CN113489586A - VPN network system compatible with quantum key negotiation - Google Patents
VPN network system compatible with quantum key negotiation Download PDFInfo
- Publication number
- CN113489586A CN113489586A CN202110841198.6A CN202110841198A CN113489586A CN 113489586 A CN113489586 A CN 113489586A CN 202110841198 A CN202110841198 A CN 202110841198A CN 113489586 A CN113489586 A CN 113489586A
- Authority
- CN
- China
- Prior art keywords
- quantum
- quantum key
- key
- service
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a VPN network system compatible with quantum key negotiation, which comprises a quantum key application device (comprising an IPSec VPN gateway, an SSL VPN gateway, a cipher machine and an encryption application client), a random number service device, a virtual machine of a quantum node device, a safety isolation device, a virtual quantum link slicing service device and a quantum key service device. The quantum key application device can provide quantum service access and random number service for the quantum key application device through the user side quantum node, and the quantum key service device provides service for negotiating in real time and sharing the quantum key end to end based on the virtual quantum link slice. The system can realize real-time end-to-end quantum key negotiation and application, is a safe, efficient and flexible VPN network system compatible with quantum key negotiation, and has good scale application prospect.
Description
Technical Field
The invention relates to the technical field of quantum key service and VPN, in particular to a VPN network system compatible with quantum key negotiation.
Background
The VPN network is widely applied to e-government affairs, financial systems and the like, but an asymmetric cryptographic algorithm adopted by the VPN cannot resist quantum computing attack, and the security strength of the symmetrical cryptographic algorithm adopted by the VPN has certain vulnerability under the quantum computing attack, so that the improvement of the security of the VPN network has very important significance. At present, the improvement of the security of the VPN network by using the quantum key is an important technical direction, but since the quantum key distribution (QKD for short) network is a hardware infrastructure independent of the VPN network, the seamless adaptation between the quantum key distribution network and the QKD network becomes the key of the scale application. For example, the invention of the authorization publication No. CN 104660603B performs secure communication by processing negotiation of the quantum key and the IKE negotiation key in parallel, using the quantum key as the first session key to be preferentially used, and using the IKE negotiation key as the second session key. However, the IKE negotiation key uses an internet standard protocol, and quantum key negotiation requires quantum key distribution link network provisioning. The defects of inconvenient access of scale application, large difficulty in safety management of quantum key application and the like exist.
In order to realize the efficient adaptation of the QKD and the VPN network, the system adopts the virtual quantum link slice as the quantum key which is negotiated between the gateways of the VPN network in real time and is used for enhancing the communication security of the VPN network. The invention can provide quantum service authentication access and quantum random number service for the quantum key application device through the user side quantum service node, and negotiate end-to-end quantum key sharing in real time based on the virtual quantum link slice. The system can realize real-time end-to-end quantum key negotiation and application, is a safe, efficient and flexible VPN network system adopting the quantum key to improve the safety, and has good scale application prospect.
Disclosure of Invention
The invention provides a VPN network system compatible with quantum key negotiation, comprising: two or more quantum key application devices, at least one random number service device, virtual machines of two or more quantum node devices, a security isolation device, a virtual quantum link slice service device, a quantum key service device; the random number service device is used for providing random key grouping service for the quantum key application device and establishing corresponding service association; the virtual machine of the quantum node device is used for responding to the request of the quantum key application device or/and the quantum key service device, requesting service data from the quantum node device related to the virtual machine, and then sending the service data to the quantum key application device or/and the quantum key service device; the safety isolation device is used for carrying out safety detection and filtration on data flowing to or/and flowing out of the quantum node device; the virtual quantum link slice service device is used for managing the virtual quantum link slices and providing services; the quantum key service device is used for responding to a service request of the quantum key application device, selecting one or more associated exclusive-OR values in one or more virtual quantum link slices associated with the target quantum link from the virtual quantum link slice service device, acquiring parameters associated with the two target quantum key application devices, and negotiating and sharing a quantum key between the quantum key application devices based on the parameters; the quantum key application device carries out security enhancement on the shared quantum key and the session key negotiated by other methods to obtain a new session key, or preferentially adopts the shared quantum key as the session key.
Further, the above system further comprises: two or more quantum node devices; the quantum node device is used for negotiating quantum keys with adjacent quantum node devices in the target QKD network, and if the quantum node device is used as a credible relay node, the quantum node device participates in creating virtual quantum link slices, namely calculating the exclusive OR value of quantum key groups negotiated between the quantum node device and other two adjacent quantum node devices; the quantum node device is also for data communication with a virtual machine of its associated quantum node device.
The invention has the following innovations: the system negotiates a quantum key in real time based on a quantum node virtual machine and a virtual quantum link slice, and then performs security enhancement with a session key negotiated by other methods to obtain a new session key, or preferentially adopts the shared quantum key as the session key; the system can realize real-time end-to-end quantum key negotiation and application, is a safe, efficient and flexible VPN network system adopting the quantum key to improve the safety, and has good scale application prospect.
Drawings
Fig. 1 is a schematic diagram of a principle of an IPSec VPN system compatible with quantum key agreement according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an IPSec VPN network system compatible with quantum key agreement according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an SSL VPN network system compatible with quantum key negotiation according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly understood, the present invention is further described below with reference to the accompanying drawings and specific embodiments.
The following describes the system composition and the working principle of the present invention with reference to the schematic diagram of the principle of a quantum key negotiation compatible VPN network system provided by the embodiment of the present invention. As shown in fig. 1, the system includes, but is not limited to: random number serving devices a and B, virtual machines of logical isolation devices a and B, QKD _ a, virtual machines of QKD _ B, virtual quantum link slice serving devices (a virtual quantum link slice includes an exclusive or value of quantum key packets of any two associated quantum nodes with the same slice identity), quantum key serving devices, gateways a1, a2, B1, B2 (where gateways a1 and a2 are each initiating and responding to IPSec VPN gateways and gateways B1 and B2 are each initiating and responding to IPSec VPN gateways); in addition, fig. 1 also includes quantum node devices QKD _ a and QKD _ B, a relay node R of a quantum relay network; the connection relationship between the above devices is shown in fig. 1.
The random number service device A is used for providing random key grouping services for the gateways A1 and B1, and the random number service device B is used for providing random key grouping services for the gateways A2 and B2 and respectively creating corresponding service associations (each service association consists of a plurality of records, each record represents association information of one registered gateway, including but not limited to an ID identification of the gateway, an ID identification of an association server and residual information of a random number group); the QKD _ A virtual machine is used for the requests of the gateways A1 or/and B1, requests service data from the quantum node devices associated with the QKD _ A virtual machine, and sends the service data to the gateways A1 or/and B1; the safety isolation devices A and B are respectively used for carrying out safety detection and filtration on data flowing to or/and flowing out of the quantum node devices QKD _ A and QKD _ B; the virtual quantum link slice service device is used for managing the virtual quantum link slices and providing services; the quantum key service device is used for responding to a service request of the gateway, selecting one or more associated exclusive-or value data in one or more virtual quantum link slices associated with the target quantum link from the virtual quantum link slice service device, acquiring parameters associated with two target gateways, and negotiating and sharing a quantum key between the gateways based on the parameters; the two gateways perform privacy enhancement on the shared quantum key and the session key negotiated by other methods to obtain a new session key, or preferentially adopt the shared quantum key as the session key.
The specific working principle of the system is as follows: (1) a pretreatment stage: the quantum relay network generates a virtual quantum link slice and sends the virtual quantum link slice to a virtual quantum link slice service device; a node of the quantum base station network holds a quantum key packet associated with a virtual quantum link slice. For example, the quantum key group K1 is negotiated by QKD _ a and R, and the quantum key group K2 is negotiated by QKD _ B and R, then the corresponding virtual quantum link slice data is K1 ≦ K2 (where ≦ indicates an exclusive-or operation), and a virtual quantum link slice database is formed by a plurality of the exclusive-or values and slice identifiers thereof and sent to the virtual quantum link slice service device; QKD _ a and QKD _ B hold a corresponding plurality of quantum key packets K1 and K2, respectively, and their identifications. The random number service apparatus a provides a random number packet injection service for the gateways a1 and B1 (for convenience of description, it is assumed hereinafter that the gateway a1 is injected with a random number packet Ra 1), and the random number service apparatus B provides a random number packet injection service for the gateways a2 and B2 (for convenience of description, it is assumed hereinafter that the gateway a2 is injected with a random number packet Ra 2). (2) Negotiating end-to-end quantum key stages (taking gateways a1 and a2 as example initiating and responding to IPSec VPN gateways, respectively, and assuming that a certain service process uses the above virtual quantum link slice data of K1 ≦ K2, random number packets Ra1 and Ra 2): the gateway A1 requests the vector subkey service device to negotiate a shared quantum key with the gateway A2, and the quantum key service device acquires the QKD _ A and the QKD _ B associated with the gateway A1 and the gateway A2 by inquiring the service association information; the quantum key service device selects a target virtual quantum link slice data (assumed to be K1 ^ K2) from the slice library, transmits the slice identification of K1 ^ K2 and the ID information of the gateway A1 to the virtual machine of QKD _ A, transmits the slice identification of K1 ^ K2 and the ID information of the gateway A2 to the virtual machine of QKD _ B, and transmits the information to the virtual machines of QKD _ A and QKD _ B respectively; the QKD _ A selects a random number packet (Ra 1) of the gateway A1, calculates Ra1 and K1, and sends Ra1 and K1 to the quantum key service device through a virtual machine of the QKD _ A; the QKD _ B selects a random number packet (Ra 2) of the gateway A2, calculates Ra2 and K2, and then sends Ra2 and K2 to the quantum key service device through the virtual machine of the QKD _ B; the quantum key service device calculates (Ra1 ^ K1) × (Ra 2 ^ K2) × (K1 ^ K2) = Ra1 ^ Ra2, and sends Ra1 ^ Ra2 to gateways A1 and A2 respectively; the gateways a1 and a2 negotiate a shared key based on Ra1 Ra2 (e.g., if the gateways a1 and a2 negotiate Ra1 as the shared key, the gateway a2 calculates Ra1 Ra2 Ra2= Ra 1). The two gateways can perform security enhancement on the shared secret key and the session secret key negotiated by other methods to obtain a new session secret key, or preferentially adopt the shared secret key as the session secret key. Gateways a1 and a2 build a VPN network (e.g., VPN tunnel a in fig. 1) based on the session keys described above. With the same working principle, gateways B1 and B2 may also construct VPN networks (e.g., VPN tunnel B in fig. 1) based on the above working principle.
In a possible embodiment, based on the above working principle, the quantum key service device may select a plurality of target virtual quantum link slice data from the slice library at a time, and perform privacy enhancement based on the plurality of virtual quantum link slice data. For example, assuming that 3 xor values (for convenience, denoted as K _ a _1 ≦ K _ B _1, K _ a _2 ≦ K _ B _2, and K _ a _3 ≦ K _ B _3, where K _ a/B _ i is the ith quantum key grouping of the quantum node a/B) associated with QKD _ a and QKD _ B in 3 slices are selected, one shared key may be negotiated using the above method, respectively; or may calculate an exclusive or value of the 3 exclusive or values (i.e., K _ a _1 ≦ K _ b _1 ≦ K _ a _2 ≦ K _ b _2 ≦ K _ a _3 ≦ K _ b _ 3), and send the 3 slice identifiers and the ID information of the gateway a1 to the virtual machine of QKD _ a; sending the 3 slice identifications and the ID information of the gateway A2 to the virtual machine of QKD _ B; QKD _ a and QKD _ B calculate exclusive or values of the corresponding 3 quantum key packets and the corresponding random number packets, namely Ra1 ≧ K _ a _1 ≦ K _ a _2 ≦ K _ a _3, Ra2 ≦ K _ B _1 ≦ K _ B _2 ≦ K _ B _3, respectively, and transmit to the quantum key service apparatus, respectively; the quantum key service device obtains Ra1 and Ra2 through calculation, and negotiates a shared key by adopting the method. Obviously, based on the method, a plurality of security-equivalent virtual quantum link switching enhancement application methods can be obtained.
Such privacy enhancements include, but are not limited to, any one or more of the following: XOR operation, Hash operation, XOR operation and Hash operation.
In a possible embodiment, the quantum node devices QKD _ a and QKD _ B, the relay node R of the quantum relay network, may not be included on the basis of the above-described embodiments.
In one possible embodiment, replacing the gateway in the above embodiment with other peer-to-peer application terminals (including but not limited to cell phones or/and application software clients, cryptographic engines) results in other embodiments of the invention.
In one possible embodiment, in the above embodiments, the virtual machines of the quantum node device QKD _ a, the random number service device a, and the logical isolation device A, QKD _ a are integrated hardware devices. Accordingly, the virtual machines of the quantum node device QKD _ B, the random number service device B, and the logical isolation device B, QKD _ B are integrated hardware devices.
In one possible embodiment, in the above embodiments, the quantum node device QKD _ a, the random number service device a, the virtual machine of the logical isolation device A, QKD _ a, and the virtual quantum link slice service device are integrated hardware devices. Accordingly, the quantum node device QKD _ B, the random number service device B, the virtual machine of the logical isolation device B, QKD _ B, and the virtual quantum link slice service device are integrated hardware devices.
In one possible embodiment, in the above embodiments, the quantum node device QKD _ a, the random number service device a, the virtual machine of the logical isolation device A, QKD _ a, the virtual quantum link slice service device, and the quantum key service device are integrated hardware devices. Accordingly, the quantum node device QKD _ B, the random number service device B, the virtual machine of the logical isolation device B, QKD _ B, the virtual quantum link slicing service device, and the quantum key service device are integrated hardware devices.
In one possible embodiment, as shown in fig. 2, the virtual machines of the quantum node device QKD _ a, the random number service device a, and the logical isolation device A, QKD _ a in the above embodiments are integrated hardware devices (quantum base station a in fig. 2), and the virtual machines of the quantum node device QKD _ B, the random number service device B, and the logical isolation device B, QKD _ B in the above embodiments are integrated hardware devices (quantum base station B in fig. 2); the virtual quantum link slicing service device and the quantum key service device are integrated application devices (the quantum key service device in fig. 2, in which the functions of the virtual quantum link slicing service device are included).
In a possible embodiment, the logical separation means in the above embodiments is also used for security detection and filtering of data of the stream vector subkey application means.
In a possible embodiment, the gateways a1 and a2 in the above embodiments may be replaced by two ciphers or encryption application clients; the gateways a1, a2, B1 and B2 in the above embodiments may all be replaced by ciphers or encryption application clients. It should be noted that the number of cryptographic engines or cryptographic application clients and the pairing application relationship are only used to illustrate the working principle of the embodiment, and are not limited.
Fig. 3 shows an embodiment of the SSL VPN network system compatible with quantum key agreement provided in the present invention, which is obtained by replacing gateways a1, a2, B1, and B2 in the embodiment shown in fig. 2 with SSL VPN gateways, application terminals 301, 302, and 303, respectively. Based on the working principle in the above embodiment, the application terminals may negotiate a shared quantum key, and may also negotiate a shared quantum key between the application terminal and the SSL VPN gateway.
In any of the above embodiments, the number, pairing relationship, and the like of the devices such as the gateways and the quantum nodes are only used for illustrating the operation principle of the present invention, and are not limited, and all embodiments formed based on the operation principle fall within the protection scope of the present invention.
While the invention has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the invention. Accordingly, the specification and figures are merely exemplary of the invention as defined in the appended claims and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the invention. It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (8)
1. A VPN network system compatible with quantum key agreement, comprising two or more quantum key application devices, at least one random number service device, virtual machines of two or more quantum node devices, a security isolation device, a virtual quantum link slicing service device, a quantum key service device, characterized in that:
the random number service device is used for providing random key grouping service for the quantum key application device and establishing corresponding service association;
the virtual machine of the quantum node device is used for responding to the request of the quantum key application device or/and the quantum key service device, requesting service data from the quantum node device related to the virtual machine, and then sending the service data to the quantum key application device or/and the quantum key service device;
the safety isolation device is used for carrying out safety detection and filtration on data flowing to or/and flowing out of the quantum node device;
the virtual quantum link slice service device is used for managing the virtual quantum link slices and providing services;
the quantum key service device is used for responding to a service request of the quantum key application device, selecting one or more pieces of associated data in one or more virtual quantum link slices associated with the target quantum link from the virtual quantum link slice service device, acquiring parameters associated with the two target quantum key application devices, and negotiating and sharing a quantum key between the quantum key application devices based on the parameters; the quantum key application device carries out security enhancement on the shared quantum key and the session key negotiated by other methods to obtain a new session key, or preferentially adopts the shared quantum key as the session key.
2. The quantum key agreement-compatible VPN network system according to claim 1, comprising: two or more quantum node devices, wherein a quantum node device is configured to negotiate a quantum key with an adjacent quantum node device in the target QKD network, the quantum node device participating in creating a virtual quantum link slice if the quantum node device is used as a trusted relay node.
3. The quantum key agreement-compatible VPN network system according to claim 1 or 2, wherein the random number service means and the quantum node means are integrated into one hardware system.
4. The quantum key agreement-compatible VPN network system according to claim 1 or 2, wherein the random number service device, the quantum node device and the virtual machine of the quantum node device are integrated into a hardware system, and the hardware system is provided with a logical partition for implementing the logical partition between the random number service device, the quantum node device and the virtual machine of the quantum node device.
5. The quantum key agreement-compatible VPN network system according to claim 2, wherein the quantum node device is integrated with the random number service device, the quantum key service device and the security isolation device in a hardware system, and the logic isolation device is configured to implement logic isolation between the random number service device, the quantum node device and the quantum key service device.
6. The quantum key agreement-compatible VPN network system according to claim 1, wherein the virtual quantum link slicing service device and the quantum key service device are integrated into one application software or hardware device.
7. The quantum-key-agreement-compatible VPN network system according to claim 1, wherein said two or more quantum-key application devices comprise any of: two or more IPSec VPN gateways, two or more cipherers, two or more encrypted application clients, one SSL VPN gateway, and a plurality of application terminals.
8. The quantum key agreement-compatible VPN network system according to claim 1, wherein the random number service device comprises an offline service interface or/and an online service interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110841198.6A CN113489586B (en) | 2021-07-26 | 2021-07-26 | VPN network system compatible with quantum key negotiation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110841198.6A CN113489586B (en) | 2021-07-26 | 2021-07-26 | VPN network system compatible with quantum key negotiation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113489586A true CN113489586A (en) | 2021-10-08 |
| CN113489586B CN113489586B (en) | 2023-01-31 |
Family
ID=77943435
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110841198.6A Active CN113489586B (en) | 2021-07-26 | 2021-07-26 | VPN network system compatible with quantum key negotiation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113489586B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114040390A (en) * | 2021-11-17 | 2022-02-11 | 国网福建省电力有限公司 | 5G virtual business key library distribution method based on quantum security |
| CN114285571A (en) * | 2022-03-03 | 2022-04-05 | 成都量安区块链科技有限公司 | Method, gateway device and system for using quantum key in IPSec protocol |
| CN114584298A (en) * | 2022-03-03 | 2022-06-03 | 成都量安区块链科技有限公司 | Quantum security SSL protocol application method and system |
Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040184603A1 (en) * | 2003-03-21 | 2004-09-23 | Pearson David Spencer | Systems and methods for quantum cryptographic key transport |
| JP2007116216A (en) * | 2005-10-18 | 2007-05-10 | Hitachi Ltd | Quantum authentication method and system |
| CN101931527A (en) * | 2010-07-23 | 2010-12-29 | 北京邮电大学 | Single photon beam-splitting attack method for counter-intuitive quantum key distribution system |
| US20110188659A1 (en) * | 2008-09-10 | 2011-08-04 | Mimos Berhad | Method of integrating quantum key distribution with internet key exchange protocol |
| CN102946313A (en) * | 2012-10-08 | 2013-02-27 | 北京邮电大学 | Model and method for user authentication for quantum key distribution network |
| CN103441839A (en) * | 2013-08-15 | 2013-12-11 | 国家电网公司 | Method and system for using quantum cryptography in safe IP communication |
| CN103490891A (en) * | 2013-08-23 | 2014-01-01 | 中国科学技术大学 | Method for updating and using secret key in power grid SSL VPN |
| CN104486316A (en) * | 2014-12-08 | 2015-04-01 | 国家电网公司 | Quantum key classification providing method for improving electric power data transmission security |
| CN107147492A (en) * | 2017-06-01 | 2017-09-08 | 浙江九州量子信息技术股份有限公司 | A kind of cipher key service System and method for communicated based on multiple terminals |
| CN107453868A (en) * | 2017-09-01 | 2017-12-08 | 中国电子科技集团公司第三十研究所 | A kind of safe and efficient quantum key method of servicing |
| CN107769912A (en) * | 2016-08-16 | 2018-03-06 | 广东国盾量子科技有限公司 | A kind of quantum key chip and the encipher-decipher method based on quantum key chip |
| CN107809314A (en) * | 2017-12-01 | 2018-03-16 | 浙江九州量子信息技术股份有限公司 | One kind is based on quantum shared key data ciphering method |
| CN207490944U (en) * | 2017-07-31 | 2018-06-12 | 浙江神州量子网络科技有限公司 | A kind of safe communication system based on SIP quantum network phones |
| CN108173652A (en) * | 2018-02-12 | 2018-06-15 | 武汉三江航天网络通信有限公司 | IPSec VPN cipher machines based on quantum key distribution |
| CN108510270A (en) * | 2018-03-06 | 2018-09-07 | 成都零光量子科技有限公司 | A kind of move and transfer accounts method of quantum safety |
| CN109194477A (en) * | 2018-11-12 | 2019-01-11 | 中共中央办公厅电子科技学院 | The access node device of quantum secret communication network system and communications network system including the device |
| CN109995513A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key Information Mobile Service method of low latency |
| CN109995514A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of safe and efficient quantum key Information Mobile Service method |
| CN109995519A (en) * | 2017-12-31 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key traffic service method and system |
| CN110661620A (en) * | 2019-09-06 | 2020-01-07 | 成都量安区块链科技有限公司 | Shared key negotiation method based on virtual quantum link |
| US20210226782A1 (en) * | 2020-01-22 | 2021-07-22 | Cisco Technology, Inc. | Quantum computer resistant pre-shared key distribution for large scale wide area network solutions |
-
2021
- 2021-07-26 CN CN202110841198.6A patent/CN113489586B/en active Active
Patent Citations (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040184603A1 (en) * | 2003-03-21 | 2004-09-23 | Pearson David Spencer | Systems and methods for quantum cryptographic key transport |
| JP2007116216A (en) * | 2005-10-18 | 2007-05-10 | Hitachi Ltd | Quantum authentication method and system |
| US20110188659A1 (en) * | 2008-09-10 | 2011-08-04 | Mimos Berhad | Method of integrating quantum key distribution with internet key exchange protocol |
| CN101931527A (en) * | 2010-07-23 | 2010-12-29 | 北京邮电大学 | Single photon beam-splitting attack method for counter-intuitive quantum key distribution system |
| CN102946313A (en) * | 2012-10-08 | 2013-02-27 | 北京邮电大学 | Model and method for user authentication for quantum key distribution network |
| CN103441839A (en) * | 2013-08-15 | 2013-12-11 | 国家电网公司 | Method and system for using quantum cryptography in safe IP communication |
| CN103490891A (en) * | 2013-08-23 | 2014-01-01 | 中国科学技术大学 | Method for updating and using secret key in power grid SSL VPN |
| CN104486316A (en) * | 2014-12-08 | 2015-04-01 | 国家电网公司 | Quantum key classification providing method for improving electric power data transmission security |
| CN107769912A (en) * | 2016-08-16 | 2018-03-06 | 广东国盾量子科技有限公司 | A kind of quantum key chip and the encipher-decipher method based on quantum key chip |
| CN107147492A (en) * | 2017-06-01 | 2017-09-08 | 浙江九州量子信息技术股份有限公司 | A kind of cipher key service System and method for communicated based on multiple terminals |
| CN207490944U (en) * | 2017-07-31 | 2018-06-12 | 浙江神州量子网络科技有限公司 | A kind of safe communication system based on SIP quantum network phones |
| CN107453868A (en) * | 2017-09-01 | 2017-12-08 | 中国电子科技集团公司第三十研究所 | A kind of safe and efficient quantum key method of servicing |
| CN107809314A (en) * | 2017-12-01 | 2018-03-16 | 浙江九州量子信息技术股份有限公司 | One kind is based on quantum shared key data ciphering method |
| CN109995513A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key Information Mobile Service method of low latency |
| CN109995514A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of safe and efficient quantum key Information Mobile Service method |
| CN109995519A (en) * | 2017-12-31 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key traffic service method and system |
| CN108173652A (en) * | 2018-02-12 | 2018-06-15 | 武汉三江航天网络通信有限公司 | IPSec VPN cipher machines based on quantum key distribution |
| CN108510270A (en) * | 2018-03-06 | 2018-09-07 | 成都零光量子科技有限公司 | A kind of move and transfer accounts method of quantum safety |
| CN109194477A (en) * | 2018-11-12 | 2019-01-11 | 中共中央办公厅电子科技学院 | The access node device of quantum secret communication network system and communications network system including the device |
| CN110661620A (en) * | 2019-09-06 | 2020-01-07 | 成都量安区块链科技有限公司 | Shared key negotiation method based on virtual quantum link |
| US20210226782A1 (en) * | 2020-01-22 | 2021-07-22 | Cisco Technology, Inc. | Quantum computer resistant pre-shared key distribution for large scale wide area network solutions |
Non-Patent Citations (2)
| Title |
|---|
| DONG PAN: "《Single-Photon-Memory_Two-Step_Quantum_Secure_Direct_Communication_Relying_on_Einstein-Podolsky-Rosen_Pairs》", 《 IEEE ACCESS》 * |
| 陈晖: "《一个新型的量子密钥服务体系架构》", 《中国电子科学研究院学报》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114040390A (en) * | 2021-11-17 | 2022-02-11 | 国网福建省电力有限公司 | 5G virtual business key library distribution method based on quantum security |
| CN114040390B (en) * | 2021-11-17 | 2023-05-09 | 国网福建省电力有限公司 | Quantum security-based 5G virtual quotient key library distribution method |
| CN114285571A (en) * | 2022-03-03 | 2022-04-05 | 成都量安区块链科技有限公司 | Method, gateway device and system for using quantum key in IPSec protocol |
| CN114584298A (en) * | 2022-03-03 | 2022-06-03 | 成都量安区块链科技有限公司 | Quantum security SSL protocol application method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113489586B (en) | 2023-01-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113489586B (en) | VPN network system compatible with quantum key negotiation | |
| US8788805B2 (en) | Application-level service access to encrypted data streams | |
| WO2009060283A1 (en) | Method and apparatus for secure communication | |
| CA2703719A1 (en) | Method and system for secure session establishment using identity-based encryption (vdtls) | |
| CN111262699A (en) | Quantum security key service method and system | |
| WO2011041962A1 (en) | Method and system for end-to-end session key negotiation which support lawful interception | |
| WO2017075134A1 (en) | Key management for privacy-ensured conferencing | |
| US20220263811A1 (en) | Methods and Systems for Internet Key Exchange Re-Authentication Optimization | |
| CN114285571A (en) | Method, gateway device and system for using quantum key in IPSec protocol | |
| CN111935213A (en) | Distributed trusted authentication virtual networking system and method | |
| CN115514474A (en) | Industrial equipment trusted access method based on cloud-edge-end cooperation | |
| CN107493294B (en) | Safe access and management control method of OCF (optical clock and frequency conversion) equipment based on asymmetric encryption algorithm | |
| Yang et al. | A trust and privacy preserving handover authentication protocol for wireless networks | |
| US20240072996A1 (en) | System and method for key establishment | |
| Yang et al. | FHAP: Fast Handover Authentication Protocol for High-Speed Mobile Terminals in 5G Satellite-Terrestrial Integrated Networks | |
| Park et al. | Survey for secure IoT group communication | |
| CN102739660A (en) | Key exchange method for single sign on system | |
| CN115459913A (en) | Quantum key cloud platform-based link transparent encryption method and system | |
| CN114386020A (en) | Quick secondary identity authentication method and system based on quantum security | |
| CN114268441A (en) | Quantum security application method, client device, server device and system | |
| CN114362938A (en) | Key management dynamic route generation network architecture and method for quantum communication | |
| CN113746861A (en) | Data transmission encryption and decryption method and encryption and decryption system based on state encryption technology | |
| Marksteiner et al. | On the Resilience of a QKD Key Synchronization Protocol for IPsec | |
| Niewolski et al. | Security architecture for authorized anonymous communication in 5G MEC | |
| Zhao et al. | Design and formal verification of a vanet lightweight authentication protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |