A kind of power special quantum encryption gateway system

A kind of power special quantum encryption gateway system

  • CN 103,475,464 B
  • Filed: 08/20/2013
  • Issued: 11/27/2018
  • Est. Priority Date: 08/20/2013
  • Status: Active Grant
First Claim
Patent Images

1. a kind of power special quantum encryption gateway system, which is characterized in that the system comprises pass through quantum link and gatewayThe power special quantum encryption gateway of managing device communication connection;

  • The power special quantum encryption gateway passes through the Quantum ChainRoad or classical link carry out coded communication;

    Quantum-key distribution device is integrally disposed in the power special quantum encryption gatewayOn;

    The classics link includes TCP/IP network channel, carrier channel, microwave channel and optical-fibre channel;

    The power special quantum encryption gateway includes user configuration interface parsing module, user authentication module, key agreement mouldBlock, data encrypting and deciphering module and communication interface modules;

    The key agreement mode of the key negotiation module include quantum mode andTraditional mode;

    The data encrypting and deciphering module supports SSX06, RSA and OTP Encryption Algorithm;

    The communication interface modules includes amountSub-key distributor special purpose interface;

    The traditional mode and the switching condition of the quantum mode are:





    When the key that the quantum-key distribution device generates is unable to satisfy the demand of the data encrypting and deciphering module, by measuringSubpattern switches to traditional mode;





    When user does not have the permission for starting the quantum mode, then default using traditional mode;





    User presets the key agreement mode by the key negotiation module;

    The quantum-key distribution device includes quantum key sending device and quantum key reception device;

    The quantum key hairSending device includes that quantum key sends controller, randomizer and quantum transmitter;

    The quantum key reception device packetIt includes quantum key and receives controller and quantum receiver;

    The quantum link includes by described in optical fiber or free space connectionQuantum key sending device and the quantum key reception device;

    The gateway management device include user authentication module, user right/certificate management module, quantum key management module andCommunication interface modules;

    User right/the certificate management module is used to manage the information of user and business application system, and defines permission and peaceQuan Xing, the user and the business application system for only meeting permission just allow close by the quantum link distribution securityKey;

    The quantum key management module includes key storing unit corresponding with the business application system;

    The quantum keyManagement module determines encryption key distribution mode by the key data record, and according to the industry for distributing and managing key data recordThe depletion rate of the key for application system of being engaged in, extracts the key from the key storing unit;

    The intergration model of the quantum-key distribution device includes vertical integration and horizontal integrating mode;

    The Vertical collectionMode is that the data encrypting and deciphering module and the quantum-key distribution device are integrated in the electric power special quantum densification networkInside the Pass;

    The horizontal integrating mode is that the data encrypting and deciphering module passes through the communication interface modules and the quantum key pointIt is communicated to connect with device;

    The quantum mode of the key agreement mode includes the following steps:

    1-1:

    The randomizer carries out photonic modulation to each photon that the quantum transmitter issues;

    The photon tuneSystem uses BB84 coding protocol;

    The modulation intelligence of the photonic modulation is sent the quantum key by the randomizerSend controller;

    The modulation intelligence includes coding base and coding protocol;

    1-2:

    The quantum receiver randomly chooses the coding base and measures to the received photon;

    The quantum receivesDevice sends the quantum key for measurement data and receives controller;

    1-3:

    The quantum key sends controller and the quantum key receives controller and carries out body by the classical linkShared code key is established after part certification and communication;

    The communication includes testing keys, negotiates error correction and secrecy amplification;

    The quantum link carries out coded communication:

    When not having direct-connected quantum link between gateway A and gateway B, gatewayManaging device PS-QKMC realizes the coded communication of gateway A and B gateway by establishing multistage key;

    Specially:

    Gateway management devicePS-QKMC passes through quantum link respectively and distributes one group of shared key, i.e. level-one key { KS } to gateway A and gateway B;

    Gateway A andGateway B establishes communication session keys, i.e. secondary key { WK } by level-one key { KS };

    Last gateway A and the dialogue-based key of B{ WK } completes secure communication process;

    The testing keys include:

    The measurement base of photon survey data is transferred to gateway B by classical link by gateway A;

    MeasurementBase includes horizontal/vertical base and diagonal base;

    One photon can only be measured with a measurement base, if using the survey of mistakeBase is measured, then measured value will completely random;

    Gateway A retains gateway B and uses the measured value of correct measurement base, and these are measuredValue gives gateway B by classical Link Feedback;

    To which gateway A and gateway B have the identical screening cipher key list of a string length;

    The negotiation error correction includes:

    Using BBSS, Cascade and Winnow algorithm sieves the cipher key list that there is " error code "Choosing;

    A part of key is disclosed before negotiating error correction, at random to assess the bit error rate;

    Whether there is Eve by bit error rate preliminary analysisIt is eavesdropped, if the bit error rate is less than 11.5%, then it is assumed that this communication security, otherwise it is assumed that having Eve eavesdropping, communication failure;

    The secrecy is amplified:

    Since Eve is there is also a lesser available correct bit of probability, work as legitimate userWhen carrying out in overt channel to base, Eve also available partial information;

    Therefore it needs to the cipher key list after negotiation error correctionMathematical treatment is carried out, removes the information of Eve acquisition by sacrificing part of key;

    The key negotiation module traditional mode includes the following steps:

    1), the randomizer of gateway A generates random number r1, and corresponds to the public key in certificate with gateway B and encrypted, simultaneouslySigned with private key, make Msg_A=Ecert_B (r1) | | Eskey | (H (r1)), and Msg_A is sent to gateway B;

    2) after, gateway B receives Msg_A, Msg_A is decrypted with the private key of this gateway, and verify the signature of gateway A, if signatureBe proved to be successful, gateway B using internal randomizer generation random number r2, and with gateway A correspond to the public key in certificate intoRow encryption, while being signed with private key, make Msg_B=Ecert_A (r2) | | Eskey | Msg_B is sent to net by (H (r2))Close A;

    3) after, gateway A receives Msg_B, Msg_B is decrypted with the private key of this gateway, and verify the signature of gateway B, if signatureIt is proved to be successful, synthesizes session key SK=r1 | r2, and make HASH operation makees Msg_C=H (r1 | r2), and Msg_C is sent toGateway B;

    4), gateway B equally makees HASH operation to synthesis key, makees Msg_D=H (r1 | r2), and whether compares Msg_C and Msg_DIdentical, if the same key agreement and certification are completed, into normal communication periods.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×