information obtained by the application device based on the received key response message. If the key response message sent by the quantum device in step 206 has not been tampered with during transmission, then the authentication information obtained by the application device based on the key response message is the same as that used by the application device to calculate the value of the second message authentication code in step 205. The content of the used second authentication information is consistent.
  • step 207 is implemented in the following manner: the application device calculates the second authentication information based on the shared key to obtain a third message authentication code value. If the third message authentication code value is the same as the second message authentication code value, the application device determines that the verification of the second message authentication code value passes. Conversely, if the third message authentication code value is different from the second message authentication code value, the application device determines that the verification of the second message authentication code value fails.
  • the application device passes the verification of the second message authentication code value, it means that the key response message received by the application device is from the other party holding the shared key, and the content carried in the key response message in the second authentication information (at least including the first ciphertext) has not been tampered with during transmission. In this case, it means that the quantum key information carried in the key response message is reliable, and the application device further extracts the quantum key information carried in the key response message. quantum key information. If the application device fails to verify the value of the second message authentication code, it means that the key response message received by the application device is not from the other party holding the shared key, or the second authentication information is carried in the key response message.
  • the quantum key information carried in the key response message is unreliable, and the application device will no longer process the information in the key response message.
  • the application device by carrying the second message authentication code value in the key response message sent by the quantum device, the application device can perform identity authentication on the quantum device (that is, verify the source reliability of the key response message) and Perform message integrity verification on the key response message.
  • Step 208 If the application device passes the verification of the second message authentication code value, the application device uses the first private key to decrypt the first ciphertext to obtain quantum key information.
  • the stored information corresponding to the user identifier in the quantum device includes a second statistical value, where the second statistical value is the number of times the key request message including the user identifier is sent recorded by the quantum device.
  • the key request message further includes a first statistical value, where the first statistical value is the number of sending times of the key request message including the user identifier recorded by the application device.
  • the first authentication information further includes a first statistical value. If the service object is an application device, the first statistical value is the number of times the application device sends key request packets including the device identifier (user identifier) of the application device.
  • a counter is set in the application device to record the number of times the key request message is sent.
  • the counter is incremented by a set incremental value. If the service object is a user account, the first statistical value is the number of times of key request messages including the user account (user ID) sent by all application devices logged in by the user account.
  • the application device obtains the historical sending times of the key request message including the user identifier.
  • the application device adds a set incremental value to the historical sending times to obtain the first statistical value. That is, the first statistical value calculated by the application device includes the key request message sent this time.
  • set the increment value to 1.
  • the quantum device stops the quantum key transmission process.
  • the quantum device updates the second statistical value so that the updated second statistical value is equal to the first statistical value.
  • the recorded number of times of sending the key request message should be less than the number of times of sending the key request message recorded by the application device. If the first statistical value carried in the key request message is less than or equal to the second statistical value stored by the quantum device, it means that the key request message may be repeatedly sent by the attacker, that is, the key request message
  • the text may be a replay attack message, which realizes the replay attack detection on the quantum device side.
  • the quantum device also outputs an alarm prompt, which is used to indicate that the key request is abnormal this time, which helps Relevant personnel deal with abnormal situations in a timely manner.
  • the quantum device determines that the second statistical value is smaller than the first statistical value, it then verifies the first message authentication code value (that is, executes step 203).
  • the key response message further includes the updated second statistical value.
  • the second authentication information further includes an updated second statistical value.
  • Replay attack packets are replayed, which realizes replay attack detection on the application device side.
  • the application device will also output an alarm prompt, which is used to indicate that the key request is abnormal this time, which helps relevant personnel Handle abnormal situations in a timely manner.
  • the application device verifies the second message authentication code value again (that is, executes step 207).
  • the process of requesting the quantum key from the application device to the quantum device in the process of requesting the quantum key from the application device to the quantum device, two-way identity authentication can be performed between the application device and the quantum device, and the respective received messages can also be authenticated. The integrity verification of the message is carried out, and the confidentiality of the transmission of the quantum key is also guaranteed. Then the security and reliability of the quantum key transmission in the classical network are realized.
  • the process of requesting the quantum key from the application device to the quantum device only needs one round of message (key request message and key response message) interaction to complete the transmission of the quantum key and the identity authentication of both parties. The interaction process is simple. .
  • the two-way identity authentication and message integrity verification between the application device and the quantum device are all implemented based on the message authentication code.
  • the communicating party needs to sign the message with a private key during the handshake phase, and the other communicating party needs to sign the message with a private key.
  • TLS transport layer security
  • the application device can obtain the key with higher efficiency.
  • the technical solution of this application is divided into two implementation stages, namely the registration stage and the quantum key acquisition stage.
  • the service object completes the registration on the quantum device to establish mutual trust with the quantum device for the first time.
  • the service object completes the registration on the quantum device, including the synchronization of the shared key between the service object and the quantum device.
  • the service object completes the mutual identity authentication with the quantum device and the transmission of the quantum key in the phase of quantum key acquisition.
  • the above method 200 describes the implementation process of the quantum key acquisition phase.
  • the registration phase and the quantum key acquisition phase are independent of each other. After the service object completes a registration, it can request the quantum device to obtain the quantum key multiple times.
  • the service object is an application device.
  • the application device can execute the quantum key acquisition process multiple times to obtain the quantum key from the quantum device.
  • the service object is a user account
  • the user account logs in to an application device to complete registration on the quantum device.
  • the user account can log in to the application device or other application devices multiple times, enabling the application device logged in each time to execute Quantum key acquisition process to obtain quantum keys from quantum devices. It is worth noting that when the service object is an application device, the application device that completes the registration process with the quantum device and the application device that requests the quantum device to obtain a quantum key can only be the same application device.
  • the application device in the above-mentioned method 200 and the application device in the following method 300 are the same application device.
  • the application device that completes the registration process with the quantum device and the application device that requests the quantum device to obtain the quantum key are the same application device or different application devices that log in to the same user account.
  • the application device in the above-mentioned method 200 and the application device in the following method 300 are application devices (the same device or different devices) logged in with the same user account.
  • FIG. 3 is a schematic diagram of an implementation flow of a quantum key transmission method 300 provided in an embodiment of the present application.
  • the method 300 only shows the implementation process of the registration stage. After the application device completes the registration on the quantum device, the process of requesting the quantum device to obtain the quantum key can refer to the above-mentioned method 200, and the embodiment of the present application will not repeat it here.
  • the method 300 includes step 301 to step 310 .
  • Step 301 the application device sends a registration request message to the sub-device.
  • the registration request message is used to initiate the registration process to the sub-device application.
  • the registration request message indicates the encryption algorithm supported by the application device.
  • the registration request message indicates the message authentication code generation algorithm, key derivation function algorithm, or post-quantum cryptography algorithm supported by the application device.
  • Step 302. After receiving the registration request message from the application device, the quantum device sends a registration response message to the application device.
  • the registration response message includes the certificate of the quantum device, and the certificate includes the second public key.
  • the second public key is the public key in the key pair held by the quantum device.
  • the private key corresponding to the second public key is referred to as the second private key.
  • the second public key and the second private key are divided into the public key and the private key in the key pair obtained by the quantum key generation algorithm after the quantum device runs.
  • the registration response message also indicates the target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device.
  • the target cryptographic algorithm includes the generation algorithm of the first message authentication code value (that is, the algorithm used by the application device to calculate the first message authentication code value in the above step 201), the generation algorithm of the second message authentication code value (that is, the quantum One or more of the algorithm used by the device to calculate the value of the second message authentication code) or the generation algorithm of the shared key (that is, the algorithm for obtaining the shared key based on the derived key in step 201 above).
  • the target key algorithm further includes a post-quantum cryptographic algorithm used by the application device to generate the first public key and the first private key (step 201), and/or, the quantum device generates the second public key and the second private key The post-quantum cryptographic algorithm used (step 302). So that the application device can use the supporting post-quantum encryption algorithm or post-quantum decryption algorithm to encrypt and decrypt the ciphertext.
  • Step 303 After the application device receives the registration response message corresponding to the registration request message from the quantum device, if the application device passes the verification of the certificate of the quantum device, the application device obtains the user ID and the target password.
  • the quantum device's certificate also includes the signature of a third-party certification authority (such as a CA).
  • the application device authenticates the quantum device based on the certificate of the quantum device.
  • the application device passes the verification of the quantum device certificate, that is, the application device passes the verification of the quantum device certificate using the public key provided by the third-party certification authority. In this way, the application device can confirm that the public key in the certificate is indeed from the quantum device, thereby preventing counterfeiting attacks.
  • the target password obtained by the application device is the password corresponding to the user ID obtained by the application device. In the embodiment of the present application, the password corresponding to the user ID is used as a password for the service object indicated by the user ID to request services from the sub-device.
  • the application device uses its own device identifier as the user identifier. If the registration request message is used to request to register a user account as a service object, the application device creates a user account after receiving the registration response message, and uses the created user account as a user identifier.
  • the target password is entered by the user.
  • the application device After receiving the registration response message, the application device displays a password input interface to prompt the user to input a password. Then the application device uses the content input by the user as the target password.
  • Step 304 the application device generates a derived key based on the target password by using the key derivation function.
  • the registration response message further includes key derivation function parameter values, where the key derivation function parameter values include random salt values and/or iteration times.
  • the quantum device indicates the random salt value and/or the number of iterations used by the application device when the key derivation function is used to generate the derived key by carrying the parameter value of the key derivation function in the registration response message.
  • the implementation of step 304 is that the application device uses the key derivation function to generate a derived key based on the target password and the parameter value of the key derivation function in the registration response message.
  • step 304 reference may be made to the relevant description in the above step 201, which will not be repeated in this embodiment of the present application.
  • Step 305 the application device encrypts the registration information with the second public key to obtain a second ciphertext, and the registration information includes the derived key and the user ID.
  • the application device uses the key derivation function parameter value obtained from the registration response message as part of the registration information, that is, the registration information includes the key derivation function parameter value function parameter value.
  • the embodiment of this application refers to the key derivation function parameter value in the registration response message as the first key derivation function parameter value, and refers to the key derivation function parameter value in the registration information as the second key derivation function parameter value. Key derivation function parameter value.
  • the application device Since the second public key used by the application device to encrypt the registration information is obtained by the quantum key generation algorithm after the quantum device runs, the application device will use the post-quantum encryption algorithm to encrypt the registration information and then transmit the registration to the quantum device in the form of cipher text. Information, to ensure the confidentiality of the transmission of registration information.
  • the second ciphertext is obtained by encrypting with a post-quantum encryption algorithm, it can resist quantum attacks and prevent the second ciphertext from being deciphered by a quantum computer to cause leakage of registration information.
  • the registration information further includes one or more of a key derivation function parameter value, a device ID of the quantum device, a hash value of the device ID of the application device, or a random number generated by the application device.
  • Step 306 the application device sends a registration message to the sub-device, and the registration message includes the second ciphertext.
  • the registration message also includes the device identifier of the application device.
  • the registration information also includes a first hash value of the device identification of the application device.
  • Step 307 After receiving the registration message from the application device, the quantum device uses the second private key to decrypt the second ciphertext to obtain the registration information.
  • Step 308 the quantum device stores storage information corresponding to the user ID.
  • the user ID in step 308 is the user ID obtained by the quantum device from the registration information decrypted in step 307 .
  • the stored information corresponding to the user ID includes the user ID and the shared key corresponding to the user ID.
  • the shared key is derived based on the derived key in the registration information.
  • the quantum device uses the derived key in the registration information as the shared key corresponding to the quantum device and the user ID in the registration information.
  • the quantum device uses the hash value of the derived key in the registration information as the shared key corresponding to the quantum device and the user ID in the registration information. It only needs to ensure that both the application device and the quantum device obtain the shared key based on the derived key in the same way.
  • the stored information corresponding to the user identifier in the registration information also includes part or all of the content in the registration information except the user identifier.
  • the storage information corresponding to the user ID stored in the quantum device includes the user ID, the shared key corresponding to the user ID, the random salt value and the number of iterations used by the application device to calculate the derived key, and the password recorded by the quantum device including the user ID. The number of times the key request message is sent. The initial value of the sending count is 0.
  • the quantum device when the registration response message includes the first key derivation function parameter value, and the registration information includes the second key derivation function parameter value, the quantum device first compares the first key derivation function parameter value with the second key Derived function parameter values. If the parameter value of the first key derivation function is the same as the parameter value of the second key derivation function, the quantum device stores the storage information corresponding to the user identifier in the registration information.
  • the first key derivation function parameter value carried by the application device in the registration message comes from the first key derivation function parameter value in the registration response message received by the application device
  • the first key derivation function parameter value It should be the same as the parameter value of the second key derivation function.
  • the quantum device receives the registration message, it finds that the parameter value of the second key derivation function carried in the registration message from the application device is different from the parameter value of the first key derivation function carried in the registration response message sent by the quantum device If the values are different, it means that the registration message and/or registration response message has been tampered with during transmission.
  • the message integrity verification of the two-way transmission message between the quantum device and the application device can be realized.
  • the quantum device when the registration message includes the device identifier of the application device, and the registration information includes the first hash value of the device identifier of the application device, after the quantum device obtains the registration information, it calculates the value of the device identifier of the application device in the registration information. the second hash value. Then the quantum device compares the first hash value carried in the registration message with the calculated second hash value. If the first hash value is the same as the second hash value, the quantum device stores storage information corresponding to the user identifier.
  • the first hash value carried in the registration message received by the quantum device is different from the second hash value calculated by the quantum device, it means that the registration message has been tampered with during transmission.
  • the message integrity verification of the message sent from the application device to the quantum device can be realized.
  • the registration information further includes a first random number generated by the application device.
  • the quantum device stores the storage information corresponding to the user identifier in the registration information, continue to execute the following steps 309 to 310.
  • Step 309 the quantum device sends a registration success response message to the application device, the registration success response message is used to indicate that the user ID in the registration information has been registered successfully, the registration success response message includes a second random number, the second random number from registration information.
  • the quantum device After the quantum device obtains the first random number from the registration information, it carries the first random number in the registration success response message.
  • the random number in the registration information is called the first random number
  • the random number in the registration success response message is called the second random number. If the message transmitted between the quantum device and the application device has not been tampered with, then the first random number and the second random number should be the same.
  • Step 310 After the application device receives the registration success response message from the quantum device, if the second random number is the same as the first random number generated by the application device, the application device determines that the registration of the user ID is successful.
  • the application device determines that the registration of the user ID is successful, that is, the application device determines that the registration of the service object indicated by the user ID on the quantum device is completed.
  • the identity authentication of the application device is based on a password.
  • the identity authentication of the quantum device in the registration stage depends on the certificate, and the identity authentication in the quantum key acquisition stage depends on the derived key based on the password. Regardless of the registration stage or the quantum key acquisition stage, the application device and the quantum device have realized mutual identity authentication, thus ensuring the security and reliability of quantum key transmission.
  • the application device encrypts the registration information with the public key obtained by the quantum encryption algorithm after the quantum device runs, and then transmits the registration information to the quantum device in the form of cipher text.
  • the quantum device uses the public key obtained by the quantum key generation algorithm after the application device runs to encrypt the quantum key, and then transmits the quantum key to the application device in the form of ciphertext.
  • the confidentiality of message transmission between quantum devices and application devices is realized.
  • the transmitted ciphertext can resist quantum attacks, thus reducing the risk of message leakage.
  • Both the quantum device and the application device provided in the embodiment of this application are equipped with a key manager, and the core functions of the solution of this application are realized by the key manager of the quantum device and the application device respectively.
  • FIG. 4 is a schematic structural diagram of a key manager in an application device provided in an embodiment of the present application.
  • the key manager in the application device includes a quantum service registration module and a quantum key request module.
  • the quantum service registration module is responsible for applying for a registration service object to the quantum device, and providing the necessary identity materials to the quantum device, specifically performing steps 301, 303 to 306, and 310 above.
  • the quantum key request module includes an identity authentication module and a quantum key decapsulation module.
  • the identity authentication module is responsible for authenticating the identity of the interacting quantum device during the quantum key acquisition process, for example, the above-mentioned step 207 is specifically executed.
  • the quantum key decapsulation module is responsible for decapsulating the quantum key information sent by the quantum device, so as to extract the real quantum key, for example, the above-mentioned step 208 is specifically performed.
  • FIG. 5 is a schematic structural diagram of a key manager in a quantum device provided in an embodiment of the present application.
  • the key manager in the quantum device includes a registration request processing module and a quantum key request processing module.
  • the registration request processing module is responsible for processing the registration request from the application device, and specifically performs, for example, the above-mentioned step 302 and steps 307 to 309 .
  • the quantum key request processing module includes an identity authentication module and a quantum key encapsulation module.
  • the identity authentication module is responsible for authenticating the identity of the interacting application device, specifically performing, for example, the above step 203 .
  • the quantum key request processing module is responsible for encapsulating the quantum key information, and specifically performs, for example, the above step 204 to ensure the confidentiality of the quantum key transmission in the classical network.
  • the embodiment of the present application also provides a quantum key transmission system, including: an application device and a quantum device.
  • the application device interacts with the quantum device, so that the application device can obtain the quantum key from the quantum device.
  • the application device is configured to execute step 201 and steps 207 to 208 in the above method 200 .
  • the quantum device is used to execute steps 202 to 206 in the above method 200 .
  • the application device also interacts with the quantum device, so that the application device can complete the registration of the service object on the quantum device.
  • the application device is configured to execute step 301 , step 303 to step 306 and step 310 in the above method 300 .
  • the quantum device is used to execute step 302 and steps 307 to 309 in the above method 300 .
  • FIG. 6 is a schematic structural diagram of a quantum key transmission system provided in an embodiment of the present application.
  • the system includes a first application device and a first quantum device.
  • the first application device has completed registration on the first quantum device, or the user account logged in to the first application device has completed registration on the first quantum device.
  • the first quantum device is capable of providing quantum services to the first application device.
  • the first application device when the first application device is the communication initiator, the first application device requests the first quantum device to obtain the quantum key.
  • the process of the first application device requesting the first quantum device to obtain the quantum key reference may be made to the description in the foregoing method 200 .
  • the first application device is configured to send a key request message to the first quantum device.
  • the key request message includes a user identifier corresponding to the first application device, a first public key, and a first message authentication code value.
  • the first public key is the public key in the key pair obtained by the first application device after running the quantum key generation algorithm.
  • the first message authentication code value is calculated by the first application device on the first authentication information based on the shared key corresponding to the quantum device and the user identifier.
  • the first authentication information includes a first public key.
  • the first quantum device is configured to acquire first authentication information and storage information corresponding to the user identifier based on the key request message, where the storage information includes a shared key.
  • the first quantum device is configured to verify the value of the first message authentication code based on the shared key and the first authentication information. If the first quantum device passes the verification of the first message authentication code value, the first quantum device is configured to use the first public key to encrypt the quantum key information to obtain the first ciphertext.
  • the quantum key information includes a quantum key.
  • the first quantum device is configured to calculate the second authentication information based on the shared key to obtain a second message authentication code value.
  • the second authentication information includes the first ciphertext.
  • the first quantum device is configured to send a key response message corresponding to the key request message to the first application device.
  • the key response message includes the first ciphertext and the second message authentication code value.
  • the first application device is configured to acquire the second authentication information based on the key response message.
  • the first application device is configured to verify the second message authentication code value based on the shared key and the second authentication information. If the first application device passes the verification of the second message authentication code value, the first application device is configured to use the first private key to decrypt the first ciphertext to obtain quantum key information.
  • the first private key is the private key in the key pair obtained by the first application device running the post-quantum key generation algorithm.
  • the first private key is a private key corresponding to the first public key.
  • the quantum key information distributed by the first quantum device to the first application device further includes a key identifier of the quantum key.
  • the system further includes a second application device and a second quantum device.
  • the second application device has completed registration on the second quantum device, or the user account logged into the second application device has completed registration on the second quantum device.
  • the second quantum device is capable of providing quantum services to the second application device.
  • the second application device when the second application device is the communication receiver, the second application device requests the second quantum device to acquire the quantum key of the communication initiator.
  • the first quantum device is also used to send quantum key information to the second quantum device.
  • the first application device is further configured to send the key identifier to the second application device.
  • the second application device is configured to send a key acquisition request to the second quantum device, where the key acquisition request includes a key identifier.
  • the second quantum device is configured to send the quantum key to the second application device based on the key identifier.
  • the first application device and the second application device are used to communicate based on the quantum key.
  • the manner in which the second application device sends a key acquisition request to the second quantum device may refer to the manner in which the application device sends a key request message to the quantum device in the above-mentioned method 200, and the specific process may refer to step 201 in the above-mentioned method 200.
  • the content of the key acquisition request includes a key identifier, so as to instruct the second quantum device to acquire the quantum key indicated by the key identifier.
  • the processing method of the second quantum device on the key acquisition request please refer to the processing method of the quantum device on the key request message in the above method 200, and for the specific process, please refer to the steps 202 to 206 in the above method 200, the difference is that here
  • the encrypted object of the second quantum device is the quantum key indicated by the key identifier.
  • the processing method of the second application device on the ciphertext obtained by encrypting the quantum key from the second quantum device can refer to the processing method of the application device on the key response message in the above method 200, and the specific process can refer to the above method Step 207 to step 208 in 200 .
  • the first quantum device communicates with the second quantum device through a quantum network.
  • the first quantum device communicates with the first application device through a classical network.
  • the second quantum device communicates with the second application device through a classical network.
  • the first application device communicates with the second application device through a classic network.
  • the system shown in FIG. 6 is illustrated by taking the quantum device (first quantum device) providing quantum services to the first application device as an example different from the quantum device (second quantum device) providing quantum services to the second application device. If the same quantum device provides quantum services for the first application device and the second application device, the step of synchronizing quantum key information between the two quantum devices is omitted when implementing the technical solution.
  • the quantum key transmission system realizes the secure and reliable transmission of the quantum key from the quantum device to the application device across security domains.
  • the communication initiator obtains the quantum key and the key identifier from the corresponding quantum device. Then the communication initiator synchronizes the key identification to the communication receiver through the classical network. If quantum services are provided by different quantum devices for the communication initiator and the communication receiver, the quantum device corresponding to the communication initiator also synchronizes the quantum key and key identification with the quantum device corresponding to the communication receiver.
  • the communication receiver can request the quantum key corresponding to the key identifier from the corresponding quantum device, and then the two communicating parties can communicate based on the quantum key. Since the process of transmitting the quantum key from the quantum device to the application device is safe and reliable, the transmission of the quantum key through the quantum network is always safe, and the key identification of the quantum key is not transmitted between two application devices. The key makes it impossible for the thief to steal the quantum key from the communication process of the two application devices. Therefore, the whole process of obtaining the quantum key by both communication parties is safe and reliable, which can improve the security and reliability of communication.
  • the basic hardware structure of the quantum device is illustrated below with an example.
  • FIG. 7 is a schematic diagram of a hardware structure of an application device provided in an embodiment of the present application.
  • an application device 700 includes a processor 701 and a memory 702 , and the memory 701 and the memory 702 are connected through a bus 703 .
  • FIG. 7 illustrates that the processor 701 and the memory 702 are independent of each other.
  • the processor 701 and the memory 702 are integrated together.
  • the application device 700 in FIG. 7 is any application device shown in FIG. 1 .
  • the memory 702 is used for storing computer programs, and the computer programs include operating systems and program codes.
  • the memory 702 is various types of storage media, such as read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), electrically erasable programmable read-only memory (electrically erasable programmable read-only memory) memory, EEPROM), compact disc read-only memory (CD-ROM), flash memory, optical memory, registers, optical disc storage, optical disc storage, magnetic disk or other magnetic storage devices.
  • the processor 701 is a general purpose processor or a special purpose processor.
  • Processor 701 may be a single-core processor or a multi-core processor.
  • the processor 701 includes at least one circuit to execute the actions performed by the application device in the above-mentioned method 200 or method 300 provided in the embodiment of the present application.
  • the application device 700 further includes a network interface 704 , and the network interface 704 is connected to the processor 701 and the memory 702 through the bus 703 .
  • the network interface 704 enables the application device 700 to communicate with quantum devices or other application devices.
  • the processor 701 can interact with the quantum device through the network interface 704 to register a service object, obtain a quantum key, etc., and communicate with other application devices.
  • the application device 700 further includes an input/output (input/output, I/O) interface 705 , and the I/O interface 705 is connected to the processor 701 and the memory 702 through the bus 703 .
  • the processor 701 can receive input commands or data, etc. through the I/O interface 705 .
  • the I/O interface 705 is used for the application device 700 to connect to input devices, such as a keyboard and a mouse.
  • the foregoing network interface 704 and I/O interface 705 are collectively referred to as a communication interface.
  • the application device 700 further includes a display 706 , and the display 706 is connected to the processor 701 and the memory 702 through the bus 703 .
  • the display 706 can be used to display an intermediate result and/or a final result generated by the processor 701 executing the above method, for example, to display an alarm prompt.
  • the display 706 is a touch screen to provide a human-computer interaction interface.
  • the bus 703 is any type of communication bus used to realize the interconnection of internal devices of the application device 700 .
  • the system bus for example the system bus.
  • the above-mentioned devices inside the application device 700 are interconnected through the bus 703 as an example for illustration.
  • the above-mentioned internal devices are interconnected through logic interfaces inside the application device 700 .
  • the above-mentioned devices may be respectively arranged on independent chips, or at least partly or all of them may be arranged on the same chip. Whether each device is independently arranged on different chips or integrated and arranged on one or more chips often depends on the needs of product design.
  • the embodiments of the present application do not limit the specific implementation forms of the foregoing devices.
  • the application device 700 shown in FIG. 7 is only exemplary. During implementation, the application device 700 includes other components, which will not be listed here.
  • the application device 700 shown in FIG. 7 can realize the transmission of the quantum key by performing all or part of the steps of the method provided by the above embodiments.
  • the following illustrates the basic hardware structure of the application device with an example.
  • FIG. 8 is a schematic diagram of a hardware structure of a quantum device provided in an embodiment of the present application.
  • the quantum device 800 includes a processor 801 and a memory 802 , and the memory 801 and the memory 802 are connected through a bus 803 .
  • FIG. 8 illustrates that the processor 801 and the memory 802 are independent of each other.
  • the processor 801 and the memory 802 are integrated together.
  • the quantum device 800 in FIG. 8 is the quantum device shown in FIG. 1 .
  • the memory 802 is used for storing computer programs, and the computer programs include operating systems and program codes.
  • Memory 802 is various types of storage media such as ROM, RAM, EEPROM, CD-ROM, flash memory, optical storage, registers, optical disk storage, optical disk storage, magnetic disk, or other magnetic storage devices.
  • the processor 801 is a general purpose processor or a special purpose processor.
  • Processor 801 may be a single-core processor or a multi-core processor.
  • the processor 801 includes at least one circuit to execute the actions performed by the quantum device in the above-mentioned method 200 or method 300 provided in the embodiment of the present application.
  • the quantum device 800 further includes a network interface 804, and the network interface 804 is connected to the processor 801 and the memory 802 through the bus 803.
  • the network interface 804 enables the quantum device 800 to communicate with application devices or other quantum devices.
  • the processor 801 can interact with the application device through the network interface 804 to register service objects and provide quantum keys, and interact with other quantum devices to synchronize quantum key information.
  • the quantum device 800 further includes an I/O interface 805 , and the I/O interface 805 is connected to the processor 801 and the memory 802 through the bus 803 .
  • the processor 801 can receive input commands or data, etc. through the I/O interface 805 .
  • the I/O interface 805 is used for the quantum device 800 to connect to input devices, such as a keyboard and a mouse.
  • the foregoing network interface 804 and I/O interface 805 are collectively referred to as a communication interface.
  • the quantum device 800 further includes a display 806 , and the display 806 is connected to the processor 801 and the memory 802 through the bus 803 .
  • the display 806 can be used to display an intermediate result and/or a final result generated by the processor 801 executing the above method, for example, display an alarm prompt.
  • the display 806 is a touch screen to provide a human-computer interaction interface.
  • the bus 803 is any type of communication bus used to realize the interconnection of internal devices of the quantum device 800 .
  • the bus 803 is any type of communication bus used to realize the interconnection of internal devices of the quantum device 800 .
  • the above-mentioned devices inside the quantum device 800 are interconnected through the bus 803 as an example.
  • the above-mentioned devices inside the quantum device 800 are connected to each other by other connection methods other than the bus 803, such as the quantum device 800
  • the above-mentioned internal devices are interconnected through logical interfaces inside the quantum device 800 .
  • the above-mentioned devices may be respectively arranged on independent chips, or at least partly or all of them may be arranged on the same chip. Whether each device is independently arranged on different chips or integrated and arranged on one or more chips often depends on the needs of product design.
  • the embodiments of the present application do not limit the specific implementation forms of the foregoing devices.
  • the quantum device 800 shown in FIG. 8 is only exemplary. During implementation, the quantum device 800 includes other components, which will not be listed here.
  • the quantum device 800 shown in FIG. 8 can realize the transmission of a quantum key by performing all or part of the steps of the method provided by the above embodiments.
  • the virtual device in the embodiment of the present application is illustrated below with an example.
  • FIG. 9 is a schematic structural diagram of an application device provided by an embodiment of the present application.
  • the application device with the structure shown in FIG. 9 implements the functions of the application device in the solutions described in the above embodiments.
  • the application device shown in FIG. 9 is any application device in the application scenario shown in FIG. 1 or 6, the application device shown in FIG. 4, or the application device shown in FIG. 3 functions of the application device described in the illustrated embodiment.
  • an application device 900 includes a sending module 901 , a receiving module 902 and a processing module 903 .
  • the sending module 901 is configured to send a key request message to the sub-device, the key request message includes a user ID corresponding to the application device, a first public key, and a first message authentication code value, and the user ID is used for the quantum device to obtain the corresponding Storage information, the storage information includes the shared key corresponding to the quantum device and the user ID, the first public key is used by the quantum device to encrypt the quantum key information assigned to the application device, the quantum key information includes the quantum key, the first public key is the public key in the key pair obtained by the quantum key generation algorithm after the application device runs, and the first message authentication code value is calculated by the application device based on the shared key pair first authentication information, the first authentication information includes the first public key .
  • the receiving module 902 is configured to receive a key response message corresponding to the key request message from the quantum device, where the key response message includes the first ciphertext and the second message authentication code value.
  • the processing module 903 is configured to verify the second message authentication code value based on the shared key and second authentication information, where the second authentication information includes the first ciphertext.
  • the processing module 903 is further configured to use the first private key to decrypt the first ciphertext to obtain quantum key information if the application device passes the verification of the second message authentication code value, and the first private key is the private key in the key pair .
  • the sending module 901 uses step 201 in the method 200 to send the key request message to the sub-device.
  • the receiving module 902 adopts step 206 in the method 200 to receive the key response message from the quantum device.
  • the processing module 903 uses steps 207 and 208 in the method 200 to process the key response message from the quantum device. The embodiment of the present application will not be described repeatedly here.
  • the user identifier corresponding to the application device is a device identifier of the application device, or the user identifier corresponding to the application device is a user account for logging in to the application device.
  • the key request message further includes a first statistical value.
  • the processing module 903 is further configured to acquire the historical sending times of the key request message including the user identifier before sending the key request message to the sub-device. Add the set incremental value to the historical sending times to obtain the first statistical value.
  • the processing module 903 for the detailed working process of the processing module 903 , reference may be made to related descriptions in the method 200 .
  • the key response message further includes a second statistical value.
  • the second statistical value is the number of sending times of the key request message including the user identification recorded by the quantum device.
  • the processing module 903 is further configured to stop the quantum key transmission process if the second statistical value is not equal to the first statistical value after receiving the key response message.
  • the first authentication information further includes one or more of a device identifier, a user identifier, or a first statistical value of the quantum device.
  • the processing module 903 is further configured to use a key derivation function to generate a derived key based on the target password before the sending module 901 sends the key request message to the sub-device, and the shared key is obtained based on the derived key.
  • a key derivation function to generate a derived key based on the target password before the sending module 901 sends the key request message to the sub-device, and the shared key is obtained based on the derived key.
  • the processing module 903 is further configured to, before the sending module 901 sends the key request message to the sub-device, in response to obtaining the input quantum key acquisition instruction, run the post-quantum key generation algorithm to generate a key pair,
  • the quantum key acquisition instruction includes the target password.
  • a first message authentication code value is obtained by calculating the first authentication information based on the shared key.
  • the sending module 901 is further configured to send a registration request message to the sub-device before sending the key request message to the sub-device.
  • the receiving module 902 is further configured to receive a registration response message corresponding to the registration request message from the quantum device, the registration response message includes the certificate of the quantum device, and the certificate includes the second public key.
  • the processing module 903 is further configured to encrypt the registration information with the second public key to obtain a second ciphertext if the application device passes the verification of the certificate, and the registration information includes the derived key and the user ID.
  • the sending module 901 is further configured to send a registration message to the sub-device, where the registration message includes the second ciphertext.
  • step 301 and step 306 in the method 300 For the detailed working process of the receiving module 902 , reference may be made to the related description of step 302 in the method 300 .
  • step 305 in the method 300 For the detailed working process of the processing module 903 , reference may be made to the related description of step 305 in the method 300 .
  • the registration request message indicates the cryptographic algorithm supported by the application device
  • the registration response message also indicates the target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device, and the target cryptographic algorithm includes the generation of the first message authentication code value One or more of the algorithm, the generation algorithm of the second message authentication code value or the generation algorithm of the shared key.
  • the registration response message further includes key derivation function parameter values, and the key derivation function parameter values include random salt values and/or iteration times.
  • the processing module 903 is further configured to obtain the user ID and the target password after the receiving module 902 receives the registration response message, and use the key derivation function to generate a derived key based on the target password and key derivation function parameter values.
  • step 303 and step 304 in the method 300 for the detailed working process of the processing module 903 , reference may be made to the related descriptions of step 303 and step 304 in the method 300 .
  • the registration message also includes the device identifier of the application device.
  • the registration information also includes a hash of the device identity of the application device.
  • the registration information further includes a first random number generated by the application device.
  • the receiving module 902 is further configured to receive a successful registration response message from the quantum device, the successful registration response message is used to indicate that the user ID has been successfully registered, and the successful registration response message includes a second random number.
  • the processing module 903 is further configured to determine that the registration of the user ID is successful if the second random number is the same as the first random number.
  • the processing module 903 is configured to calculate a third message authentication code value for the second authentication information based on the shared key. If the third message authentication code value is the same as the second message authentication code value, it is determined that the verification of the second message authentication code value is passed.
  • the processing module 903 for the detailed working process of the processing module 903 , reference may be made to the related description of step 207 in the method 200 .
  • the application device communicates with the quantum device through a classical network.
  • Fig. 10 is a schematic structural diagram of a quantum device provided by an embodiment of the present application.
  • the quantum device with the structure shown in FIG. 10 realizes the functions of the quantum device in the solutions described in the above embodiments.
  • the quantum device shown in FIG. 10 is the quantum device in the application scenario shown in FIG. 1 or 6, the quantum device shown in FIG. 5 or the quantum device shown in FIG. Demonstrate the functionality of the quantum devices described in the examples.
  • a quantum device 1000 includes a receiving module 1001 , a processing module 1002 and a sending module 1003 .
  • the receiving module 1001 is configured to receive a key request message from an application device, where the key request message includes a user ID corresponding to the application device, a first public key, and a first message authentication code value.
  • the processing module 1002 is configured to acquire first authentication information and storage information corresponding to the user ID based on the key request message, the storage information includes a shared key corresponding to the quantum device and the user ID, and the first authentication information includes a first public key.
  • the processing module 1002 is further configured to verify the value of the first message authentication code based on the shared key and the first authentication information.
  • the processing module 1002 is further configured to, if the quantum device passes the verification of the first message authentication code value, use the first public key to encrypt the quantum key information to obtain a first ciphertext, where the quantum key information includes the quantum key.
  • the processing module 1002 is further configured to calculate a second message authentication code value for the second authentication information based on the shared key, where the second authentication information includes the first ciphertext.
  • the sending module 1003 is configured to send a key response message corresponding to the key request message to the application device, where the key response message includes the first ciphertext and the second message authentication code value.
  • the receiving module 1001 adopts step 201 in the method 200 to receive the key request message from the application device.
  • the processing module 1002 uses steps 202 to 205 in the method 200 to process the key request message from the application device.
  • the sending module 1003 uses step 206 in the method 200 to send the key response message to the application device.
  • the user identifier corresponding to the application device is a device identifier of the application device, or the user identifier corresponding to the application device is a user account for logging in to the application device.
  • the key request message also includes a first statistical value, the first statistical value is the number of times the application device records the key request message including the user identification, and the stored information includes a second statistical value, the second statistical value The number of times the key request message including the user ID is sent for the quantum device.
  • the processing module 1002 is further configured to stop the quantum key transmission process if the second statistical value is greater than or equal to the first statistical value after the stored information corresponding to the user identifier is acquired. If the second statistical value is smaller than the first statistical value, update the second statistical value so that the updated second statistical value is equal to the first statistical value.
  • the processing module 1002 for the detailed working process of the processing module 1002, reference may be made to related descriptions in the method 200.
  • the key response message further includes the updated second statistical value.
  • the second authentication information further includes one or more of a device identifier of the quantum device, a user identifier, or an updated second statistical value.
  • the receiving module 1001 is also configured to receive a registration request message from the application device.
  • the sending module 1003 is also configured to send a registration response message to the application device, the registration response message includes the certificate of the quantum device, the certificate includes a second public key, and the second public key is the encrypted key obtained by the quantum key generation algorithm after the quantum device runs. The public key in the key pair.
  • the processing module 1002 is further configured to, if the receiving module 1001 receives a registration message including the second ciphertext from the application device, use the second private key to decrypt the second ciphertext to obtain registration information, and the registration information includes a derived key and the user ID corresponding to the application device, the second private key is a private key in the key pair, and stores storage information corresponding to the user ID, and the storage information includes a shared key obtained based on a derived key and the user ID.
  • the receiving module 1001 reference may be made to the related descriptions of step 301 and step 306 in the method 300 .
  • the processing module 1002 reference may be made to the relevant descriptions of steps 307 and 308 in the method 300 .
  • the detailed working process of the sending module 1003 reference may be made to the related description of step 302 in the method 300.
  • the registration request message indicates the cryptographic algorithm supported by the application device
  • the registration response message also indicates the target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device, and the target cryptographic algorithm includes the generation of the first message authentication code value One or more of the algorithm, the generation algorithm of the second message authentication code value or the generation algorithm of the shared key.
  • the registration response message further includes a first key derivation function parameter value
  • the first key derivation function parameter value includes a random salt value and/or the number of iterations
  • the registration information further includes a second key derivation function parameter value.
  • the processing module 1002 is further configured to compare the first key derivation function parameter value with the second key derivation function parameter value after obtaining the registration information, if the first key derivation function parameter value and the second key derivation function parameter value The values are the same, and the storage information corresponding to the user ID is stored.
  • the processing module 1002 reference may be made to the related description of step 308 in the method 300 .
  • the registration message further includes the device identifier of the application device
  • the registration information further includes a first hash value of the device identifier of the application device.
  • the processing module 1002 is further configured to calculate a second hash value of the device identifier of the application device after obtaining the registration information, compare the first hash value with the second hash value, and if the first hash value is consistent with the second hash value
  • the hash values are the same, and the storage information corresponding to the user ID is stored.
  • the registration information also includes a random number generated by the application device.
  • the sending module 1003 is also configured to send a registration success response message to the application device after the processing module 1002 stores the storage information corresponding to the user ID.
  • the registration success response message is used to indicate that the user ID has been registered successfully, and the registration success response message includes random number.
  • the sending module 1003 reference may be made to the related description of step 309 in the method 300 .
  • the processing module 1002 is configured to calculate a fourth message authentication code value for the first authentication information based on the shared key. If the fourth message authentication code value is the same as the first message authentication code value, it is determined that the verification of the first message authentication code value is passed.
  • the processing module 1002 for the detailed working process of the processing module 1002 , reference may be made to the related description of step 203 in the method 200 .
  • the application device communicates with the quantum device through a classical network.
  • the embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores instructions, and when the instructions are executed by the processor of the application device, the application device in the above method 200 or method 300 is implemented. steps to execute. Alternatively, when the instructions are executed by the processor of the quantum device, the steps performed by the quantum device in the above method 200 or method 300 are implemented.
  • the embodiment of the present application also provides a computer program product, including a computer program, and when the computer program is executed by a processor of the application device, the steps performed by the application device in the above-mentioned method 200 or method 300 are implemented. Alternatively, when the computer program is executed by the processor of the quantum device, the steps performed by the quantum device in the above-mentioned method 200 or method 300 are realized.
  • the program can be stored in a computer-readable storage medium.
  • the above-mentioned The storage medium mentioned may be a read-only memory, a magnetic disk or an optical disk, and the like.
  • the information including but not limited to user equipment information, user personal information, etc.
  • data including but not limited to data used for analysis, stored data, displayed data, etc.
  • signals involved in this application All are authorized by the user or fully authorized by all parties, and the collection, use and processing of relevant data need to comply with the relevant laws, regulations and standards of the relevant countries and regions.
  • the quantum key information, registration information, etc. involved in this application are all obtained under the condition of full authorization.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本申请公开了一种量子密钥传输方法、装置及系统,属于网络技术领域。应用设备向量子设备发送密钥请求报文,该密钥请求报文包括应用设备对应的用户标识、第一公钥和第一消息认证码值。如果量子设备对第一消息认证码值验证通过,量子设备向应用设备发送密钥响应报文,该密钥响应报文包括第一密文和第二消息认证码值。如果应用设备对第二消息认证码值验证通过,应用设备采用第一私钥对第一密文解密得到量子设备分配给该应用设备的量子密钥信息。第一公钥和第一私钥来自应用设备运行后量子密钥生成算法得到的密钥对。本申请实现了应用设备与量子设备之间的双向身份认证以及消息完整性验证,同时也保证了量子密钥的传输机密性。

Description

量子密钥传输方法、装置及系统
本申请要求于2022年02月14日提交的申请号为202210132323.0、发明名称为“一种密钥的传输方法、系统及相关装置”以及于2022年02月28日提交的申请号为202210187877.0、发明名称为“量子密钥传输方法、装置及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及网络技术领域,特别涉及一种量子密钥传输方法、装置及系统。
背景技术
随着量子计算机的发展,量子攻击对当前广泛使用的密码体制造成了巨大的威胁。量子攻击是运行在量子计算机上的攻击算法,能够破解例如RSA(rivest-shamir-adleman)算法和椭圆曲线密码学(elliptic curves cryptography,ECC)算法等当前广泛使用的公钥密码算法。量子计算机预计在未来数十年时间内可实现。如果窃听者将使用当前加密算法加密后通过网络传输的数据保存下来,等到量子计算机实现后再通过量子攻击破解所保存的数据使用的加密算法,就可以得到解密后的明文数据。这对于需要长期保存的机密信息来说是一种巨大的威胁。因此设计能够抵抗量子攻击的密码技术成了刻不容缓的事情。
量子密钥分发(quantum key distribution,QKD)是一种安全的密钥分发技术,能够在两个相距遥远的通信端之间实现密钥的安全传输。量子密钥分发的安全性由量子力学的基本原理保证。因此在量子网络中,量子密钥的传输理论上是无条件安全的。
但是,对于使用量子密钥的应用设备和分发量子密钥的量子设备部署在不同安全域的情形,量子设备需要通过经典网络才能将量子密钥传输给应用设备。因此如何保障量子密钥在经典网络中传输的安全性和可靠性是目前亟需解决的问题。
发明内容
本申请提供了一种量子密钥传输方法、装置及系统,能够实现量子密钥在经典网络中的安全传输。
第一方面,提供了一种量子密钥传输方法。应用设备向量子设备发送密钥请求报文。密钥请求报文包括应用设备对应的用户标识、第一公钥以及第一消息认证码值。该用户标识用于量子设备获取对应的存储信息。该存储信息包括量子设备与用户标识对应的共享密钥。第一公钥用于量子设备对分配给应用设备的量子密钥信息加密。该量子密钥信息包括量子密钥。第一公钥为应用设备运行后量子密钥生成算法得到的密钥对中的公钥。第一消息认证码值由应用设备基于共享密钥对第一认证信息计算得到。第一认证信息包括第一公钥。应用设备接收来自量子设备的密钥请求报文对应的密钥响应报文。该密钥响应报文包括第一密文以及第二消息认证码值。应用设备基于共享密钥以及第二认证信息对第二消息认证码值进行验证。第二认证信息包括第一密文。如果应用设备对第二消息认证码值验证通过,应用设备采用第 一私钥对第一密文解密以得到量子密钥信息。第一私钥为密钥对中的私钥。
其中,用户标识用于指示服务对象。该服务对象为应用设备或登录应用设备的用户账号。如果应用设备接收到的密钥响应报文确认来自量子设备并且未经篡改,则第一密文由量子设备采用第一公钥对量子密钥信息加密得到。第二消息认证码由量子设备基于共享密钥对第二认证信息计算得到。第二认证信息包括第一密文。
由于量子设备用于加密量子密钥信息的第一公钥是应用设备运行后量子密钥生成算法得到的,因此量子设备会采用后量子加密算法对量子密钥加密后以密文的形式向应用设备传输量子密钥,保证了量子密钥的传输机密性。另外,由于传输的密文采用后量子加密算法加密得到,因此能够抵抗量子攻击,避免密文被量子计算机破解而造成量子密钥的泄露。第一消息认证码值能够用于量子设备对应用设备进行身份认证(即验证密钥请求报文的来源可靠性),还能够用于量子设备对密钥请求报文进行消息完整性验证。第二消息认证码值能够用于应用设备对量子设备进行身份认证(即验证密钥响应报文的来源可靠性),还能够用于应用设备对密钥响应报文进行消息完整性验证。因此本申请中,应用设备与量子设备之间能够进行双向身份认证,还能分别对各自接收到的报文进行消息完整性验证,同时也保证了量子密钥的传输机密性。进而实现了量子密钥在经典网络中传输的安全性和可靠性。另外,应用设备向量子设备请求获取量子密钥这个过程只需要一轮报文交互就能完成量子密钥的传输以及双方身份认证,交互过程简单。
可选地,应用设备对应的用户标识为该应用设备的设备标识,这种情况下,上述量子设备与用户标识对应的共享密钥为量子设备与该应用设备之间的共享密钥。或者,应用设备对应的用户标识为登录应用设备的用户账号,这种情况下,上述量子设备与用户标识对应的共享密钥为量子设备与该用户账号之间的共享密钥。
可选地,密钥请求报文还包括第一统计值。在应用设备向量子设备发送密钥请求报文之前,应用设备获取包括用户标识的密钥请求报文的历史发送次数。应用设备在历史发送次数上增加设定递增值,得到第一统计值。
本申请中,通过在应用设备发送的密钥请求报文中携带第一统计值,辅助量子设备侧实现重放攻击检测。
可选地,密钥响应报文还包括第二统计值。第二统计值为量子设备记录的包括用户标识的密钥请求报文的发送次数。在应用设备接收到密钥请求报文对应的密钥响应报文之后,如果第二统计值与第一统计值不相等,应用设备停止量子密钥传输流程。
由于量子设备在基于接收到的密钥请求报文更新存储的统计值之后,记录的密钥请求报文的发送次数理应等于应用设备记录的密钥请求报文的发送次数。如果密钥响应报文中携带的统计值不等于应用设备记录的统计值,那么说明该密钥响应报文有可能是攻击者重复发送的,也即是该密钥响应报文有可能是重放攻击报文,这样实现了应用设备侧的重放攻击检测。可选地,如果密钥响应报文中携带的统计值与应用设备记录的统计值不相等,应用设备还输出告警提示,该告警提示用于指示本次密钥请求异常,有助于相关人员对异常情况进行及时处理。
可选地,第一认证信息还包括量子设备的设备标识、用户标识或第一统计值中的一个或多个。认证信息包含的内容越多,理论上认证的可靠性就越高。
可选地,在应用设备向量子设备发送密钥请求报文之前,应用设备采用密钥派生函数基 于目标口令生成派生密钥,共享密钥基于派生密钥得到。
本申请中,使用派生密钥代替目标口令得到共享密钥,这样应用设备与量子设备在同步共享密钥时,应用设备只需向量子设备发送基于目标口令得到的派生密钥。即使派生密钥在传输过程中或存储在量子设备中时被窃取,窃取者也无法还原出服务对象所使用的目标口令,进而能够避免窃取者仿冒服务对象向量子设备请求量子密钥。
可选地,在应用设备向量子设备发送密钥请求报文之前,响应于获取到输入的量子密钥获取指令,应用设备运行后量子密钥生成算法生成密钥对,量子密钥获取指令包括目标口令。应用设备基于共享密钥对第一认证信息计算得到第一消息认证码值。
本申请中,每当应用设备获取到量子密钥获取指令,都会运行后量子密钥生成算法生成临时密钥对,使得应用设备每次请求量子密钥时,量子设备都采用应用设备临时生成的公钥加密保护量子密钥信息,而非使用量子设备的私钥加密保护量子密钥信息。这样即使量子设备自身长期使用的私钥泄露,也不会造成量子设备与应用设备在之前通信过程中传递的量子密钥信息的泄露。保障了应用设备历史获取的量子密钥的安全性,从而保障了应用设备的历史通信安全性。
可选地,在应用设备向量子设备发送密钥请求报文之前,应用设备向量子设备发送注册请求报文。应用设备接收来自量子设备的注册请求报文对应的注册响应报文。该注册响应报文包括量子设备的证书,该证书包括第二公钥。如果应用设备对证书验证通过,应用设备采用第二公钥对注册信息加密得到第二密文,该注册信息包括派生密钥以及用户标识。应用设备向量子设备发送注册登记报文。该注册登记报文包括第二密文。
本申请中,在注册阶段,量子设备的身份认证依赖于证书,应用设备的身份认证依赖于基于口令得到的派生密钥,应用设备与量子设备实现了互相身份认证。另外,注册信息是加密传输的,保证了注册信息的传输机密性。
可选地,注册请求报文指示应用设备支持的密码算法。注册响应报文还指示量子设备从应用设备支持的密码算法中选择的目标密码算法。目标密码算法包括第一消息认证码值的生成算法、第二消息认证码值的生成算法或共享密钥的生成算法中的一个或多个。
可选地,注册响应报文还包括密钥派生函数参数值。密钥派生函数参数值包括随机盐值和/或迭代次数。应用设备接收到注册请求报文对应的注册响应报文之后,应用设备获取用户标识以及目标口令。应用设备采用密钥派生函数基于目标口令以及该密钥派生函数参数值生成派生密钥。
可选地,注册登记报文还包括应用设备的设备标识。注册信息还包括应用设备的设备标识的哈希值。
本申请中,通过在应用设备发送的注册登记报文中携带应用设备的设备标识,并且使注册信息包括应用设备的设备标识的哈希值,辅助量子设备侧实现对应用设备向量子设备发送的报文的消息完整性验证。
可选地,注册信息还包括应用设备生成的第一随机数。应用设备接收来自量子设备的注册成功响应报文。该注册成功响应报文用于指示用户标识已注册成功。注册成功响应报文包括第二随机数。如果第二随机数与第一随机数相同,应用设备确定用户标识注册成功。
如果量子设备与应用设备之间传输的报文未经篡改,那么第一随机数与第二随机数理应相同。这样能够实现应用设备对来自量子设备的报文的消息完整性验证。
可选地,应用设备基于共享密钥以及第二认证信息对第二消息认证码值进行验证的实现方式,包括:应用设备基于共享密钥对第二认证信息计算得到第三消息认证码值。如果第三消息认证码值与第二消息认证码值相同,应用设备确定对第二消息认证码值验证通过。
可选地,上述应用设备与量子设备通过经典网络通信。
第二方面,提供了一种量子密钥传输方法。量子设备接收来自应用设备的密钥请求报文。该密钥请求报文包括应用设备对应的用户标识、第一公钥以及第一消息认证码值。量子设备基于密钥请求报文获取第一认证信息以及用户标识对应的存储信息。该存储信息包括量子设备与用户标识对应的共享密钥。第一认证信息包括第一公钥。量子设备基于共享密钥以及第一认证信息对第一消息认证码值进行验证。如果量子设备对第一消息认证码值验证通过,量子设备采用第一公钥对量子密钥信息加密得到第一密文。量子密钥信息包括量子密钥。量子设备基于共享密钥对第二认证信息计算得到第二消息认证码值。第二认证信息包括第一密文。量子设备向应用设备发送密钥请求报文对应的密钥响应报文,密钥响应报文包括第一密文以及第二消息认证码值。
其中,用户标识用于指示服务对象。该服务对象为应用设备或登录应用设备的用户账号。如果量子设备接收到的密钥请求报文确认来自应用设备并且未经篡改,则第一公钥为应用设备运行后量子密钥生成算法得到的密钥对中的公钥。第一消息认证码由应用设备基于共享密钥对第一认证信息计算得到。
可选地,应用设备对应的用户标识为应用设备的设备标识。或者,应用设备对应的用户标识为登录应用设备的用户账号。
可选地,密钥请求报文还包括第一统计值。第一统计值为应用设备记录的包括用户标识的密钥请求报文的发送次数。用户标识对应的存储信息包括第二统计值。第二统计值为量子设备记录的包括用户标识的密钥请求报文的发送次数。在量子设备获取用户标识对应的存储信息之后,如果第二统计值大于或等于第一统计值,量子设备停止量子密钥传输流程。如果第二统计值小于第一统计值,量子设备更新第二统计值,使更新后的第二统计值等于第一统计值。
由于量子设备在基于接收到的密钥请求报文更新存储的统计值之前,记录的密钥请求报文的发送次数理应小于应用设备记录的密钥请求报文的发送次数。如果密钥请求报文中携带的第一统计值小于或等于量子设备存储的第二统计值,那么说明该密钥请求报文有可能是攻击者重复发送的,也即是该密钥请求报文有可能是重放攻击报文,这样实现了量子设备侧的重放攻击检测。可选地,如果第二统计值大于或等于第一统计值,量子设备还输出告警提示,该告警提示用于指示本次密钥请求异常,有助于相关人员对异常情况进行及时处理。
可选地,密钥响应报文还包括更新后的第二统计值。
本申请中,通过在量子设备发送的密钥响应报文中携带更新后的第二统计值,辅助应用设备侧实现重放攻击检测。
可选地,第二认证信息还包括量子设备的设备标识、用户标识或更新后的第二统计值中的一个或多个。
可选地,量子设备接收来自应用设备的注册请求报文。量子设备向应用设备发送注册响应报文。该注册响应报文包括量子设备的证书。该证书包括第二公钥。第二公钥为量子设备 运行后量子密钥生成算法得到的密钥对中的公钥。如果量子设备接收到来自应用设备的包括第二密文的注册登记报文,量子设备采用第二私钥对第二密文解密以得到注册信息。该注册信息包括派生密钥以及应用设备对应的用户标识。第二私钥为密钥对中的私钥。量子设备存储用户标识对应的存储信息。该存储信息包括基于派生密钥得到的共享密钥以及用户标识。
本申请中,由于应用设备用于加密注册信息的第二公钥是量子设备运行后量子密钥生成算法得到的,因此应用设备会采用后量子加密算法对注册信息加密后以密文的形式向量子设备传输注册信息,保证了注册信息的传输机密性。另外,由于第二密文采用后量子加密算法加密得到,因此能够抵抗量子攻击,避免第二密文被量子计算机破解而造成注册信息的泄露。
可选地,注册请求报文指示应用设备支持的密码算法。注册响应报文还指示量子设备从应用设备支持的密码算法中选择的目标密码算法。目标密码算法包括第一消息认证码值的生成算法、第二消息认证码值的生成算法或共享密钥的生成算法中的一个或多个。
可选地,注册响应报文还包括第一密钥派生函数参数值。第一密钥派生函数参数值包括随机盐值和/或迭代次数。注册信息还包括第二密钥派生函数参数值。在量子设备采用第二私钥对第二密文解密以得到注册信息之后,量子设备比对第一密钥派生函数参数值与第二密钥派生函数参数值。如果第一密钥派生函数参数值与第二密钥派生函数参数值相同,量子设备存储用户标识对应的存储信息。
由于应用设备在注册登记报文中携带的第二密钥派生函数参数值来自该应用设备接收到的注册响应报文中的第一密钥派生函数参数值,因此第一密钥派生函数参数值与第二密钥派生函数参数值理应相同。如果量子设备接收到注册登记报文之后,发现来自应用设备的注册登记报文中携带的第二密钥派生函数参数值与量子设备发出的注册响应报文中携带的第一密钥派生函数参数值不同,那么说明注册登记报文和/或注册响应报文在传输过程中被篡改过。本申请通过量子设备比对第一密钥派生函数参数值与第二密钥派生函数参数值,能够实现对量子设备与应用设备之间的双向传输报文的消息完整性验证。
可选地,注册登记报文还包括应用设备的设备标识。注册信息还包括应用设备的设备标识的第一哈希值。在量子设备采用第二私钥对第二密文解密以得到注册信息之后,量子设备计算应用设备的设备标识的第二哈希值。量子设备比对第一哈希值与第二哈希值。如果第一哈希值与第二哈希值相同,量子设备存储用户标识对应的存储信息。
如果量子设备接收到的注册登记报文中携带的第一哈希值与量子设备计算得到的第二哈希值不同,那么说明注册登记报文在传输过程中被篡改过。本申请通过量子设备比对第一哈希值和第二哈希值,能够实现对应用设备向量子设备发送的报文的消息完整性验证。
可选地,注册信息还包括应用设备生成的随机数。在量子设备存储用户标识对应的存储信息之后,量子设备向应用设备发送注册成功响应报文。该注册成功响应报文用于指示用户标识已注册成功。该注册成功响应报文包括该随机数。
本申请中,通过在量子设备发送的注册成功响应报文中携带注册信息中的随机数,辅助应用设备实现对来自量子设备的报文的消息完整性验证。
可选地,量子设备基于共享密钥以及第一认证信息对第一消息认证码值进行验证的实现方式,包括:量子设备基于共享密钥对第一认证信息计算得到第四消息认证码值。如果第四消息认证码值与第一消息认证码值相同,量子设备确定对第一消息认证码值验证通过。
可选地,应用设备与量子设备通过经典网络通信。
第三方面,提供了一种应用设备。所述应用设备包括多个功能模块,所述多个功能模块相互作用,实现上述第一方面及其各实施方式中的方法。所述多个功能模块可以基于软件、硬件或软件和硬件的结合实现,且所述多个功能模块可以基于具体实现进行任意组合或分割。
第四方面,提供了一种量子设备。所述量子设备包括多个功能模块,所述多个功能模块相互作用,实现上述第二方面及其各实施方式中的方法。所述多个功能模块可以基于软件、硬件或软件和硬件的结合实现,且所述多个功能模块可以基于具体实现进行任意组合或分割。
第五方面,提供了一种应用设备,包括:存储器、网络接口和至少一个处理器。所述存储器用于存储程序指令,所述至少一个处理器读取所述存储器中保存的程序指令后,使得所述应用设备执行上述第一方面及其各实施方式中的方法。
第六方面,提供了一种量子设备,包括:存储器、网络接口和至少一个处理器。所述存储器用于存储程序指令,所述至少一个处理器读取所述存储器中保存的程序指令后,使得所述应用设备执行上述第二方面及其各实施方式中的方法。
第七方面,提供了一种量子密钥传输系统,包括:应用设备和量子设备。应用设备用于执行上述第一方面及其各实施方式中的方法。量子设备用于执行上述第二方面及其各实施方式中的方法。
第八方面,提供了一种量子密钥传输系统,包括:第一应用设备和第一量子设备。第一应用设备用于向第一量子设备发送密钥请求报文,密钥请求报文包括第一应用设备对应的用户标识、第一公钥以及第一消息认证码值,第一公钥为第一应用设备运行后量子密钥生成算法得到的密钥对中的公钥,第一消息认证码值由第一应用设备基于量子设备与用户标识对应的共享密钥对第一认证信息计算得到,第一认证信息包括第一公钥。第一量子设备用于基于密钥请求报文获取第一认证信息以及用户标识对应的存储信息,存储信息包括共享密钥。第一量子设备用于基于共享密钥以及第一认证信息对第一消息认证码值进行验证。如果第一量子设备对第一消息认证码值验证通过,第一量子设备用于采用第一公钥对量子密钥信息加密得到第一密文,量子密钥信息包括量子密钥。第一量子设备用于基于共享密钥对第二认证信息计算得到第二消息认证码值,第二认证信息包括第一密文。第一量子设备用于向第一应用设备发送密钥请求报文对应的密钥响应报文,密钥响应报文包括第一密文以及第二消息认证码值。第一应用设备用于基于密钥响应报文获取第二认证信息。第一应用设备用于基于共享密钥以及第二认证信息对第二消息认证码值进行验证。如果第一应用设备对第二消息认证码值验证通过,第一应用设备用于采用第一私钥对第一密文解密以得到量子密钥信息,第一私钥为密钥对中的私钥。
可选地,量子密钥信息还包括量子密钥的密钥标识。该系统还包括第二应用设备和第二量子设备。第一量子设备还用于向第二量子设备发送量子密钥信息。第一应用设备还用于向第二应用设备发送密钥标识。第二应用设备用于向第二量子设备发送密钥获取请求,密钥获 取请求包括密钥标识。第二量子设备用于基于密钥标识向第二应用设备发送量子密钥。第一应用设备与第二应用设备用于基于量子密钥进行通信。
可选地,第一量子设备与第二量子设备通过量子网络通信。第一量子设备与第一应用设备通过经典网络通信。第二量子设备与第二应用设备通过经典网络通信。第一应用设备与第二应用设备通过经典网络通信。
第九方面,提供了一种计算机可读存储介质,所述计算机可读存储介质上存储有指令,当所述指令被应用设备的处理器执行时,实现上述第一方面及其各实施方式中的方法;或者,当所述指令被量子设备的处理器执行时,实现上述第二方面及其各实施方式中的方法。
第十方面,提供了一种计算机程序产品,包括计算机程序,所述计算机程序被应用设备的处理器执行时,实现上述第一方面及其各实施方式中的方法;或者,所述计算机程序被量子设备的处理器执行时,实现上述第二方面及其各实施方式中的方法。
第十一方面,提供了一种芯片,芯片包括可编程逻辑电路和/或程序指令,当芯片运行时,实现上述第一方面及其各实施方式中的方法或上述第二方面及其各实施方式中的方法。
附图说明
图1是本申请实施例提供的一种应用场景示意图;
图2是本申请实施例提供的一种量子密钥传输方法的实现流程示意图;
图3是本申请实施例提供的另一种量子密钥传输方法的实现流程示意图;
图4是本申请实施例提供的一种应用设备中的密钥管理器的结构示意图;
图5是本申请实施例提供的一种量子设备中的密钥管理器的结构示意图;
图6是本申请实施例提供的一种量子密钥传输系统的结构示意图;
图7是本申请实施例提供的一种应用设备的硬件结构示意图;
图8是本申请实施例提供的一种量子设备的硬件结构示意图;
图9是本申请实施例提供的一种应用设备的结构示意图;
图10是本申请实施例提供的一种量子设备的结构示意图。
具体实施方式
为使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请实施方式作进一步地详细描述。
为了便于读者对本申请方案的理解,以下首先对一些名词进行解释。
1、经典计算机:是采用二进制(0或1)存储和处理数据的物理装置。本申请涉及的应用设备属于经典计算机。
2、量子计算机:是遵循量子力学规律,基于量子计算原理进行信息处理的物理装置。量子计算机采用量子比特存储和处理数据。量子比特相比于二进制有更多状态。量子计算机具备经典计算机的能力。量子计算机能够更高效地求解某些经典计算机难以求解的问题。本申请涉及的量子设备属于量子计算机。
3、经典网络:是由经典计算机构成的通信网络。
4、量子网络:是新型的安全通信网络,其利用量子纠缠和量子隐形传态给网络带来真正意义上的安全,以及计算和科学领域质的飞跃。通信节点间通过量子网络通信,可理解为,通信节点间利用量子密钥分发技术实现通信节点间的量子密钥的共享,并基于量子密钥进行通信。在量子密钥分发过程中,量子密钥是以量子态的形式传输的。由于量子通信线路无法通过挂接旁路窃听或拦截窃听,只要被窃听就会让量子态发生变化从而改变通信内容,防止原文被侦知,因此能够实现量子密钥的安全传输。量子计算机之间能够通过量子网络通信。
5、量子攻击:是运行在量子计算机上的攻击算法,例如包括Shor算法(秀尔算法)、Grover算法等能够高效地破解某些密码的算法。
6、量子密钥分发(QKD):是利用量子力学的海森堡不确定性原理和量子态不可克隆定理实现的一种安全的密钥分发技术。在量子密钥分发过程中,由一台量子设备生成量子密钥,并通过量子网络传输给另一台量子设备,这样两台量子设备之间就形成了共享的量子密钥。
7、非对称密码算法:指发送方与接收方采用不同的密钥进行加解密的算法,也称为公钥密码算法。在非对称密码技术中,有一对密钥,分别为私钥和公钥。私钥由密钥对所有者秘密保存,不可公布。公钥由密钥对持有者公布给他人。用公钥加密的数据只能使用对应的私钥解密。用私钥签名的数据也只能使用对应的公钥验签。目前常用的非对称密码算法包括RSA算法和ECC算法等。
8、后量子密码(post quantum cryptography,PQC)体制:是一种包含密钥生成算法、加密算法和解密算法的公钥密码体制。后量子密码体制所包含的算法统称为后量子密码算法。后量子密码算法是能够运行在经典计算机上的非对称密码算法。后量子密码算法具有抗量子性,也即能够抗量子攻击,无法被量子计算机破解。后量子密码算法的抗量子性不依赖于量子力学,而是基于目前无法被量子计算机破解的数学难题实现。后量子密码算法包括基于格、基于编码、基于同源或基于多变量等细分种类实现的算法。
9、数字签名(简称签名):是一种针对发送方数据的保护手段。发送方使用私钥对消息进行签名。没有私钥的任何第三方无法伪造签名。拥有发送方所持有的私钥对应的公钥的任何第三方都可以对签名进行验签,以确认消息的来源和完整性。
10、签名验证(简称验签):接收方接收到数据后,采用公钥对签名进行验签,输出一个布尔值,表明签名合法(验签通过)或不合法(验签不通过)。如果验签通过,则说明数据没有被篡改。如果验签不通过,则说明数据被篡改。签名验证能够用于验证数据的完整性(未经篡改)和数据来源的可靠性(不是虚假数据或伪造数据)。
11、数字证书(简称证书):是设备、用户或应用在数字世界的身份证。证书包含申请者信息以及证书管理机构(certificate authority,CA)对申请者信息的签名。申请者信息包括申请者所持有的密钥对中的公钥。可选地,申请者信息还包括申请者的身份信息。例如申请者为一台设备,申请者的身份信息为能够唯一标识该设备的设备标识。可选地,一台设备的设备标识包括但不限于设备序列号、设备的媒体访问控制(Media Access Control,MAC)地址或设备的互联网协议(Internet Protocol,IP)地址中的一种或多种。接收方接收到来自发送方的证书后,使用证书管理机构的“统一密钥对”中的公钥(也称为CA根证书)对证书验签,就能确认证书中的公钥是否来自发送方。
12、消息认证码(message authentication code,MAC):用于验证消息完整性(未经篡改) 和消息来源的可靠性(不是虚假数据或伪造数据)。消息认证码的鉴权原理是:发送方和接收方事先协商好共享密钥,发送方使用共享密钥生成任意长度的消息的MAC值,再向接收方传输该消息以及该MAC值。接收方使用共享密钥生成该消息的MAC值,并将自己生成的MAC值与从发送方接收到的MAC值进行比对。若MAC值一致,则接收方判定该消息的确来自发送方且未经篡改(验证通过)。反之,若MAC值不一致,则接收方可以判定该消息不是来自发送方或传输过程中被篡改过(验证不通过)。
量子密钥由量子设备生成和分发。对于应用设备和量子设备部署在不同安全域的情形,如果应用设备要使用量子密钥,则量子密钥需要从量子设备经过经典网络传输到应用设备上。这种情形下,为了使应用设备能够基于量子密钥安全地通信,首先需要解决量子密钥传输的“最后一公里”问题,即保障量子密钥在经典网络中传输的安全性和可靠性。而为了保障量子密钥在经典网络中传输的安全性和可靠性,需要解决以下三个问题。
第一,身份认证问题。量子密钥需要传递给正确的目标用户,目标用户需要确认量子密钥的正确来源。因此量子设备与应用设备需要能够互相进行身份认证,以在交互过程中抵抗仿冒攻击。仿冒攻击例如包括,恶意的应用设备冒充合法的应用设备与量子设备交互,进而窃取量子密钥。
第二,传输机密性问题。量子密钥需要以密文的形式在经典网络中传输。因此量子设备需要采用加密算法对量子密钥进行加密保护。并且选用的加密算法必须具有抗量子性,以避免加密算法被量子计算机破解,造成量子密钥的泄露。
第三,消息完整性问题。应用设备和量子设备都需要确保接收到的消息是未经篡改的。因此量子设备与应用设备都需要能够对接收到的报文内容进行消息完整性验证。
基于此,本申请提出了一种传输量子密钥的技术方案。应用设备和量子设备配合实施本技术方案。应用设备向量子设备发送密钥请求报文,该密钥请求报文包括应用设备对应的用户标识、第一公钥和第一消息认证码值。如果量子设备对第一消息认证码值验证通过,量子设备向应用设备发送密钥响应报文,该密钥响应报文包括第一密文和第二消息认证码值。如果应用设备对第二消息认证码值验证通过,应用设备采用第一私钥对第一密文解密得到量子设备分配给该应用设备的量子密钥信息。
其中,第一公钥和第一私钥来自应用设备运行后量子密钥生成算法得到的密钥对。第一密文由量子设备采用第一公钥对分配给应用设备的量子密钥信息加密得到。量子密钥信息包括量子密钥。由于量子设备用于加密量子密钥信息的第一公钥是应用设备运行后量子密钥生成算法得到的,因此量子设备会采用后量子加密算法对量子密钥加密后以密文的形式向应用设备传输量子密钥,保证了量子密钥的传输机密性。另外,由于传输的密文采用后量子加密算法加密得到,因此能够抵抗量子攻击,避免密文被量子计算机破解而造成量子密钥的泄露。
第一消息认证码值由应用设备基于量子设备与用户标识对应的共享密钥对第一认证信息计算得到,第一认证信息包括第一公钥。量子设备接收到来自应用设备的密钥请求报文之后,基于密钥请求报文获取第一认证信息以及密钥请求报文中的用户标识对应的存储信息,该存储信息包括量子设备与该用户标识对应的共享密钥。然后量子设备基于获取的共享密钥以及第一认证信息对第一消息认证码值进行验证。如果量子设备对第一消息认证码值验证通过, 则表示该密钥请求报文来自持有共享密钥的另一方,且第一认证信息中由密钥请求报文携带的内容(包括第一公钥)在传输过程中未被篡改。因此第一消息认证码值能够用于量子设备对应用设备进行身份认证(即验证密钥请求报文的来源可靠性),还能够用于量子设备对密钥请求报文进行消息完整性验证。
第二消息认证码值由量子设备基于量子设备与用户标识对应的共享密钥对第二认证信息计算得到,第二认证信息包括第一密文。应用设备接收到来自量子设备的密钥响应报文之后,基于密钥响应报文获取第二认证信息。然后应用设备基于量子设备与用户标识对应的共享密钥以及第二认证信息对第二消息认证码值进行验证。如果应用设备对第二消息认证码值验证通过,则表示该密钥响应报文来自持有共享密钥的另一方,且第二认证信息中由密钥响应报文携带的内容(包括第一密文)在传输过程中未被篡改。因此第二消息认证码值能够用于应用设备对量子设备进行身份认证(即验证密钥响应报文的来源可靠性),还能够用于应用设备对密钥响应报文进行消息完整性验证。
基于上述论述可知,通过实施本技术方案来传输量子密钥,应用设备与量子设备之间能够进行双向身份认证,还能分别对各自接收到的报文进行消息完整性验证,同时也保证了量子密钥的传输机密性。进而实现了量子密钥在经典网络中传输的安全性和可靠性。
本申请实施例提供的量子密钥传输方法具有两种实施场景。在一种实施场景中,以具体的应用设备为服务对象,量子设备用于为该应用设备分配量子密钥。这种实施场景下,上述应用设备对应的用户标识为应用设备的设备标识。量子设备与用户标识对应的共享密钥为量子设备与具体的应用设备之间的共享密钥,也即是,持有共享密钥的一方为量子设备,另一方为具体的应用设备。在另一种实施场景中,以用户账号为服务对象,量子设备用于为该用户账号所登录的应用设备分配量子密钥。这种实施场景下,上述应用设备对应的用户标识为登录该应用设备的用户账号。量子设备与用户标识对应的共享密钥为量子设备与用户账号之间的共享密钥,持有共享密钥的一方为量子设备,另一方为用户账号所登录的任意应用设备。
下面从应用场景、方法流程、功能模块、系统、硬件装置、软件装置等多个角度,对本技术方案进行详细介绍。
下面对本申请实施例的应用场景举例说明。
例如,图1是本申请实施例提供的一种应用场景示意图。如图1所示,该应用场景主要涉及到两类设备,分别是应用设备和量子设备。可选地,一台量子设备用于为一台或多台应用设备提供量子服务,即一台量子设备能够为一台或多台应用设备分配量子密钥。可选地,量子设备与应用设备之间通过经典网络通信。例如,量子设备与应用设备之间基于传输控制协议/互联网协议(Transmission Control Protocol/Internet Protocol,TCP/IP)进行通信。
可选地,应用设备包括但不限于路由器、交换机、或防火墙等网络设备。或者,应用设备为电脑、手机、或物联网(internet of things,IoT)终端等终端设备。又或者,应用设备为服务器或云平台等具有通信需求的其它设备。量子设备为能够生成或存储量子密钥的量子计算机。本申请实施例中的量子设备也可称为量子密钥分发设备。
下面对本申请实施例的方法流程举例说明。
例如,图2是本申请实施例提供的一种量子密钥传输方法200的实现流程示意图。如图 2所示,方法200包括步骤201至步骤208。可选地,方法200中的量子设备为图1中的量子设备。方法200中的应用设备为图1中的任一应用设备。
步骤201、应用设备向量子设备发送密钥请求报文,该密钥请求报文包括应用设备对应的用户标识、第一公钥以及第一消息认证码值。
密钥请求报文中的应用设备对应的用户标识用于指示量子设备的服务对象,以使量子设备能够获取该服务对象对应的存储信息,也即是,应用设备对应的用户标识用于量子设备获取对应的存储信息。该存储信息包括量子设备与用户标识对应的共享密钥。可选地,应用设备对应的用户标识为应用设备的设备标识,则量子设备与用户标识对应的共享密钥为量子设备与该应用设备之间的共享密钥。这种情况下,共享密钥是预先存储在应用设备中的,应用设备能够直接获取存储的共享密钥。或者,应用设备对应的用户标识为登录该应用设备的用户账号,则量子设备与用户标识对应的共享密钥为量子设备与该用户账号之间的共享密钥。这种情况下,共享密钥与用户账号绑定,用户账号在应用设备上登录之后,应用设备能够获取与该用户账号绑定的共享密钥。
密钥请求报文中的第一公钥用于量子设备对分配给发送该密钥请求报文的应用设备的量子密钥信息加密。量子密钥信息包括量子密钥。可选地,量子密钥信息还包括量子密钥的密钥标识。本申请实施例中,将第一公钥对应的私钥称为第一私钥。第一公钥和第一私钥分别为应用设备运行后量子密钥生成算法得到的密钥对中的公钥和私钥。
密钥请求报文中的第一消息认证码值由应用设备基于量子设备与用户标识对应的共享密钥对第一认证信息计算得到。第一认证信息包括第一公钥。可选地,第一认证信息还包括量子设备的设备标识和/或密钥请求报文中携带的用户标识。第一消息认证码值用于量子设备对应用设备进行身份认证以及对密钥请求报文进行消息完整性认证。
可选地,一台量子设备用于为一个或多个服务对象分配量子密钥。不同的服务对象使用不同的口令供量子设备进行身份认证。可选地,上述量子设备与用户标识对应的共享密钥基于目标口令得到,目标口令为该用户标识所指示的服务对象所使用的口令。
可选地,在执行步骤201之前,响应于获取到输入的量子密钥获取指令,应用设备运行后量子密钥生成算法生成密钥对。该量子密钥获取指令包括目标口令。然后应用设备基于共享密钥对包含第一公钥的第一认证信息计算得到第一消息认证码值。例如,当用户在应用设备上输入目标口令时,应用设备确定获取到量子密钥获取指令。可选地,当应用设备上的口令输入错误次数达到预设的次数阈值时,应用设备锁定口令输入界面。本申请实施例通过限制口令的错误输入次数来限制攻击者的试错次数,能够抵抗在线字典攻击。
可选地,第一消息认证码值为哈希消息认证码(hash message authentication code,HMAC)值。
本申请实施例中,每当应用设备获取到量子密钥获取指令,都会运行后量子密钥生成算法生成临时密钥对,使得应用设备每次请求量子密钥时,量子设备都采用应用设备临时生成的公钥加密保护量子密钥信息,而非使用量子设备的私钥加密保护量子密钥信息。这样即使量子设备自身长期使用的私钥泄露,也不会造成量子设备与应用设备在之前通信过程中传递的量子密钥信息的泄露。保障了应用设备历史获取的量子密钥的安全性,从而保障了应用设备的历史通信安全性。
或者,应用设备请求量子密钥时使用固定的密钥对,这样应用设备在获取到量子密钥获 取指令后无需生成密钥对,从而能够提高应用设备获取量子密钥的效率。例如,当服务对象为应用设备时,应用设备预先生成并存储密钥对,响应于获取到量子密钥获取指令,应用设备从存储的密钥对中直接获取公钥并计算得到消息认证码值。当服务对象为用户账号时,用户账号预先绑定密钥对,响应于获取到量子密钥获取指令,登录该用户账号的应用设备从该用户账号绑定的密钥对中直接获取公钥并计算得到消息认证码值。
可选地,在执行步骤201之前,应用设备采用密钥派生函数(key derivation function,KDF)基于目标口令生成派生密钥。密钥派生函数用于使用伪随机函数从秘密值导出一个或多个密钥。秘密值为原始密钥,导出的密钥为派生密钥。例如,密钥派生函数的使用表示为:DK=KDF(Key,Salt,Iterations)。其中,DK是派生密钥。KDF是密钥派生函数。Key是原始密钥。Salt是作为密码盐的随机数(以下简称为随机盐值)。Iterations指迭代次数。随机盐值和迭代次数可统称为密钥派生函数参数值。本申请实施例中,目标口令用作密钥派生函数使用的原始密钥的部分或全部。量子设备与用户标识对应的共享密钥基于该派生密钥得到。可选地,共享密钥基于派生密钥得到,包括:共享密钥是派生密钥,或者,共享密钥是派生密钥的哈希值。
本申请实施例中,使用派生密钥代替目标口令得到共享密钥,这样应用设备与量子设备在同步共享密钥时,应用设备只需向量子设备发送基于目标口令得到的派生密钥。即使派生密钥在传输过程中或存储在量子设备中时被窃取,窃取者也无法还原出服务对象所使用的目标口令,进而能够避免窃取者仿冒服务对象向量子设备请求量子密钥。
可选地,应用设备采用的密钥派生函数包括但不限于哈希函数或基于口令的密钥派生函数(password-based key derivation function 2,PBKDF2)。例如,应用设备采用PBKDF2作为密钥派生函数,目标口令记为pwd,随机盐值记为salt,迭代次数记为i,则基于目标口令得到的派生密钥UK满足:UK=PBKDF2(pwd||secret,salt,i)。其中,“secret”为应用设备自行生成和维护的秘密。本申请实施例中的符号“||”表示“和”或“并”。应用设备将pwd和secret共同作为原始密钥来生成派生密钥,能够降低基于派生密钥破解还原得到目标口令的可能性,在一定程度上能够抵抗离线字典攻击,从而进一步提高目标口令的机密性和使用安全性。
步骤202、量子设备接收到来自应用设备的密钥请求报文之后,基于该密钥请求报文获取第一认证信息以及用户标识对应的存储信息,该存储信息包括量子设备与该用户标识对应的共享密钥。
量子设备基于密钥请求报文获取第一认证信息,包括量子设备从密钥请求报文中获取第一公钥。可选地,量子设备中存储有一个或多个用户标识对应的存储信息。每个用户标识对应的存储信息包括量子设备与该用户标识对应的共享密钥以及该用户标识。量子设备基于密钥请求报文获取用户标识对应的存储信息,也即是,量子设备获取密钥请求报文所携带的用户标识对应的存储信息。
步骤203、量子设备基于共享密钥以及第一认证信息对第一消息认证码值进行验证。
步骤203中的第一认证信息为步骤202中量子设备基于接收到的密钥请求报文获取的认证信息。如果步骤201中应用设备发送的密钥请求报文在传输过程中未经篡改,那么步骤202中量子设备获取的第一认证信息与步骤201中应用设备用于计算第一消息认证码值所使用的第一认证信息的内容是一致的。可选地,步骤203的实现方式为:量子设备基于共享密钥对第一认证信息计算得到第四消息认证码值。如果第四消息认证码值与第一消息认证码值相同, 量子设备确定对第一消息认证码值验证通过。反之,如果第四消息认证码值与第一消息认证码值不同,量子设备确定对第一消息认证码值验证不通过。
如果量子设备对第一消息认证码值验证通过,则表示量子设备接收到的密钥请求报文来自持有共享密钥的另一方,且第一认证信息中由密钥请求报文携带的内容(至少包括第一公钥)在传输过程中未被篡改,这种情况下,量子设备向请求方提供量子密钥。如果量子设备对第一消息认证码值验证不通过,则表示量子设备接收到的密钥请求报文并非来自持有共享密钥的另一方,或者第一认证信息中由密钥请求报文携带的内容在传输过程中被篡改过,这种情况下,量子设备不向请求方提供量子密钥。本申请实施例中,通过在应用设备发送的密钥请求报文中携带第一消息认证码值,使得量子设备能够对应用设备进行身份认证(即验证密钥请求报文的来源可靠性)以及对密钥请求报文进行消息完整性验证。
步骤204、如果量子设备对第一消息认证码值验证通过,量子设备采用第一公钥对量子密钥信息加密得到第一密文。
量子密钥信息包括量子密钥。可选地,量子密钥信息还包括量子密钥的密钥标识。
由于量子设备用于加密量子密钥信息的第一公钥是应用设备运行后量子密钥生成算法得到的,因此量子设备会采用后量子加密算法对量子密钥加密后以密文的形式向应用设备传输量子密钥,保证了量子密钥的传输机密性。另外,由于第一密文采用后量子加密算法加密得到,因此能够抵抗量子攻击,避免第一密文被量子计算机破解而造成量子密钥的泄露。
可选地,量子设备在确定分配给应用设备的量子密钥信息之后,将该量子密钥信息添加到该应用设备对应的用户标识所对应的存储信息中,以便其它应用设备需要与该应用设备基于量子密钥通信时,量子设备能够直接或间接地向其它应用设备提供该应用设备所使用的量子密钥,从而实现应用设备之间的安全通信。
步骤205、量子设备基于共享密钥对第二认证信息计算得到第二消息认证码值,第二认证信息包括第一密文。
可选地,第二认证信息还包括量子设备的设备标识和/或密钥请求报文中携带的用户标识。可选地,第二消息认证码值为哈希消息认证码(HMAC)值。
步骤206、量子设备向应用设备发送密钥请求报文对应的密钥响应报文,该密钥响应报文包括第一密文以及第二消息认证码值。
步骤207、应用设备接收到来自量子设备的密钥响应报文之后,基于共享密钥以及第二认证信息对第二消息认证码值进行验证。
步骤207中的第二认证信息为应用设备基于接收到的密钥响应报文获取的认证信息。如果步骤206中量子设备发送的密钥响应报文在传输过程中未经篡改,那么应用设备基于密钥响应报文获取的认证信息与步骤205中应用设备用于计算第二消息认证码值所使用的第二认证信息的内容是一致的。可选地,步骤207的实现方式为:应用设备基于共享密钥对第二认证信息计算得到第三消息认证码值。如果第三消息认证码值与第二消息认证码值相同,应用设备确定对第二消息认证码值验证通过。反之,如果第三消息认证码值与第二消息认证码值不同,应用设备确定对第二消息认证码值验证不通过。
如果应用设备对第二消息认证码值验证通过,则表示应用设备接收到的密钥响应报文来自持有共享密钥的另一方,且第二认证信息中由密钥响应报文携带的内容(至少包括第一密文)在传输过程中未被篡改,这种情况下,说明密钥响应报文中携带的量子密钥信息是可靠 的,应用设备进一步提取该密钥响应报文中携带的量子密钥信息。如果应用设备对第二消息认证码值验证不通过,则表示应用设备接收到的密钥响应报文并非来自持有共享密钥的另一方,或者第二认证信息中由密钥响应报文携带的内容在传输过程中被篡改过,这种情况下,说明密钥响应报文中携带的量子密钥信息是不可靠的,应用设备不再对该密钥响应报文中的信息进行处理。本申请实施例中,通过在量子设备发送的密钥响应报文中携带第二消息认证码值,使得应用设备能够对量子设备进行身份认证(即验证密钥响应报文的来源可靠性)以及对密钥响应报文进行消息完整性验证。
步骤208、如果应用设备对第二消息认证码值验证通过,应用设备采用第一私钥对第一密文解密以得到量子密钥信息。
可选地,量子设备中用户标识对应的存储信息包括第二统计值,该第二统计值为量子设备记录的包括该用户标识的密钥请求报文的发送次数。密钥请求报文还包括第一统计值,该第一统计值为应用设备记录的包括用户标识的密钥请求报文的发送次数。可选地,第一认证信息还包括第一统计值。如果服务对象为应用设备,则第一统计值为该应用设备发送的包括该应用设备的设备标识(用户标识)的密钥请求报文的次数。具体实现时,通过在应用设备中设置计数器记录密钥请求报文的发送次数。应用设备每发送一次密钥请求报文,使计数器增加设定递增值。如果服务对象为用户账号,则第一统计值为该用户账号登录过的所有应用设备发送的包括该用户账号(用户标识)的密钥请求报文的次数。
可选地,在应用设备向量子设备发送包括用户标识的密钥请求报文之前(即执行步骤201之前),应用设备获取包括该用户标识的密钥请求报文的历史发送次数。应用设备在该历史发送次数上增加设定递增值,得到第一统计值。也即是,应用设备计算的第一统计值是算上本次发送的密钥请求报文的。可选地,设定递增值为1。相应地,量子设备在接收到密钥请求报文之后,如果获取的用户标识对应的存储信息中的第二统计值大于或等于第一统计值,量子设备停止量子密钥传输流程。如果第二统计值小于第一统计值,量子设备更新第二统计值,使更新后的第二统计值等于第一统计值。量子设备在基于接收到的密钥请求报文更新存储的统计值之前,记录的密钥请求报文的发送次数理应小于应用设备记录的密钥请求报文的发送次数。如果密钥请求报文中携带的第一统计值小于或等于量子设备存储的第二统计值,那么说明该密钥请求报文有可能是攻击者重复发送的,也即是该密钥请求报文有可能是重放攻击报文,这样实现了量子设备侧的重放攻击检测。可选地,如果获取的用户标识对应的存储信息中的第二统计值大于或等于第一统计值,量子设备还输出告警提示,该告警提示用于指示本次密钥请求异常,有助于相关人员对异常情况进行及时处理。
可选地,量子设备在确定第二统计值小于第一统计值的情况下,再对第一消息认证码值进行验证(即执行步骤203)。
可选地,密钥响应报文还包括更新后的第二统计值。可选地,第二认证信息还包括更新后的第二统计值。应用设备在接收到密钥响应报文之后,如果密钥响应报文中携带的统计值(更新后的第二统计值)与应用设备记录的统计值(第一统计值)不相等,应用设备停止量子密钥传输流程。量子设备在基于接收到的密钥请求报文更新存储的统计值之后,记录的密钥请求报文的发送次数理应等于应用设备记录的密钥请求报文的发送次数。如果密钥响应报文中携带的统计值不等于应用设备记录的统计值,那么说明该密钥响应报文有可能是攻击者重复发送的,也即是该密钥响应报文有可能是重放攻击报文,这样实现了应用设备侧的重放 攻击检测。可选地,如果密钥响应报文中携带的统计值与应用设备记录的统计值不相等,应用设备还输出告警提示,该告警提示用于指示本次密钥请求异常,有助于相关人员对异常情况进行及时处理。
可选地,应用设备在更新后的第二统计值与第一统计值相等的情况下,再对第二消息认证码值进行验证(即执行步骤207)。
本申请实施例提供的量子密钥传输方法,在应用设备向量子设备请求获取量子密钥的过程中,应用设备与量子设备之间能够进行双向身份认证,还能分别对各自接收到的报文进行消息完整性验证,同时也保证了量子密钥的传输机密性。进而实现了量子密钥在经典网络中传输的安全性和可靠性。另外,应用设备向量子设备请求获取量子密钥这个过程只需要一轮报文(密钥请求报文和密钥响应报文)交互就能完成量子密钥的传输以及双方身份认证,交互过程简单。另外,本申请实施例中应用设备与量子设备之间的双向身份认证以及消息完整性验证都是基于消息认证码实现的。而现有的基于通信双方的证书的认证密钥交换的方案,如传输层安全(transport layer security,TLS)双向认证,握手阶段通信方需使用私钥对报文进行签名,另一通信方需使用对应的公钥进行签名验证,以保障报文来源的合法性和内容的完整性。一方面,由于消息认证码的运算效率高于签名的运算效率,因此本申请方案相较于现有的认证密钥交换方案,应用设备对密钥的获取效率会更高。另一方面,由于消息认证码这类原语能够抵抗量子攻击,而现有的通信方所使用的签名算法通常不具备抗量子性,因此本申请方案相较于现有的认证密钥交换方案,对通信双方进行身份认证以及消息完整性验证的可靠性更高。
可选地,本申请技术方案分为两个实现阶段,分别为注册阶段和量子密钥获取阶段。服务对象在注册阶段完成在量子设备上的注册以与量子设备建立首次互信。其中,服务对象在量子设备上完成注册,包括服务对象与量子设备之间完成共享密钥的同步。服务对象在量子密钥获取阶段完成与量子设备的互相身份认证以及量子密钥的传输。例如,上述方法200描述了量子密钥获取阶段的实现流程。注册阶段与量子密钥获取阶段是相互独立的,服务对象完成一次注册后,能够多次向量子设备请求获取量子密钥。例如服务对象为应用设备,应用设备在量子设备上注册完成之后,该应用设备能够多次执行量子密钥获取流程以从量子设备处获取量子密钥。又例如,服务对象为用户账号,用户账号登录一台应用设备以在量子设备上完成注册,之后,该用户账号能够多次登录该应用设备或其它应用设备,使能每次登录的应用设备执行量子密钥获取流程以从量子设备处获取量子密钥。值得说明的是,在服务对象为应用设备的情况下,与量子设备完成注册流程的应用设备跟向量子设备请求获取量子密钥的应用设备只能是同一台应用设备。这种情况下,上述方法200中的应用设备与下述方法300中的应用设备为同一台应用设备。在服务对象为用户账号的情况下,与量子设备完成注册流程的应用设备跟向量子设备请求获取量子密钥的应用设备为登录同一用户账号的同一台应用设备或不同应用设备。这种情况下,上述方法200中的应用设备与下述方法300中的应用设备为登录同一用户账号的应用设备(同一台设备或不同设备)。
本申请以下实施例对注册阶段的实现流程进行说明。例如,图3是本申请实施例提供的一种量子密钥传输方法300的实现流程示意图。该方法300仅示出了注册阶段的实现流程,应用设备在量子设备上完成注册之后,向量子设备请求获取量子密钥的过程可参考上述方法 200,本申请实施例在此不再赘述。如图3所示,方法300包括步骤301至步骤310。
步骤301、应用设备向量子设备发送注册请求报文。
注册请求报文用于向量子设备申请发起注册流程。可选地,注册请求报文指示应用设备支持的密码算法。例如,注册请求报文指示应用设备支持的消息认证码生成算法、密钥派生函数算法或后量子密码算法等。
步骤302、量子设备接收到来自应用设备的注册请求报文之后,向应用设备发送注册响应报文,该注册响应报文包括量子设备的证书,该证书包括第二公钥。
第二公钥为量子设备所持有的密钥对中的公钥。本申请实施例中,将第二公钥对应的私钥称为第二私钥。第二公钥和第二私钥分为量子设备运行后量子密钥生成算法得到的密钥对中的公钥和私钥。
可选地,注册响应报文还指示量子设备从应用设备支持的密码算法中选择的目标密码算法。目标密码算法包括第一消息认证码值的生成算法(即上述步骤201中应用设备计算第一消息认证码值所使用的算法)、第二消息认证码值的生成算法(即上述步骤205中量子设备计算第二消息认证码值所使用的算法)或共享密钥的生成算法(即上述步骤201中基于派生密钥得到共享密钥的算法)中的一个或多个。可选地,目标密钥算法还包括应用设备生成第一公钥和第一私钥所使用的后量子密码算法(步骤201),和/或,量子设备生成第二公钥和第二私钥所使用的后量子密码算法(步骤302)。以使应用设备能够使用配套的后量子加密算法或后量子解密算法对密文加解密。
步骤303、应用设备接收到来自量子设备的注册请求报文对应的注册响应报文之后,如果应用设备对量子设备的证书验证通过,应用设备获取用户标识和目标口令。
量子设备的证书还包括第三方认证机构(例如CA)的签名。应用设备基于量子设备的证书对量子设备进行身份认证。应用设备对量子设备的证书验证通过,即应用设备使用第三方认证机构提供的公钥对量子设备的证书验签通过。这样应用设备就能确认证书中的公钥的确是来自该量子设备的,进而能够避免仿冒攻击。应用设备获取的目标口令为该应用设备获取的用户标识对应的口令。本申请实施例中,用户标识对应的口令用作该用户标识所指示的服务对象向量子设备请求服务的通行密码。
可选地,如果注册请求报文用于请求将发送该注册请求报文的应用设备作为服务对象,则应用设备将自身的设备标识作为用户标识。如果注册请求报文用于请求注册一个用户账号作为服务对象,则应用设备在接收到注册响应报文之后创建一个用户账号,并将创建的用户账号作为用户标识。
可选地,目标口令由用户输入。应用设备在接收到注册响应报文之后,显示口令输入界面以提示用户输入口令。然后应用设备将用户输入的内容作为目标口令。
步骤304、应用设备采用密钥派生函数基于目标口令生成派生密钥。
可选地,注册响应报文还包括密钥派生函数参数值,该密钥派生函数参数值包括随机盐值和/或迭代次数。量子设备通过在注册响应报文中携带密钥派生函数参数值,以指示应用设备在采用密钥派生函数生成派生密钥时所使用的随机盐值和/或迭代次数。这种情况下,步骤304的实现方式为,应用设备采用密钥派生函数基于目标口令以及注册响应报文中的密钥派生函数参数值生成派生密钥。此步骤304的具体实现方式可参考上述步骤201中的相关描述,本申请实施例在此不再赘述。
步骤305、应用设备采用第二公钥对注册信息加密得到第二密文,该注册信息包括派生密钥以及用户标识。
可选地,在注册响应报文包括密钥派生函数参数值的情况下,应用设备将从注册响应报文中获取的密钥派生函数参数值作为注册信息的一部分,即注册信息包括密钥派生函数参数值。为了便于描述上的区分,本申请实施例将注册响应报文中的密钥派生函数参数值称为第一密钥派生函数参数值,将注册信息中的密钥派生函数参数值称为第二密钥派生函数参数值。
由于应用设备用于加密注册信息的第二公钥是量子设备运行后量子密钥生成算法得到的,因此应用设备会采用后量子加密算法对注册信息加密后以密文的形式向量子设备传输注册信息,保证了注册信息的传输机密性。另外,由于第二密文采用后量子加密算法加密得到,因此能够抵抗量子攻击,避免第二密文被量子计算机破解而造成注册信息的泄露。
可选地,注册信息还包括密钥派生函数参数值、量子设备的设备标识、应用设备的设备标识的哈希值或应用设备生成的随机数中的一个或多个。
步骤306、应用设备向量子设备发送注册登记报文,注册登记报文包括第二密文。
可选地,注册登记报文还包括应用设备的设备标识。注册信息还包括应用设备的设备标识的第一哈希值。
步骤307、量子设备接收到来自应用设备的注册登记报文之后,采用第二私钥对第二密文解密以得到注册信息。
步骤308、量子设备存储用户标识对应的存储信息。
步骤308中的用户标识为量子设备从步骤307中解密得到的注册信息中获取的用户标识。用户标识对应的存储信息包括用户标识以及该用户标识对应的共享密钥。该共享密钥基于注册信息中的派生密钥得到。例如,量子设备将注册信息中的派生密钥作为该量子设备与注册信息中的用户标识对应的共享密钥。或者,量子设备将注册信息中的派生密钥的哈希值作为该量子设备与注册信息中的用户标识对应的共享密钥。只需保证应用设备与量子设备双方基于派生密钥得到共享密钥的处理方式相同即可。可选地,注册信息中的用户标识对应的存储信息还包括注册信息中除用户标识以外的部分或全部内容。例如,量子设备中存储的用户标识对应的存储信息包括用户标识、用户标识对应的共享密钥、应用设备计算派生密钥所使用的随机盐值和迭代次数以及量子设备记录的包括用户标识的密钥请求报文的发送次数。该发送次数的初始值为0。
可选地,当注册响应报文包括第一密钥派生函数参数值,注册信息包括第二密钥派生函数参数值时,量子设备先比对第一密钥派生函数参数值与第二密钥派生函数参数值。如果第一密钥派生函数参数值与第二密钥派生函数参数值相同,量子设备存储注册信息中的用户标识对应的存储信息。
由于应用设备在注册登记报文中携带的第二密钥派生函数参数值来自该应用设备接收到的注册响应报文中的第一密钥派生函数参数值,因此第一密钥派生函数参数值与第二密钥派生函数参数值理应相同。如果量子设备接收到注册登记报文之后,发现来自应用设备的注册登记报文中携带的第二密钥派生函数参数值与量子设备发出的注册响应报文中携带的第一密钥派生函数参数值不同,那么说明注册登记报文和/或注册响应报文在传输过程中被篡改过。本申请实施例通过量子设备比对第一密钥派生函数参数值与第二密钥派生函数参数值,能够实现对量子设备与应用设备之间的双向传输报文的消息完整性验证。
可选地,当注册登记报文包括应用设备的设备标识,注册信息包括应用设备的设备标识的第一哈希值时,量子设备得到注册信息之后,计算注册信息中的应用设备的设备标识的第二哈希值。然后量子设备比对注册登记报文中携带的第一哈希值与计算得到的第二哈希值。如果第一哈希值与第二哈希值相同,量子设备存储用户标识对应的存储信息。
如果量子设备接收到的注册登记报文中携带的第一哈希值与量子设备计算得到的第二哈希值不同,那么说明注册登记报文在传输过程中被篡改过。本申请实施例通过量子设备比对第一哈希值和第二哈希值,能够实现对应用设备向量子设备发送的报文的消息完整性验证。
可选地,注册信息还包括应用设备生成的第一随机数。在量子设备存储注册信息中的用户标识对应的存储信息之后,继续执行以下步骤309至步骤310。
步骤309、量子设备向应用设备发送注册成功响应报文,该注册成功响应报文用于指示注册信息中的用户标识已注册成功,该注册成功响应报文包括第二随机数,第二随机数来自注册信息。
量子设备从注册信息中获取第一随机数之后,将第一随机数携带在注册成功响应报文中。为了便于描述上的区分,本申请实施例将注册信息中的随机数称为第一随机数,将注册成功响应报文中的随机数称为第二随机数。如果量子设备与应用设备之间传输的报文未经篡改,那么第一随机数与第二随机数理应相同。
步骤310、应用设备接收到来自量子设备的注册成功响应报文之后,如果第二随机数与应用设备生成的第一随机数相同,应用设备确定该用户标识注册成功。
应用设备确定用户标识注册成功,也即是,应用设备确定该用户标识所指示的服务对象在量子设备上注册完成。
本申请实施例中,应用设备的身份认证是基于口令的方式。量子设备在注册阶段的身份认证依赖于证书,在量子密钥获取阶段的身份认证依赖于基于口令得到的派生密钥。无论是注册阶段还是量子密钥获取阶段,应用设备与量子设备都实现了互相身份认证,从而保障了量子密钥传输的安全性和可靠性。另外,在注册阶段,应用设备采用量子设备运行后量子加密算法得到的公钥对注册信息加密后以密文的形式向量子设备传输注册信息。在量子密钥获取阶段,量子设备采用应用设备运行后量子密钥生成算法得到的公钥对量子密钥加密后以密文的形式向应用设备传输量子密钥。实现了量子设备与应用设备之间消息传输的机密性,同时,传输的密文能够抵抗量子攻击,因此降低了消息泄露的风险。
本申请实施例提供的上述量子密钥传输方法的步骤的先后顺序能够进行适当调整,步骤也能够根据情况进行相应增减。任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化的方法,都应涵盖在本申请的保护范围之内。
下面对量子设备和应用设备的功能模块举例说明。
本申请实施例提供的量子设备和应用设备都配置有密钥管理器,本申请方案的核心功能分别由量子设备和应用设备的密钥管理器实现。
例如,图4是本申请实施例提供的一种应用设备中的密钥管理器的结构示意图。如图4所示,应用设备中的密钥管理器包括量子服务注册模块和量子密钥请求模块。量子服务注册模块负责向量子设备申请注册服务对象,并向量子设备提供必要的身份材料,具体执行例如上述步骤301、步骤303至步骤306以及步骤310。量子密钥请求模块包括身份认证模块和量 子密钥解封装模块。其中,身份认证模块负责在量子密钥获取过程中对交互的量子设备进行身份认证,具体执行例如上述步骤207。量子密钥解封装模块负责对量子设备发送的量子密钥信息进行解封装,以提取出真正的量子密钥,具体执行例如上述步骤208。
例如,图5是本申请实施例提供的一种量子设备中的密钥管理器的结构示意图。如图5所示,量子设备中的密钥管理器包括注册请求处理模块和量子密钥请求处理模块。注册请求处理模块负责处理来自应用设备的注册请求,具体执行例如上述步骤302以及步骤307至步骤309。量子密钥请求处理模块包括身份认证模块和量子密钥封装模块。其中,身份认证模块负责对交互的应用设备进行身份认证,具体执行例如上述步骤203。量子密钥请求处理模块负责封装量子密钥信息,具体执行例如上述步骤204,以保障量子密钥在经典网络中的传输机密性。
下面对本申请实施例涉及的系统举例说明。
本申请实施例还提供了一种量子密钥传输系统,包括:应用设备和量子设备。应用设备与量子设备交互,使得应用设备能够从量子设备上获取量子密钥。应用设备和量子设备的详细工作过程请参照前面方法200中描述的量子密钥获取阶段的实现流程。例如,应用设备用于执行上述方法200中的步骤201以及步骤207至步骤208。量子设备用于执行上述方法200中的步骤202至步骤206。
可选地,应用设备还与量子设备交互,使得应用设备能够在量子设备上完成服务对象的注册。应用设备和量子设备的详细工作过程请参照前面方法300中描述的注册阶段的实现流程。例如,应用设备用于执行上述方法300中的步骤301、步骤303至步骤306以及步骤310。量子设备用于执行上述方法300中的步骤302以及步骤307至步骤309。
例如,图6是本申请实施例提供的一种量子密钥传输系统的结构示意图。如图6所示,该系统包括第一应用设备和第一量子设备。第一应用设备在第一量子设备上完成了注册,或者,登录第一应用设备的用户账号在第一量子设备上完成了注册,具体注册过程可参考上述方法300中的描述。第一量子设备能够向第一应用设备提供量子服务。可选地,当第一应用设备为通信发起方时,第一应用设备向第一量子设备请求获取量子密钥。第一应用设备向第一量子设备请求获取量子密钥的过程可参考上述方法200中的描述。
例如,第一应用设备用于向第一量子设备发送密钥请求报文。该密钥请求报文包括第一应用设备对应的用户标识、第一公钥以及第一消息认证码值。第一公钥为第一应用设备运行后量子密钥生成算法得到的密钥对中的公钥。第一消息认证码值由第一应用设备基于量子设备与用户标识对应的共享密钥对第一认证信息计算得到。第一认证信息包括第一公钥。第一量子设备用于基于密钥请求报文获取第一认证信息以及用户标识对应的存储信息,该存储信息包括共享密钥。第一量子设备用于基于共享密钥以及第一认证信息对第一消息认证码值进行验证。如果第一量子设备对第一消息认证码值验证通过,第一量子设备用于采用第一公钥对量子密钥信息加密得到第一密文。该量子密钥信息包括量子密钥。第一量子设备用于基于共享密钥对第二认证信息计算得到第二消息认证码值。第二认证信息包括第一密文。第一量子设备用于向第一应用设备发送密钥请求报文对应的密钥响应报文。该密钥响应报文包括第一密文以及第二消息认证码值。第一应用设备用于基于密钥响应报文获取第二认证信息。第一应用设备用于基于共享密钥以及第二认证信息对第二消息认证码值进行验证。如果第一应 用设备对第二消息认证码值验证通过,第一应用设备用于采用第一私钥对第一密文解密以得到量子密钥信息。第一私钥为第一应用设备运行后量子密钥生成算法得到的密钥对中的私钥。第一私钥为第一公钥对应的私钥。
可选地,第一量子设备为第一应用设备分配的量子密钥信息还包括量子密钥的密钥标识。
可选地,请继续参见图6,该系统还包括第二应用设备和第二量子设备。第二应用设备在第二量子设备上完成了注册,或者,登录第二应用设备的用户账号在第二量子设备上完成了注册,具体注册过程可参考上述方法300中的描述。第二量子设备能够向第二应用设备提供量子服务。可选地,当第二应用设备为通信接收方时,第二应用设备向第二量子设备请求获取通信发起方的量子密钥。
例如,第一量子设备还用于向第二量子设备发送量子密钥信息。第一应用设备还用于向第二应用设备发送密钥标识。第二应用设备用于向第二量子设备发送密钥获取请求,该密钥获取请求包括密钥标识。第二量子设备用于基于密钥标识向第二应用设备发送量子密钥。第一应用设备与第二应用设备用于基于量子密钥进行通信。
其中,第二应用设备向第二量子设备发送密钥获取请求的方式可参考上述方法200中应用设备向量子设备发送密钥请求报文的方式,具体过程可参考上述方法200中的步骤201。例如密钥获取请求所包含的内容相较于密钥请求报文多了密钥标识,以指示第二量子设备获取该密钥标识所指示的量子密钥。第二量子设备对密钥获取请求的处理方式可参考上述方法200中量子设备对密钥请求报文的处理方式,具体过程可参考上述方法200中的步骤202至步骤206,区别在于,此处第二量子设备的加密对象为密钥标识所指示的量子密钥。相应地,第二应用设备对来自第二量子设备的对量子密钥加密得到的密文的处理方式可参考上述方法200中应用设备对密钥响应报文的处理方式,具体过程可参考上述方法200中的步骤207至步骤208。
可选地,请继续参见图6,第一量子设备与第二量子设备通过量子网络通信。第一量子设备与第一应用设备通过经典网络通信。第二量子设备与第二应用设备通过经典网络通信。第一应用设备与第二应用设备通过经典网络通信。
图6示出的系统以向第一应用设备提供量子服务的量子设备(第一量子设备)与向第二应用设备提供量子服务的量子设备(第二量子设备)不同为例进行说明。如果第一应用设备与第二应用设备由同一台量子设备提供量子服务,那么在实现技术方案时,则省略两个量子设备之间同步量子密钥信息的步骤。
本申请实施例提供的量子密钥传输系统,实现了将量子密钥从量子设备跨安全域安全可靠地传输到应用设备上。当通过经典网络通信的两个应用设备需要使用量子密钥进行通信时,通信发起方从对应的量子设备获取量子密钥和密钥标识。然后通信发起方通过经典网络向通信接收方同步密钥标识。如果通信发起方和通信接收方由不同的量子设备提供量子服务,通信发起方对应的量子设备还向通信接收方对应的量子设备同步量子密钥和密钥标识。这样,通信接收方就能够向对应的量子设备请求到密钥标识对应的量子密钥,进而通信双方能够基于量子密钥进行通信。由于量子密钥从量子设备传输到应用设备的过程是安全可靠的,量子密钥通过量子网络传输始终是安全的,而两个应用设备之间传输的是量子密钥的密钥标识并非是量子密钥,使得窃取者无法从两个应用设备的通信过程中窃取量子密钥,因此通信双方获取量子密钥的整个过程都是安全可靠的,进而能够提高通信安全性和可靠性。
下面对量子设备的基本硬件结构举例说明。
例如,图7是本申请实施例提供的一种应用设备的硬件结构示意图。如图7所示,应用设备700包括处理器701和存储器702,存储器701与存储器702通过总线703连接。图7以处理器701和存储器702相互独立说明。可选地,处理器701和存储器702集成在一起。可选地,结合图1来看,图7中的应用设备700是图1所示的任一应用设备。
其中,存储器702用于存储计算机程序,计算机程序包括操作系统和程序代码。存储器702是各种类型的存储介质,例如只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、只读光盘(compact disc read-only memory,CD-ROM)、闪存、光存储器、寄存器、光盘存储、光碟存储、磁盘或者其它磁存储设备。
其中,处理器701是通用处理器或专用处理器。处理器701可能是单核处理器或多核处理器。处理器701包括至少一个电路,以执行本申请实施例提供的上述方法200或方法300中应用设备执行的动作。
可选地,应用设备700还包括网络接口704,网络接口704通过总线703与处理器701和存储器702连接。网络接口704能够实现应用设备700与量子设备或其它应用设备通信。处理器701能够通过网络接口704与量子设备交互来注册服务对象和获取量子密钥等,以及与其它应用设备通信等。
可选地,应用设备700还包括输入/输出(input/output,I/O)接口705,I/O接口705通过总线703与处理器701和存储器702连接。处理器701能够通过I/O接口705接收输入的命令或数据等。I/O接口705用于应用设备700连接输入设备,这些输入设备例如是键盘、鼠标等。可选地,在一些可能的场景中,上述网络接口704和I/O接口705被统称为通信接口。
可选地,应用设备700还包括显示器706,显示器706通过总线703与处理器701和存储器702连接。显示器706能够用于显示处理器701执行上述方法产生的中间结果和/或最终结果等,例如显示告警提示。在一种可能的实现方式中,显示器706是触控显示屏,以提供人机交互接口。
其中,总线703是任何类型的,用于实现应用设备700的内部器件互连的通信总线。例如系统总线。本申请实施例以应用设备700内部的上述器件通过总线703互连为例说明,可选地,应用设备700内部的上述器件采用除了总线703之外的其他连接方式彼此通信连接,例如应用设备700内部的上述器件通过应用设备700内部的逻辑接口互连。
上述器件可以分别设置在彼此独立的芯片上,也可以至少部分的或者全部的设置在同一块芯片上。将各个器件独立设置在不同的芯片上,还是整合设置在一个或者多个芯片上,往往取决于产品设计的需要。本申请实施例对上述器件的具体实现形式不做限定。
图7所示的应用设备700仅仅是示例性的,在实现过程中,应用设备700包括其他组件,本文不再一一列举。图7所示的应用设备700可以通过执行上述实施例提供的方法的全部或部分步骤来实现量子密钥的传输。
下面对应用设备的基本硬件结构举例说明。
例如,图8是本申请实施例提供的一种量子设备的硬件结构示意图。如图8所示,量子 设备800包括处理器801和存储器802,存储器801与存储器802通过总线803连接。图8以处理器801和存储器802相互独立说明。可选地,处理器801和存储器802集成在一起。可选地,结合图1来看,图8中的量子设备800是图1所示的量子设备。
其中,存储器802用于存储计算机程序,计算机程序包括操作系统和程序代码。存储器802是各种类型的存储介质,例如ROM、RAM、EEPROM、CD-ROM、闪存、光存储器、寄存器、光盘存储、光碟存储、磁盘或者其它磁存储设备。
其中,处理器801是通用处理器或专用处理器。处理器801可能是单核处理器或多核处理器。处理器801包括至少一个电路,以执行本申请实施例提供的上述方法200或方法300中量子设备执行的动作。
可选地,量子设备800还包括网络接口804,网络接口804通过总线803与处理器801和存储器802连接。网络接口804能够实现量子设备800与应用设备或其它量子设备通信。处理器801能够通过网络接口804与应用设备交互来注册服务对象和提供量子密钥等,以及与其它量子设备交互来同步量子密钥信息等。
可选地,量子设备800还包括I/O接口805,I/O接口805通过总线803与处理器801和存储器802连接。处理器801能够通过I/O接口805接收输入的命令或数据等。I/O接口805用于量子设备800连接输入设备,这些输入设备例如是键盘、鼠标等。可选地,在一些可能的场景中,上述网络接口804和I/O接口805被统称为通信接口。
可选地,量子设备800还包括显示器806,显示器806通过总线803与处理器801和存储器802连接。显示器806能够用于显示处理器801执行上述方法产生的中间结果和/或最终结果等,例如显示告警提示。在一种可能的实现方式中,显示器806是触控显示屏,以提供人机交互接口。
其中,总线803是任何类型的,用于实现量子设备800的内部器件互连的通信总线。例如系统总线。本申请实施例以量子设备800内部的上述器件通过总线803互连为例说明,可选地,量子设备800内部的上述器件采用除了总线803之外的其他连接方式彼此通信连接,例如量子设备800内部的上述器件通过量子设备800内部的逻辑接口互连。
上述器件可以分别设置在彼此独立的芯片上,也可以至少部分的或者全部的设置在同一块芯片上。将各个器件独立设置在不同的芯片上,还是整合设置在一个或者多个芯片上,往往取决于产品设计的需要。本申请实施例对上述器件的具体实现形式不做限定。
图8所示的量子设备800仅仅是示例性的,在实现过程中,量子设备800包括其他组件,本文不再一一列举。图8所示的量子设备800可以通过执行上述实施例提供的方法的全部或部分步骤来实现量子密钥的传输。
下面对本申请实施例的虚拟装置举例说明。
图9是本申请实施例提供的一种应用设备的结构示意图。具有图9所示结构的应用设备实现上述实施例描述的方案中应用设备的功能。可选地,图9所示的应用设备是图1或图6所示的应用场景中的任一应用设备、图4所示的应用设备或图7所示的应用设备,执行图2或图3所示实施例中描述的应用设备的功能。如图9所示,应用设备900包括发送模块901、接收模块902和处理模块903。
发送模块901,用于向量子设备发送密钥请求报文,密钥请求报文包括应用设备对应的 用户标识、第一公钥以及第一消息认证码值,用户标识用于量子设备获取对应的存储信息,存储信息包括量子设备与用户标识对应的共享密钥,第一公钥用于量子设备对分配给应用设备的量子密钥信息加密,量子密钥信息包括量子密钥,第一公钥为应用设备运行后量子密钥生成算法得到的密钥对中的公钥,第一消息认证码值由应用设备基于共享密钥对第一认证信息计算得到,第一认证信息包括第一公钥。
接收模块902,用于接收来自量子设备的密钥请求报文对应的密钥响应报文,密钥响应报文包括第一密文以及第二消息认证码值。
处理模块903,用于基于共享密钥以及第二认证信息对第二消息认证码值进行验证,第二认证信息包括第一密文。
处理模块903,还用于如果应用设备对第二消息认证码值验证通过,采用第一私钥对第一密文解密以得到量子密钥信息,第一私钥为密钥对中的私钥。
这里,发送模块901、接收模块902和处理模块903的详细工作过程请参照前面方法实施例中的描述。例如,发送模块901采用方法200中的步骤201向量子设备发送密钥请求报文。接收模块902采用方法200中的步骤206接收来自量子设备的密钥响应报文。处理模块903采用方法200中的步骤207和步骤208处理来自量子设备的密钥响应报文。本申请实施例在此不再重复描述。
可选地,应用设备对应的用户标识为应用设备的设备标识,或者,应用设备对应的用户标识为登录应用设备的用户账号。
可选地,密钥请求报文还包括第一统计值。处理模块903,还用于在向量子设备发送密钥请求报文之前,获取包括用户标识的密钥请求报文的历史发送次数。在历史发送次数上增加设定递增值,得到第一统计值。这里,处理模块903的详细工作过程可参考方法200中的相关描述。
可选地,密钥响应报文还包括第二统计值。第二统计值为量子设备记录的包括用户标识的密钥请求报文的发送次数。处理模块903,还用于在接收到密钥响应报文之后,如果第二统计值与第一统计值不相等,停止量子密钥传输流程。这里,处理模块903的详细工作过程可参考方法200中的相关描述。
可选地,第一认证信息还包括量子设备的设备标识、用户标识或第一统计值中的一个或多个。
可选地,处理模块903,还用于在发送模块901向量子设备发送密钥请求报文之前,采用密钥派生函数基于目标口令生成派生密钥,共享密钥基于派生密钥得到。这里,处理模块903的详细工作过程可参考方法200中步骤201的相关描述。
可选地,处理模块903,还用于在发送模块901向量子设备发送密钥请求报文之前,响应于获取到输入的量子密钥获取指令,运行后量子密钥生成算法生成密钥对,量子密钥获取指令包括目标口令。基于共享密钥对第一认证信息计算得到第一消息认证码值。这里,处理模块903的详细工作过程可参考方法200中步骤201的相关描述。
可选地,发送模块901,还用于在向量子设备发送密钥请求报文之前,向量子设备发送注册请求报文。接收模块902,还用于接收来自量子设备的注册请求报文对应的注册响应报文,注册响应报文包括量子设备的证书,证书包括第二公钥。处理模块903还用于如果应用设备对证书验证通过,采用第二公钥对注册信息加密得到第二密文,注册信息包括派生密钥以及 用户标识。发送模块901,还用于向量子设备发送注册登记报文,注册登记报文包括第二密文。这里,发送模块901的详细工作过程可参考方法300中步骤301和步骤306的相关描述。接收模块902的详细工作过程可参考方法300中步骤302的相关描述。处理模块903的详细工作过程可参考方法300中步骤305的相关描述。
可选地,注册请求报文指示应用设备支持的密码算法,注册响应报文还指示量子设备从应用设备支持的密码算法中选择的目标密码算法,目标密码算法包括第一消息认证码值的生成算法、第二消息认证码值的生成算法或共享密钥的生成算法中的一个或多个。
可选地,注册响应报文还包括密钥派生函数参数值,密钥派生函数参数值包括随机盐值和/或迭代次数。处理模块903,还用于在接收模块902接收到注册响应报文之后,获取用户标识以及目标口令,采用密钥派生函数基于目标口令以及密钥派生函数参数值生成派生密钥。这里,处理模块903的详细工作过程可参考方法300中步骤303和步骤304的相关描述。
可选地,注册登记报文还包括应用设备的设备标识。注册信息还包括应用设备的设备标识的哈希值。
可选地,注册信息还包括应用设备生成的第一随机数。接收模块902,还用于接收来自量子设备的注册成功响应报文,注册成功响应报文用于指示用户标识已注册成功,注册成功响应报文包括第二随机数。处理模块903,还用于如果第二随机数与第一随机数相同,确定用户标识注册成功。这里,接收模块902的详细工作过程可参考方法300中步骤309的相关描述。处理模块903的详细工作过程可参考方法300中步骤310的相关描述。
可选地,处理模块903,用于基于共享密钥对第二认证信息计算得到第三消息认证码值。如果第三消息认证码值与第二消息认证码值相同,确定对第二消息认证码值验证通过。这里,处理模块903的详细工作过程可参考方法200中步骤207的相关描述。
可选地,应用设备与量子设备通过经典网络通信。
图10是本申请实施例提供的一种量子设备的结构示意图。具有图10所示结构的量子设备实现上述实施例描述的方案中量子设备的功能。可选地,图10所示的量子设备是图1或图6所示的应用场景中的量子设备、图5所示的量子设备或图8所示的量子设备,执行图2或图3所示实施例中描述的量子设备的功能。如图10所示,量子设备1000包括接收模块1001、处理模块1002和发送模块1003。
接收模块1001,用于接收来自应用设备的密钥请求报文,密钥请求报文包括应用设备对应的用户标识、第一公钥以及第一消息认证码值。
处理模块1002,用于基于密钥请求报文获取第一认证信息以及用户标识对应的存储信息,存储信息包括量子设备与用户标识对应的共享密钥,第一认证信息包括第一公钥。
处理模块1002,还用于基于共享密钥以及第一认证信息对第一消息认证码值进行验证。
处理模块1002,还用于如果量子设备对第一消息认证码值验证通过,采用第一公钥对量子密钥信息加密得到第一密文,量子密钥信息包括量子密钥。
处理模块1002,还用于基于共享密钥对第二认证信息计算得到第二消息认证码值,第二认证信息包括第一密文。
发送模块1003,用于向应用设备发送密钥请求报文对应的密钥响应报文,密钥响应报文包括第一密文以及第二消息认证码值。
这里,接收模块1001、处理模块1002和发送模块1003的详细工作过程请参照前面方法实施例中的描述。例如,接收模块1001采用方法200中的步骤201接收来自应用设备的密钥请求报文。处理模块1002采用方法200中的步骤202至步骤205处理来自应用设备的密钥请求报文。发送模块1003采用方法200中的步骤206向应用设备发送密钥响应报文。本申请实施例在此不再重复描述。
可选地,应用设备对应的用户标识为应用设备的设备标识,或者,应用设备对应的用户标识为登录应用设备的用户账号。
可选地,密钥请求报文还包括第一统计值,第一统计值为应用设备记录的包括用户标识的密钥请求报文的发送次数,存储信息包括第二统计值,第二统计值为量子设备记录的包括用户标识的密钥请求报文的发送次数。处理模块1002,还用于在获取用户标识对应的存储信息之后,如果第二统计值大于或等于第一统计值,停止量子密钥传输流程。如果第二统计值小于第一统计值,更新第二统计值,使更新后的第二统计值等于第一统计值。这里,处理模块1002的详细工作过程可参考方法200中的相关描述。
可选地,密钥响应报文还包括更新后的第二统计值。
可选地,第二认证信息还包括量子设备的设备标识、用户标识或更新后的第二统计值中的一个或多个。
可选地,接收模块1001,还用于接收来自应用设备的注册请求报文。发送模块1003,还用于向应用设备发送注册响应报文,注册响应报文包括量子设备的证书,证书包括第二公钥,第二公钥为量子设备运行后量子密钥生成算法得到的密钥对中的公钥。处理模块1002,还用于如果接收模块1001接收到来自应用设备的包括第二密文的注册登记报文,采用第二私钥对第二密文解密以得到注册信息,注册信息包括派生密钥以及应用设备对应的用户标识,所述第二私钥为密钥对中的私钥,并存储用户标识对应的存储信息,存储信息包括基于派生密钥得到的共享密钥以及用户标识。这里,接收模块1001的详细工作过程可参考方法300中步骤301和步骤306的相关描述。处理模块1002的详细工作过程可参考方法300中步骤307和步骤308的相关描述。发送模块1003的详细工作过程可参考方法300中步骤302的相关描述。
可选地,注册请求报文指示应用设备支持的密码算法,注册响应报文还指示量子设备从应用设备支持的密码算法中选择的目标密码算法,目标密码算法包括第一消息认证码值的生成算法、第二消息认证码值的生成算法或共享密钥的生成算法中的一个或多个。
可选地,注册响应报文还包括第一密钥派生函数参数值,第一密钥派生函数参数值包括随机盐值和/或迭代次数,注册信息还包括第二密钥派生函数参数值。处理模块1002,还用于在得到注册信息之后,比对第一密钥派生函数参数值与第二密钥派生函数参数值,如果第一密钥派生函数参数值与第二密钥派生函数参数值相同,存储用户标识对应的存储信息。这里,处理模块1002的详细工作过程可参考方法300中步骤308的相关描述。
可选地,注册登记报文还包括应用设备的设备标识,注册信息还包括应用设备的设备标识的第一哈希值。处理模块1002,还用于在得到注册信息之后,计算应用设备的设备标识的第二哈希值,比对第一哈希值与第二哈希值,如果第一哈希值与第二哈希值相同,存储用户标识对应的存储信息。这里,处理模块1002的详细工作过程可参考方法300中步骤308的相关描述。
可选地,注册信息还包括应用设备生成的随机数。发送模块1003,还用于在处理模块1002 存储用户标识对应的存储信息之后,向应用设备发送注册成功响应报文,注册成功响应报文用于指示用户标识已注册成功,注册成功响应报文包括随机数。这里,发送模块1003的详细工作过程可参考方法300中步骤309的相关描述。
可选地,处理模块1002,用于基于共享密钥对第一认证信息计算得到第四消息认证码值。如果第四消息认证码值与第一消息认证码值相同,确定对第一消息认证码值验证通过。这里,处理模块1002的详细工作过程可参考方法200中步骤203的相关描述。
可选地,应用设备与量子设备通过经典网络通信。
本申请实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质上存储有指令,当所述指令被应用设备的处理器执行时,实现上述方法200或方法300中应用设备执行的步骤。或者,当所述指令被量子设备的处理器执行时,实现上述方法200或方法300中量子设备执行的步骤。
本申请实施例还提供了一种计算机程序产品,包括计算机程序,所述计算机程序被应用设备的处理器执行时,实现上述方法200或方法300中应用设备执行的步骤。或者,所述计算机程序被量子设备的处理器执行时,实现上述方法200或方法300中量子设备执行的步骤。
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。
在本申请实施例中,术语“第一”、“第二”和“第三”仅用于描述目的,而不能理解为指示或暗示相对重要性。
本申请中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。
需要说明的是,本申请所涉及的信息(包括但不限于用户设备信息、用户个人信息等)、数据(包括但不限于用于分析的数据、存储的数据、展示的数据等)以及信号,均为经用户授权或者经过各方充分授权的,且相关数据的收集、使用和处理需要遵守相关国家和地区的相关法律法规和标准。例如,本申请中涉及到的量子密钥信息、注册信息等都是在充分授权的情况下获取的。
以上所述仅为本申请的可选实施例,并不用以限制本申请,凡在本申请的构思和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。

Claims (56)

  1. 一种量子密钥传输方法,其特征在于,所述方法包括:
    应用设备向量子设备发送密钥请求报文,所述密钥请求报文包括所述应用设备对应的用户标识、第一公钥以及第一消息认证码值,所述用户标识用于所述量子设备获取对应的存储信息,所述存储信息包括所述量子设备与所述用户标识对应的共享密钥,所述第一公钥用于所述量子设备对分配给所述应用设备的量子密钥信息加密,所述量子密钥信息包括量子密钥,所述第一公钥为所述应用设备运行后量子密钥生成算法得到的密钥对中的公钥,所述第一消息认证码值由所述应用设备基于所述共享密钥对第一认证信息计算得到,所述第一认证信息包括所述第一公钥;
    所述应用设备接收来自所述量子设备的所述密钥请求报文对应的密钥响应报文,所述密钥响应报文包括第一密文以及第二消息认证码值;
    所述应用设备基于所述共享密钥以及第二认证信息对所述第二消息认证码值进行验证,所述第二认证信息包括所述第一密文;
    如果所述应用设备对所述第二消息认证码值验证通过,所述应用设备采用第一私钥对所述第一密文解密以得到量子密钥信息,所述第一私钥为所述密钥对中的私钥。
  2. 根据权利要求1所述的方法,其特征在于,所述应用设备对应的用户标识为所述应用设备的设备标识,或者,所述应用设备对应的用户标识为登录所述应用设备的用户账号。
  3. 根据权利要求1或2所述的方法,其特征在于,所述密钥请求报文还包括第一统计值,在所述应用设备向量子设备发送密钥请求报文之前,所述方法还包括:
    所述应用设备获取包括所述用户标识的密钥请求报文的历史发送次数;
    所述应用设备在所述历史发送次数上增加设定递增值,得到所述第一统计值。
  4. 根据权利要求3所述的方法,其特征在于,所述密钥响应报文还包括第二统计值,所述第二统计值为所述量子设备记录的包括所述用户标识的密钥请求报文的发送次数,在所述应用设备接收所述密钥请求报文对应的密钥响应报文之后,所述方法还包括:
    如果所述第二统计值与所述第一统计值不相等,所述应用设备停止量子密钥传输流程。
  5. 根据权利要求3或4所述的方法,其特征在于,所述第一认证信息还包括所述量子设备的设备标识、所述用户标识或所述第一统计值中的一个或多个。
  6. 根据权利要求1至5任一所述的方法,其特征在于,在所述应用设备向量子设备发送密钥请求报文之前,所述方法还包括:
    所述应用设备采用密钥派生函数基于目标口令生成派生密钥,所述共享密钥基于所述派生密钥得到。
  7. 根据权利要求6所述的方法,其特征在于,在所述应用设备向量子设备发送密钥请求报文之前,所述方法还包括:
    响应于获取到输入的量子密钥获取指令,所述应用设备运行所述后量子密钥生成算法生成所述密钥对,所述量子密钥获取指令包括所述目标口令;
    所述应用设备基于所述共享密钥对所述第一认证信息计算得到所述第一消息认证码值。
  8. 根据权利要求6或7所述的方法,其特征在于,在所述应用设备向量子设备发送密钥请求报文之前,所述方法还包括:
    所述应用设备向所述量子设备发送注册请求报文;
    所述应用设备接收来自所述量子设备的所述注册请求报文对应的注册响应报文,所述注册响应报文包括所述量子设备的证书,所述证书包括第二公钥;
    如果所述应用设备对所述证书验证通过,所述应用设备采用所述第二公钥对注册信息加密得到第二密文,所述注册信息包括所述派生密钥以及所述用户标识;
    所述应用设备向所述量子设备发送注册登记报文,所述注册登记报文包括所述第二密文。
  9. 根据权利要求8所述的方法,其特征在于,所述注册请求报文指示所述应用设备支持的密码算法,所述注册响应报文还指示所述量子设备从所述应用设备支持的密码算法中选择的目标密码算法,所述目标密码算法包括所述第一消息认证码值的生成算法、所述第二消息认证码值的生成算法或所述共享密钥的生成算法中的一个或多个。
  10. 根据权利要求8或9所述的方法,其特征在于,所述注册响应报文还包括密钥派生函数参数值,所述密钥派生函数参数值包括随机盐值和/或迭代次数,所述应用设备接收所述注册请求报文对应的注册响应报文之后,所述方法还包括:
    所述应用设备获取所述用户标识以及所述目标口令;
    所述应用设备采用密钥派生函数基于目标口令生成派生密钥,包括:
    所述应用设备采用所述密钥派生函数基于所述目标口令以及所述密钥派生函数参数值生成所述派生密钥。
  11. 根据权利要求8至10任一所述的方法,其特征在于,所述注册登记报文还包括所述应用设备的设备标识,所述注册信息还包括所述应用设备的设备标识的哈希值。
  12. 根据权利要求8至11任一所述的方法,其特征在于,所述注册信息还包括所述应用设备生成的第一随机数,所述方法还包括:
    所述应用设备接收来自所述量子设备的注册成功响应报文,所述注册成功响应报文用于指示所述用户标识已注册成功,所述注册成功响应报文包括第二随机数;
    如果所述第二随机数与所述第一随机数相同,所述应用设备确定所述用户标识注册成功。
  13. 根据权利要求1至12任一所述的方法,其特征在于,所述应用设备基于所述共享密钥以及第二认证信息对所述第二消息认证码值进行验证,包括:
    所述应用设备基于所述共享密钥对所述第二认证信息计算得到第三消息认证码值;
    如果所述第三消息认证码值与所述第二消息认证码值相同,所述应用设备确定对所述第二消息认证码值验证通过。
  14. 根据权利要求1至13任一所述的方法,其特征在于,所述应用设备与所述量子设备通过经典网络通信。
  15. 一种量子密钥传输方法,其特征在于,所述方法包括:
    量子设备接收来自应用设备的密钥请求报文,所述密钥请求报文包括所述应用设备对应的用户标识、第一公钥以及第一消息认证码值;
    所述量子设备基于所述密钥请求报文获取第一认证信息以及所述用户标识对应的存储信息,所述存储信息包括所述量子设备与所述用户标识对应的共享密钥,所述第一认证信息包括所述第一公钥;
    所述量子设备基于所述共享密钥以及所述第一认证信息对所述第一消息认证码值进行验证;
    如果所述量子设备对所述第一消息认证码值验证通过,所述量子设备采用所述第一公钥对量子密钥信息加密得到第一密文,所述量子密钥信息包括量子密钥;
    所述量子设备基于所述共享密钥对第二认证信息计算得到第二消息认证码值,所述第二认证信息包括所述第一密文;
    所述量子设备向所述应用设备发送所述密钥请求报文对应的密钥响应报文,所述密钥响应报文包括所述第一密文以及所述第二消息认证码值。
  16. 根据权利要求15所述的方法,其特征在于,所述应用设备对应的用户标识为所述应用设备的设备标识,或者,所述应用设备对应的用户标识为登录所述应用设备的用户账号。
  17. 根据权利要求15或16所述的方法,其特征在于,所述密钥请求报文还包括第一统计值,所述第一统计值为所述应用设备记录的包括所述用户标识的密钥请求报文的发送次数,所述存储信息包括第二统计值,所述第二统计值为所述量子设备记录的包括所述用户标识的密钥请求报文的发送次数,在所述量子设备获取所述用户标识对应的存储信息之后,所述方法还包括:
    如果所述第二统计值大于或等于所述第一统计值,所述量子设备停止量子密钥传输流程;
    如果所述第二统计值小于所述第一统计值,所述量子设备更新所述第二统计值,使更新后的第二统计值等于所述第一统计值。
  18. 根据权利要求17所述的方法,其特征在于,所述密钥响应报文还包括所述更新后的第二统计值。
  19. 根据权利要求17或18所述的方法,其特征在于,所述第二认证信息还包括所述量子设备的设备标识、所述用户标识或所述更新后的第二统计值中的一个或多个。
  20. 根据权利要求15至19任一所述的方法,其特征在于,所述方法还包括:
    所述量子设备接收来自所述应用设备的注册请求报文;
    所述量子设备向所述应用设备发送注册响应报文,所述注册响应报文包括所述量子设备的证书,所述证书包括第二公钥,所述第二公钥为所述量子设备运行后量子密钥生成算法得到的密钥对中的公钥;
    如果所述量子设备接收到来自所述应用设备的包括第二密文的注册登记报文,所述量子设备采用第二私钥对所述第二密文解密以得到注册信息,所述注册信息包括派生密钥以及所述应用设备对应的用户标识,所述第二私钥为所述密钥对中的私钥;
    所述量子设备存储所述用户标识对应的存储信息,所述存储信息包括基于所述派生密钥得到的所述共享密钥以及所述用户标识。
  21. 根据权利要求20所述的方法,其特征在于,所述注册请求报文指示所述应用设备支持的密码算法,所述注册响应报文还指示所述量子设备从所述应用设备支持的密码算法中选择的目标密码算法,所述目标密码算法包括所述第一消息认证码值的生成算法、所述第二消息认证码值的生成算法或所述共享密钥的生成算法中的一个或多个。
  22. 根据权利要求20或21所述的方法,其特征在于,所述注册响应报文还包括第一密钥派生函数参数值,所述第一密钥派生函数参数值包括随机盐值和/或迭代次数,所述注册信息还包括第二密钥派生函数参数值,在所述量子设备采用第二私钥对所述第二密文解密以得到注册信息之后,所述方法还包括:
    所述量子设备比对所述第一密钥派生函数参数值与所述第二密钥派生函数参数值;
    所述量子设备存储所述用户标识对应的存储信息,包括:
    如果所述第一密钥派生函数参数值与所述第二密钥派生函数参数值相同,所述量子设备存储所述用户标识对应的存储信息。
  23. 根据权利要求20至22任一所述的方法,其特征在于,所述注册登记报文还包括所述应用设备的设备标识,所述注册信息还包括所述应用设备的设备标识的第一哈希值,在所述量子设备采用第二私钥对所述第二密文解密以得到注册信息之后,所述方法还包括:
    所述量子设备计算所述应用设备的设备标识的第二哈希值;
    所述量子设备比对所述第一哈希值与所述第二哈希值;
    所述量子设备存储所述用户标识对应的存储信息,包括:
    如果所述第一哈希值与所述第二哈希值相同,所述量子设备存储所述用户标识对应的存储信息。
  24. 根据权利要求20至23任一所述的方法,其特征在于,所述注册信息还包括所述应用设备生成的随机数,在所述量子设备存储所述用户标识对应的存储信息之后,所述方法还包括:
    所述量子设备向所述应用设备发送注册成功响应报文,所述注册成功响应报文用于指示 所述用户标识已注册成功,所述注册成功响应报文包括所述随机数。
  25. 根据权利要求15至24任一所述的方法,其特征在于,所述量子设备基于所述共享密钥以及所述第一认证信息对所述第一消息认证码值进行验证,包括:
    所述量子设备基于所述共享密钥对所述第一认证信息计算得到第四消息认证码值;
    如果所述第四消息认证码值与所述第一消息认证码值相同,所述量子设备确定对所述第一消息认证码值验证通过。
  26. 根据权利要求15至25任一所述的方法,其特征在于,所述应用设备与所述量子设备通过经典网络通信。
  27. 一种应用设备,其特征在于,包括:存储器、网络接口和至少一个处理器,
    所述存储器用于存储程序指令,
    所述至少一个处理器读取所述存储器中保存的程序指令后,使得所述应用设备执行以下操作:
    向量子设备发送密钥请求报文,所述密钥请求报文包括所述应用设备对应的用户标识、第一公钥以及第一消息认证码值,所述用户标识用于所述量子设备获取对应的存储信息,所述存储信息包括所述量子设备与所述用户标识对应的共享密钥,所述第一公钥用于所述量子设备对分配给所述应用设备的量子密钥信息加密,所述量子密钥信息包括量子密钥,所述第一公钥为所述应用设备运行后量子密钥生成算法得到的密钥对中的公钥,所述第一消息认证码值由所述应用设备基于所述共享密钥对第一认证信息计算得到,所述第一认证信息包括所述第一公钥;
    接收来自所述量子设备的所述密钥请求报文对应的密钥响应报文,所述密钥响应报文包括第一密文以及第二消息认证码值;
    基于所述共享密钥以及第二认证信息对所述第二消息认证码值进行验证,所述第二认证信息包括所述第一密文;
    如果所述应用设备对所述第二消息认证码值验证通过,采用第一私钥对所述第一密文解密以得到量子密钥信息,所述第一私钥为所述密钥对中的私钥。
  28. 根据权利要求27所述的应用设备,其特征在于,所述应用设备对应的用户标识为所述应用设备的设备标识,或者,所述应用设备对应的用户标识为登录所述应用设备的用户账号。
  29. 根据权利要求27或28所述的应用设备,其特征在于,所述密钥请求报文还包括第一统计值,所述程序指令被所述至少一个处理器读取后,使得所述应用设备还执行以下操作:
    在向所述量子设备发送密钥请求报文之前,获取包括所述用户标识的密钥请求报文的历史发送次数;
    在所述历史发送次数上增加设定递增值,得到所述第一统计值。
  30. 根据权利要求29所述的应用设备,其特征在于,所述密钥响应报文还包括第二统计值,所述第二统计值为所述量子设备记录的包括所述用户标识的密钥请求报文的发送次数,所述程序指令被所述至少一个处理器读取后,使得所述应用设备还执行以下操作:
    在接收到所述密钥响应报文之后,如果所述第二统计值与所述第一统计值不相等,停止量子密钥传输流程。
  31. 根据权利要求29或30所述的应用设备,其特征在于,所述第一认证信息还包括所述量子设备的设备标识、所述用户标识或所述第一统计值中的一个或多个。
  32. 根据权利要求27至31任一所述的应用设备,其特征在于,所述程序指令被所述至少一个处理器读取后,使得所述应用设备还执行以下操作:
    在向所述量子设备发送密钥请求报文之前,采用密钥派生函数基于目标口令生成派生密钥,所述共享密钥基于所述派生密钥得到。
  33. 根据权利要求32所述的应用设备,其特征在于,所述程序指令被所述至少一个处理器读取后,使得所述应用设备还执行以下操作:
    在向所述量子设备发送密钥请求报文之前,响应于获取到输入的量子密钥获取指令,运行所述后量子密钥生成算法生成所述密钥对,所述量子密钥获取指令包括所述目标口令;
    基于所述共享密钥对所述第一认证信息计算得到所述第一消息认证码值。
  34. 根据权利要求32或33所述的应用设备,其特征在于,所述程序指令被所述至少一个处理器读取后,使得所述应用设备还执行以下操作:
    在向所述量子设备发送密钥请求报文之前,向所述量子设备发送注册请求报文;
    接收来自所述量子设备的所述注册请求报文对应的注册响应报文,所述注册响应报文包括所述量子设备的证书,所述证书包括第二公钥;
    如果所述应用设备对所述证书验证通过,采用所述第二公钥对注册信息加密得到第二密文,所述注册信息包括所述派生密钥以及所述用户标识;
    向所述量子设备发送注册登记报文,所述注册登记报文包括所述第二密文。
  35. 根据权利要求34所述的应用设备,其特征在于,所述注册请求报文指示所述应用设备支持的密码算法,所述注册响应报文还指示所述量子设备从所述应用设备支持的密码算法中选择的目标密码算法,所述目标密码算法包括所述第一消息认证码值的生成算法、所述第二消息认证码值的生成算法或所述共享密钥的生成算法中的一个或多个。
  36. 根据权利要求34或35所述的应用设备,其特征在于,所述注册响应报文还包括密钥派生函数参数值,所述密钥派生函数参数值包括随机盐值和/或迭代次数,所述程序指令被所述至少一个处理器读取后,使得所述应用设备还执行以下操作:
    接收到所述注册响应报文之后,获取所述用户标识以及所述目标口令;
    采用所述密钥派生函数基于所述目标口令以及所述密钥派生函数参数值生成所述派生密 钥。
  37. 根据权利要求34至36任一所述的应用设备,其特征在于,所述注册登记报文还包括所述应用设备的设备标识,所述注册信息还包括所述应用设备的设备标识的哈希值。
  38. 根据权利要求34至37任一所述的应用设备,其特征在于,所述注册信息还包括所述应用设备生成的第一随机数,所述程序指令被所述至少一个处理器读取后,使得所述应用设备还执行以下操作:
    接收来自所述量子设备的注册成功响应报文,所述注册成功响应报文用于指示所述用户标识已注册成功,所述注册成功响应报文包括第二随机数;
    如果所述第二随机数与所述第一随机数相同,确定所述用户标识注册成功。
  39. 根据权利要求27至38任一所述的应用设备,其特征在于,所述程序指令被所述至少一个处理器读取后,使得所述应用设备执行以下操作:
    基于所述共享密钥对所述第二认证信息计算得到第三消息认证码值;
    如果所述第三消息认证码值与所述第二消息认证码值相同,确定对所述第二消息认证码值验证通过。
  40. 根据权利要求27至39任一所述的应用设备,其特征在于,所述应用设备与所述量子设备通过经典网络通信。
  41. 一种量子设备,其特征在于,包括:存储器、网络接口和至少一个处理器,
    所述存储器用于存储程序指令,
    所述至少一个处理器读取所述存储器中保存的程序指令后,使得所述量子设备执行以下操作:
    接收来自应用设备的密钥请求报文,所述密钥请求报文包括所述应用设备对应的用户标识、第一公钥以及第一消息认证码值;
    基于所述密钥请求报文获取第一认证信息以及所述用户标识对应的存储信息,所述存储信息包括所述量子设备与所述用户标识对应的共享密钥,所述第一认证信息包括所述第一公钥;
    基于所述共享密钥以及所述第一认证信息对所述第一消息认证码值进行验证;
    如果所述量子设备对所述第一消息认证码值验证通过,采用所述第一公钥对量子密钥信息加密得到第一密文,所述量子密钥信息包括量子密钥;
    基于所述共享密钥对第二认证信息计算得到第二消息认证码值,所述第二认证信息包括所述第一密文;
    向所述应用设备发送所述密钥请求报文对应的密钥响应报文,所述密钥响应报文包括所述第一密文以及所述第二消息认证码值。
  42. 根据权利要求41所述的量子设备,其特征在于,所述应用设备对应的用户标识为所 述应用设备的设备标识,或者,所述应用设备对应的用户标识为登录所述应用设备的用户账号。
  43. 根据权利要求41或42所述的量子设备,其特征在于,所述密钥请求报文还包括第一统计值,所述第一统计值为所述应用设备记录的包括所述用户标识的密钥请求报文的发送次数,所述存储信息包括第二统计值,所述第二统计值为所述量子设备记录的包括所述用户标识的密钥请求报文的发送次数,所述程序指令被所述至少一个处理器读取后,使得所述量子设备还执行以下操作:
    在获取所述用户标识对应的存储信息之后,如果所述第二统计值大于或等于所述第一统计值,停止量子密钥传输流程;
    如果所述第二统计值小于所述第一统计值,更新所述第二统计值,使更新后的第二统计值等于所述第一统计值。
  44. 根据权利要求43所述的量子设备,其特征在于,所述密钥响应报文还包括所述更新后的第二统计值。
  45. 根据权利要求43或44所述的量子设备,其特征在于,所述第二认证信息还包括所述量子设备的设备标识、所述用户标识或所述更新后的第二统计值中的一个或多个。
  46. 根据权利要求41至45任一所述的量子设备,其特征在于,所述程序指令被所述至少一个处理器读取后,使得所述量子设备还执行以下操作:
    接收来自所述应用设备的注册请求报文;
    向所述应用设备发送注册响应报文,所述注册响应报文包括所述量子设备的证书,所述证书包括第二公钥,所述第二公钥为所述量子设备运行后量子密钥生成算法得到的密钥对中的公钥;
    如果接收到来自所述应用设备的包括第二密文的注册登记报文,采用第二私钥对所述第二密文解密以得到注册信息,所述注册信息包括派生密钥以及所述应用设备对应的用户标识,所述第二私钥为所述密钥对中的私钥;
    存储所述用户标识对应的存储信息,所述存储信息包括基于所述派生密钥得到的所述共享密钥以及所述用户标识。
  47. 根据权利要求46所述的量子设备,其特征在于,所述注册请求报文指示所述应用设备支持的密码算法,所述注册响应报文还指示所述量子设备从所述应用设备支持的密码算法中选择的目标密码算法,所述目标密码算法包括所述第一消息认证码值的生成算法、所述第二消息认证码值的生成算法或所述共享密钥的生成算法中的一个或多个。
  48. 根据权利要求46或47所述的量子设备,其特征在于,所述注册响应报文还包括第一密钥派生函数参数值,所述第一密钥派生函数参数值包括随机盐值和/或迭代次数,所述注册信息还包括第二密钥派生函数参数值,所述程序指令被所述至少一个处理器读取后,使得所 述量子设备还执行以下操作:
    在得到所述注册信息之后,比对所述第一密钥派生函数参数值与所述第二密钥派生函数参数值;
    如果所述第一密钥派生函数参数值与所述第二密钥派生函数参数值相同,存储所述用户标识对应的存储信息。
  49. 根据权利要求46至48任一所述的量子设备,其特征在于,所述注册登记报文还包括所述应用设备的设备标识,所述注册信息还包括所述应用设备的设备标识的第一哈希值,所述程序指令被所述至少一个处理器读取后,使得所述量子设备还执行以下操作:
    在得到所述注册信息之后,计算所述应用设备的设备标识的第二哈希值;
    比对所述第一哈希值与所述第二哈希值;
    如果所述第一哈希值与所述第二哈希值相同,存储所述用户标识对应的存储信息。
  50. 根据权利要求46至49任一所述的量子设备,其特征在于,所述注册信息还包括所述应用设备生成的随机数,所述程序指令被所述至少一个处理器读取后,使得所述量子设备还执行以下操作:
    在存储所述用户标识对应的存储信息之后,向所述应用设备发送注册成功响应报文,所述注册成功响应报文用于指示所述用户标识已注册成功,所述注册成功响应报文包括所述随机数。
  51. 根据权利要求41至50任一所述的量子设备,其特征在于,所述程序指令被所述至少一个处理器读取后,使得所述量子设备执行以下操作:
    基于所述共享密钥对所述第一认证信息计算得到第四消息认证码值;
    如果所述第四消息认证码值与所述第一消息认证码值相同,确定对所述第一消息认证码值验证通过。
  52. 根据权利要求41至51任一所述的量子设备,其特征在于,所述应用设备与所述量子设备通过经典网络通信。
  53. 一种量子密钥传输系统,其特征在于,包括:第一应用设备和第一量子设备;
    所述第一应用设备用于向所述第一量子设备发送密钥请求报文,所述密钥请求报文包括所述第一应用设备对应的用户标识、第一公钥以及第一消息认证码值,所述第一公钥为所述第一应用设备运行后量子密钥生成算法得到的密钥对中的公钥,所述第一消息认证码值由所述第一应用设备基于所述量子设备与所述用户标识对应的共享密钥对第一认证信息计算得到,所述第一认证信息包括所述第一公钥;
    所述第一量子设备用于基于所述密钥请求报文获取所述第一认证信息以及所述用户标识对应的存储信息,所述存储信息包括所述共享密钥;
    所述第一量子设备用于基于所述共享密钥以及所述第一认证信息对所述第一消息认证码值进行验证;
    如果所述第一量子设备对所述第一消息认证码值验证通过,所述第一量子设备用于采用所述第一公钥对量子密钥信息加密得到第一密文,所述量子密钥信息包括量子密钥;
    所述第一量子设备用于基于所述共享密钥对第二认证信息计算得到第二消息认证码值,所述第二认证信息包括所述第一密文;
    所述第一量子设备用于向所述第一应用设备发送所述密钥请求报文对应的密钥响应报文,所述密钥响应报文包括所述第一密文以及所述第二消息认证码值;
    所述第一应用设备用于基于所述密钥响应报文获取所述第二认证信息;
    所述第一应用设备用于基于所述共享密钥以及所述第二认证信息对所述第二消息认证码值进行验证;
    如果所述第一应用设备对所述第二消息认证码值验证通过,所述第一应用设备用于采用第一私钥对所述第一密文解密以得到量子密钥信息,所述第一私钥为所述密钥对中的私钥。
  54. 根据权利要求53所述的系统,其特征在于,所述量子密钥信息还包括所述量子密钥的密钥标识,所述系统还包括第二应用设备和第二量子设备;
    所述第一量子设备还用于向所述第二量子设备发送所述量子密钥信息;
    所述第一应用设备还用于向所述第二应用设备发送所述密钥标识;
    所述第二应用设备用于向所述第二量子设备发送密钥获取请求,所述密钥获取请求包括所述密钥标识;
    所述第二量子设备用于基于所述密钥标识向所述第二应用设备发送所述量子密钥;
    所述第一应用设备与所述第二应用设备用于基于所述量子密钥进行通信。
  55. 根据权利要求54所述的系统,其特征在于,所述第一量子设备与所述第二量子设备通过量子网络通信,所述第一量子设备与所述第一应用设备通过经典网络通信,所述第二量子设备与所述第二应用设备通过经典网络通信,所述第一应用设备与所述第二应用设备通过经典网络通信。
  56. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有指令,当所述指令被应用设备的处理器执行时,实现如权利要求1至14任一所述的方法;或者,当所述指令被量子设备的处理器执行时,实现如权利要求15至26任一所述的方法。
PCT/CN2023/070073 2022-02-14 2023-01-03 量子密钥传输方法、装置及系统 WO2023151427A1 (zh)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN202210132323.0 2022-02-14
CN202210132323 2022-02-14
CN202210187877.0 2022-02-28
CN202210187877.0A CN116633530A (zh) 2022-02-14 2022-02-28 量子密钥传输方法、装置及系统

Publications (1)

Publication Number Publication Date
WO2023151427A1 true WO2023151427A1 (zh) 2023-08-17

Family

ID=87563621

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/070073 WO2023151427A1 (zh) 2022-02-14 2023-01-03 量子密钥传输方法、装置及系统

Country Status (1)

Country Link
WO (1) WO2023151427A1 (zh)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118300789A (zh) * 2024-06-05 2024-07-05 中国电信股份有限公司 基于量子密钥的通信方法及装置、存储介质及电子设备
CN118413389A (zh) * 2024-06-21 2024-07-30 正则量子(北京)技术有限公司 一种基于量子安全的零信任网络的访问方法及系统
CN118694528A (zh) * 2024-08-28 2024-09-24 中电信量子信息科技集团有限公司 在线证书签发与密钥对分发的抗量子安全增强方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108282329A (zh) * 2017-01-06 2018-07-13 中国移动通信有限公司研究院 一种双向身份认证方法及装置
CN112152817A (zh) * 2020-09-25 2020-12-29 国科量子通信网络有限公司 基于后量子密码算法进行认证的量子密钥分发方法及系统
CN113067699A (zh) * 2021-03-04 2021-07-02 深圳科盾量子信息科技有限公司 基于量子密钥的数据共享方法、装置和计算机设备
US11223470B1 (en) * 2020-03-06 2022-01-11 Wells Fargo Bank, N.A. Post-quantum cryptography side chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108282329A (zh) * 2017-01-06 2018-07-13 中国移动通信有限公司研究院 一种双向身份认证方法及装置
US11223470B1 (en) * 2020-03-06 2022-01-11 Wells Fargo Bank, N.A. Post-quantum cryptography side chain
CN112152817A (zh) * 2020-09-25 2020-12-29 国科量子通信网络有限公司 基于后量子密码算法进行认证的量子密钥分发方法及系统
CN113067699A (zh) * 2021-03-04 2021-07-02 深圳科盾量子信息科技有限公司 基于量子密钥的数据共享方法、装置和计算机设备

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LIBIN WANG, WEN WEIQIANG: "On the key exchange for post quantum era", JOURNAL OF XI'AN UNIVERSITY OF POSTS AND TELECOMMUNICATIONS, vol. 21, no. 1, 28 December 2016 (2016-12-28), pages 1 - 6, XP093082757 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118300789A (zh) * 2024-06-05 2024-07-05 中国电信股份有限公司 基于量子密钥的通信方法及装置、存储介质及电子设备
CN118413389A (zh) * 2024-06-21 2024-07-30 正则量子(北京)技术有限公司 一种基于量子安全的零信任网络的访问方法及系统
CN118694528A (zh) * 2024-08-28 2024-09-24 中电信量子信息科技集团有限公司 在线证书签发与密钥对分发的抗量子安全增强方法

Similar Documents

Publication Publication Date Title
EP3661120B1 (en) Method and apparatus for security authentication
CN109728909B (zh) 基于USBKey的身份认证方法和系统
CN110069918B (zh) 一种基于区块链技术的高效双因子跨域认证方法
US11533297B2 (en) Secure communication channel with token renewal mechanism
US20210367753A1 (en) Trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption
CN106104562B (zh) 机密数据安全储存和恢复系统及方法
US8670563B2 (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
US7992193B2 (en) Method and apparatus to secure AAA protocol messages
WO2023151427A1 (zh) 量子密钥传输方法、装置及系统
US20030196084A1 (en) System and method for secure wireless communications using PKI
CN110505055B (zh) 基于非对称密钥池对和密钥卡的外网接入身份认证方法和系统
CN101588245A (zh) 一种身份认证的方法、系统及存储设备
US20210167963A1 (en) Decentralised Authentication
CN111224784B (zh) 一种基于硬件可信根的角色分离的分布式认证授权方法
CN109525565B (zh) 一种针对短信拦截攻击的防御方法及系统
CN116633530A (zh) 量子密钥传输方法、装置及系统
EP4091080A1 (en) Sharing encrypted items with participants verification
CN112351037A (zh) 用于安全通信的信息处理方法及装置
CN111935213A (zh) 一种基于分布式的可信认证虚拟组网系统及方法
CN115473655B (zh) 接入网络的终端认证方法、装置及存储介质
CN110519222B (zh) 基于一次性非对称密钥对和密钥卡的外网接入身份认证方法和系统
CN117155564A (zh) 一种双向加密认证系统及方法
US20060053288A1 (en) Interface method and device for the on-line exchange of content data in a secure manner
JP2004274134A (ja) 通信方法並びにこの通信方法を用いた通信システム、サーバおよびクライアント
CN118300905B (zh) 基于保密认证模式的密文传输方法、装置、设备及介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23752207

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023752207

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2023752207

Country of ref document: EP

Effective date: 20240813